Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=27683
|
|
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
|
|
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
|
|
svn path=/trunk/; revision=27156
|
|
No we can decode those winmail.dat files.
svn path=/trunk/; revision=26864
|
|
Fix a final eth_fopen -> ws_fopen
When configuring with --without-zlib these functions need to have some parameters tagged _U_
svn path=/trunk/; revision=26212
|
|
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
|
|
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
|
|
Format" - this is incomplete and buggy, be careful!
svn path=/trunk/; revision=24079
|
|
svn path=/trunk/; revision=23594
|
|
per enhancement bug #1795.
svn path=/trunk/; revision=23558
|
|
This patch adds support for the Juniper NetScreen snoop output format.
It takes a text-dump op the captured packets and parses the headers
and hex-data. Since the snoop files on a Junpiper NetScreen can be saved
to a tftp-server, this patch makes it quite easy to use the snoop
function of the Juniper NetScreen firewalls.
/* XXX TODO:
*
* o Create a wiki-page with instruction on how to make tracefiles
* on Juniper NetScreen devices. Also put a few examples up
* on the wiki (Done: wiki-page added 2007-08-03)
*
* o Use the interface names to properly detect the encapsulation
* type (ie adsl packets are now not properly dissected)
* (Done: adsl packets are now correctly seen as PPP, 2007-08-03)
*
* o Pass the interface names and the traffic direction to either
* the frame-structure, a pseudo-header or use PPI. This needs
* to be discussed on the dev-list first
* (Posted a message to wireshark-dev abou this 2007-08-03)
*
*/
svn path=/trunk/; revision=22533
|
|
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
|
|
the new file type.
Add few functions to wiretap's exported API.
svn path=/trunk/; revision=22060
|
|
variable access
svn path=/trunk/; revision=21689
|
|
So far I've done only regression testing (the new functionality and what's in wtap-plugins.c has not yet being tested).
it is a first step in the way to have lua opening files.
svn path=/trunk/; revision=21686
|
|
svn path=/trunk/; revision=21651
|
|
Wiretap support to read MPEG files
svn path=/trunk/; revision=21112
|
|
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
".pcap") to wiretap
sort file types in alphabetical order, but keep the libpcap like entries at the start
svn path=/trunk/; revision=18562
|
|
svn path=/trunk/; revision=18369
|
|
svn path=/trunk/; revision=18206
|
|
format but still useful for dissecting arbitrary BER/DER ASN.1.
svn path=/trunk/; revision=18110
|
|
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
|
|
least try to flush it
svn path=/trunk/; revision=17326
|
|
tethereal internally converted the stdout capture filename "-" into "" which doesn't make any real sense and only complicated things.
To make things even more confusing, wiretap expected "" for dump output and "-" for offline reading ...
svn path=/trunk/; revision=16962
|
|
able to write capture files to stdout using -w -
svn path=/trunk/; revision=16958
|
|
Add Support for reading of IBM iSeries (AS/400) Comms traces
svn path=/trunk/; revision=16588
|
|
argument, rather than requiring the caller to get the open() flag and
the fopen() flag in sync. That also means that if we're *not* using
libz, it can just be a wrapper around eth_fopen().
We need to include <fcntl.h>, at least on UN*X, to get open() declared
and the O_ flags defined.
svn path=/trunk/; revision=16409
|
|
necessary for the switch to GTK 2.6 (at least on WIN32).
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
|
|
has a checkbox "Compress with gzip"
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
|
|
resolution (currently supported by Ethereal only). Support for both read and write was added.
The file format stays the same as the common libpcap format, only the lower part of the timestamp field uses nanoseconds instead of microseconds.
This file format uses the libpcap magic number 0xa1b23c4d.
svn path=/trunk/; revision=15623
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
these, ethereal does)
- change k12.atm.vci and k12.atm.vpi into atm.vci and atm.vpi
svn path=/trunk/; revision=14682
|
|
There is still much to do, but at the very least it can import files allowing the user to choose which protocols handle the diferent sources.
svn path=/trunk/; revision=14606
|
|
"ETHERWATCH").
svn path=/trunk/; revision=13567
|
|
standard input. Opening it for random access isn't supported; we add a
new error for that.
svn path=/trunk/; revision=13189
|
|
svn path=/trunk/; revision=12258
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
<fcntl.h> is included, as <fcntl.h> doesn't define it.
svn path=/trunk/; revision=11276
|
|
other #include related cleanups
svn path=/trunk/; revision=11272
|
|
on Windows.
svn path=/trunk/; revision=10717
|
|
svn path=/trunk/; revision=10038
|
|
The MediaType field seems to be 0 for the Ethernet captures; however,
the MediaSubType field is different.
The fields in the header are different - we can't use hard-coded offsets
for the fields, we have to process them as a sequence of tag/value
items.
Rename some routines to use the same naming convention as the V9 open
routine rather than the same convention as the V5/V6/V7 read and
seek/read routines.
svn path=/trunk/; revision=9990
|
|
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
|
|
file format (AiroPeek 2.x).
svn path=/trunk/; revision=9144
|
|
svn path=/trunk/; revision=9126
|
|
files.
svn path=/trunk/; revision=8900
|
|
capture files.
svn path=/trunk/; revision=8840
|