Age | Commit message (Collapse) | Author | Files | Lines |
|
leads to a double-free in wtap_close. Fix all the instances I found via
manual code review, and add a brief comment to the list of open routines in
file_access.c
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8518
svn path=/trunk/; revision=48552
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
svn path=/trunk/; revision=45649
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
svn path=/trunk/; revision=42998
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
allocate a huge buffer.
svn path=/trunk/; revision=40170
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
file_read() return value. Use wtap_file_read_expected_bytes() in a
number of places.
svn path=/trunk/; revision=37054
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
svn path=/trunk/; revision=36340
|
|
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
|
|
structure.
svn path=/trunk/; revision=32563
|
|
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
|
|
svn path=/trunk/; revision=28144
|
|
Added support for HPVM (Integrity Virtual Machines) guest AVIO (Accelerated Virtual IO) driver IGSSN.
Cleaned up the trace record checks.
Made the default ethernet if the nettl subsystem is not recognized.
svn path=/trunk/; revision=27549
|
|
svn path=/trunk/; revision=25257
|
|
Added support for HPVM (Integrity Virtual Machines) guest AVIO (Accelerated Virtual IO)
driver IGSSN and 2nd generation 10 Gigabit Ethernet adapter AD386A driver ICXGBE.
svn path=/trunk/; revision=24926
|
|
Add support for the new NS_LS_SCTP tracing subsystem.
svn path=/trunk/; revision=23290
|
|
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
|
|
Fix some nettl encap types and size checks
svn path=/trunk/; revision=20252
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
files, and to clean the code up a bit - and incorporate some fixes to
the rework, and other fixes, from Mark C. Brown.
svn path=/trunk/; revision=18945
|
|
structure. Instead of making the host_name field bigger, make the thing
we put in it smaller.
Use that structure when reading files as well as when writing them.
svn path=/trunk/; revision=18796
|
|
Bufferoverflow caused by ethereal->wireshark rename
(ws is 1 char longer).
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1015
svn path=/trunk/; revision=18794
|
|
svn path=/trunk/; revision=18369
|
|
svn path=/trunk/; revision=18268
|
|
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
signed vs. unsigned compiler warnings.
svn path=/trunk/; revision=14873
|
|
fail after the private data is allocated, you have to free the private
data).
The file header in nettl files is 128 bytes - use a #define for it, and
also a #define for the magic number size.
svn path=/trunk/; revision=14553
|
|
Fixes for LAP-B (SX25L2) and X.25 (SX25L3) nettl trace records.
svn path=/trunk/; revision=14385
|
|
svn path=/trunk/; revision=14025
|
|
svn path=/trunk/; revision=13999
|
|
svn path=/trunk/; revision=13267
|
|
fix FDDI to use correct bit swapped encap;
tweak file open code to guess at file encap so merge works
better.
svn path=/trunk/; revision=12351
|
|
svn path=/trunk/; revision=12299
|
|
ICMPv6 encapsulations.
svn path=/trunk/; revision=12279
|
|
svn path=/trunk/; revision=12275
|
|
svn path=/trunk/; revision=12274
|
|
svn path=/trunk/; revision=12258
|
|
and make a small performance fix to HP-PB FDDI.
svn path=/trunk/; revision=12218
|
|
svn path=/trunk/; revision=12202
|
|
don't have any code to handle it (other than to report that fact...).
Also, refer to the subsystem type code as such, not as a "network type".
svn path=/trunk/; revision=12178
|