| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
value.
svn path=/trunk/; revision=27113
|
|
svn path=/trunk/; revision=27099
|
|
back to libwiretap for now, as it's inherently tied to reading libpcap
files; at some point we might want to have pcap-reading (and
pcap-ng-reading?) code in a separate library, for use by, for example,
dumpcap (and rawshark?).
svn path=/trunk/; revision=27076
|
|
initialize the P2P direction. This keeps Valgrind from complaining.
svn path=/trunk/; revision=26765
|
|
Endace ERFII (extension header) support.
svn path=/trunk/; revision=26287
|
|
libwsutil.
svn path=/trunk/; revision=26233
|
|
Implement dissector for IPMB (DLT_IPMB_LINUX, 209).
svn path=/trunk/; revision=25986
|
|
address, tcpdump-workers@lists.tcpdump.org.
svn path=/trunk/; revision=25396
|
|
new WTAP_ENCAP files(X2E Xoraya serial frame and X2E Xoraya frame )
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2418
svn path=/trunk/; revision=25154
|
|
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
|
|
IEEE 802.15.4 dissector and DLT_ type.
svn path=/trunk/; revision=24564
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1970 (pending review)
svn path=/trunk/; revision=24463
|
|
svn path=/trunk/; revision=24119
|
|
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
|
|
Error message when capturing too short WTAP_ENCAP_USB_LINUX type packets
contains a copy-paste typo.
From me:
Fix some addresses in AUTHORS.
svn path=/trunk/; revision=23882
|
|
no-longer-needed wiretap/wtap-capture.h.
Clean up wiretap/libwiretap.vcproj (note: this isn't going to scale, if
it has to contain a list of all the files, as most committers will be
editing only Makefile.common files).
svn path=/trunk/; revision=23803
|
|
Fix indentation.
svn path=/trunk/; revision=23798
|
|
svn path=/trunk/; revision=23691
|
|
When trying to open a pcap file with the new pseudo-header/DLT (using SVN
version, changelist 23283) I get the error message:
"libpcap: ERF file has a 13-byte packet, too small to have even an ERF
pseudo-header".
After reviewing Paolo's patch I found that there are 2 places with missing
breaks in switch case structures.
svn path=/trunk/; revision=23298
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
|
|
This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
|
|
tshark can read a HP-UX nettl IP packet dump (written with 'nettl -traceon all
-entity ns_ls_ip -file dump'), but cannot convert it to a pcap raw IP packet
dump, with 'tshark -r dump.nettl -w dump.pcap'. A single-line patch to
wiretap/libpcap.c makes it possible to do this.
The input file uses encapsulation type WTAP_ENCAP_NETTL_RAW_IP.
svn path=/trunk/; revision=22849
|
|
http://www.cacetech.com/documents/PPI_Header_format_1.0.pdf .
svn path=/trunk/; revision=22094
|
|
svn path=/trunk/; revision=21971
|
|
possibly-unaligned pointers, and turn on -Wcast-align so at least some
future code that does that will fail to compile.
svn path=/trunk/; revision=21968
|
|
to actually call this (aka to handle the ambiguities of DLT values).
svn path=/trunk/; revision=21427
|
|
wiretap
remove all compiler warnings:
a) prevent wrong malloc/free definitions by lex/yacc generated files
b) add int/time_t casts - MSVC2005 is more "sensitive" about this than MSVC6
svn path=/trunk/; revision=21078
|
|
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
|
|
files.
svn path=/trunk/; revision=20338
|
|
what a DLT_ value of 187 is.
svn path=/trunk/; revision=20004
|
|
Check for an invalid channel frequency. Pass the channel, data rate,
and quality to the 802.11 dissector, so that they show up there
as well. Clean up whitespace.
svn path=/trunk/; revision=19878
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
the attached patch add support for the recently introduced pcap
bluetooth data link type. Yes, pcap is going to support also bluetooth
devices (at least on Linux) :-)
svn path=/trunk/; revision=19513
|
|
USB dissector
svn path=/trunk/; revision=19480
|
|
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
|
|
svn path=/trunk/; revision=18230
|
|
svn path=/trunk/; revision=18206
|
|
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17450
|
|
svn path=/trunk/; revision=16857
|
|
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
|
|
has a checkbox "Compress with gzip"
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
|
|
resolution (currently supported by Ethereal only). Support for both read and write was added.
The file format stays the same as the common libpcap format, only the lower part of the timestamp field uses nanoseconds instead of microseconds.
This file format uses the libpcap magic number 0xa1b23c4d.
svn path=/trunk/; revision=15623
|
|
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
- add support for Multi-Link Frame-Relay (FRF.15) captures
taken on Juniper ML-, LS-, AS- PICs.
- rework of the common juniper header dissector:
test the extension flag (0x80) which indicates that there are
meta-information like interface-index, interface-name etc.
present
- minor bugfix (LSQ L3-proto masks, direction masks were broken)
svn path=/trunk/; revision=15316
|
|
support for support for DLT_JUNIPER_MLPPP
svn path=/trunk/; revision=14994
|
|
fail after the private data is allocated, you have to free the private
data).
The file header in nettl files is 128 bytes - use a #define for it, and
also a #define for the magic number size.
svn path=/trunk/; revision=14553
|
|
Oolan Zimmer <ethereal@gcom.com>
svn path=/trunk/; revision=14362
|
|
support for Juniper PPPOE encapsulation
svn path=/trunk/; revision=14346
|
|
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
|
