Age | Commit message (Collapse) | Author | Files | Lines |
|
handle files > 2GB correct.
Please distclean Win32 builds!
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@19814 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@15534 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@15520 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11400 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
set "*err" to 0, rather than leaving what random value happened to be in
"*err" there.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11158 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
rather than requiring individual capture file type handlers to do it
(unless they're doing per-packet encapsulation, in which case we check
to make sure they didn't *leave* it as WTAP_ENCAP_PER_PACKET).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10290 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9852 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Move addional warnings from extra-gcc-checks to normal compilation flags
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@9826 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8574 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
length of the packet, and the second two bytes are the captured length
of the packet. The old "length" value appears to be the captured length
of the packet as well; perhaps it's to be interpreted as the number of
bytes of data following the packet header (just in case there's padding,
for example).
Treat "ATM/", as an encapsulation string, as RFC 1483 ATM. (It may
actually be raw ATM, but the only capture I've seen had, in the parts I
saw, only RFC 1483 traffic LLC/SNAP traffic.)
There are 8 bytes in front of the LLC/SNAP header in ATM captures; skip
them, for now. (Perhaps they're a pseudo-header, giving VPI/VCI
information and stuff such as that? Or perhaps that's in the record
header?)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6871 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
use : 42:f9:02:34:12:66:22:88 instead of 42:d2:00:34:12:66:22:88
We should accept both (perhaps bytes 2 and 3 are a version number ?)
- the code which looks for the "capture start time" is wrong.
Apparently, we should look for the string "Active Time" in the file.
The "frame_date" structure which contains the capture start time is
found 32 bytes before this string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6794 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6115 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
All files:
- Replace types from sys/types.h by those from glib.h
- Replace ntoh family of macros from netinet/in.h and winsock2.h
by g_ntoh family from glib.h
- Remove now unneeded includes of sys/types.h, netinet/in.h and
winsock2.h
wtap.h
Move includes to the top
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5909 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the internal z_err value for the stream if an "fseek()" call it makes
fails, so that if "gzerror()" is subsequently called, it returns Z_OK
rather than an error.
To work around this, we pass "file_seek()" an "int *err", and have the
with-zlib version of "file_seek()" check, if "gzseek()" fails, whether
the return value of "file_error()" is 0 and, if so, have it return
"errno" instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5642 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"struct x25_phdr" to "wiretap/wtap.h".
Have two X.25 dissectors, one of which assumes that there's a "struct
x25_phdr" pseudo-header and one of which doesn't; the former uses the
information in that pseudo-header to determine whether the packet is
DTE->DCE or DCE->DTE, and the latter assumes it has no clue whether the
packet is DTE->DCE or DCE->TDE. Use the former one in the LAPB
dissector, and the latter one in the XOT dissector and in the LLC
dissector table.
In the X.25-over-TCP dissector, handle multiple X.25 packets per TCP
segment, and handle X.25 packets split across TCP segments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5134 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"wtap_read()".
Add some additional error checks to the Sniffer file reader.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4875 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4874 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
For file types where we allocate private data, add "close" routines
where they were missing, to free the private data. Also fix up the code
to clean up after some errors by freeing private data where that wasn't
being done.
Get rid of unused arguments to "wtap_dump_open_finish()".
Fix indentation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4857 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4709 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4199 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
can handle capture files bigger than 2GB.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3993 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
beginning of the file before reading anything from the file is bogus -
do that in the loop that tries each of the open routines, instead.
(They may have to reset the seek pointer later if, for example, the
capture file begins with the first packet, and the "open()" routine
looks at that packet to try to guess whether the packet is in the file
format in question.)
Set "wth->data_offset" to 0 while you're at it, so capture file readers
don't have to do that, either.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3123 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2654 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2639 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2392 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
every C file. I noticed this because of a build break of csids.obj on
Win32.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2378 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pointers and arrays in a number of places, to remove warnings some
compilers give.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2160 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1989 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"FILE_T" is either a "gzFile" or a "FILE *", depending on whether zlib
support is enabled or not). Fix various function declarations and
definitions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1984 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1975 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
and nettl captures - a "start" field is used for capture files where the
time stamps on packets are relative to some initial time stamp, e.g. the
time the capture started, but those file formats use absolute time
stamps, so no "start" field is needed.
Make the "this is an HP-UX 11.x nettl capture" flag a member of the
private data structure for a nettl capture, rather than a global - it's
per-capture-file state.
Once the "start" field is removed from the RADCOM private data
structure, there's nothing left, so eliminate the private data
structure.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1863 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
from the frame table - Network Monitor 2.x, at least, doesn't always
write frame N+1 right after frame N.
To do that, we need to mallocate a big array to hold the frame table,
and free it when we close the capture file; this requires that we have
capture-file-type-specific close routines as well as
capture-file-type-specific read routines - we let it the pointer to that
routine be null if it's not needed. Given that, we might as well get
rid of the switch statement in "wtap_close()", in favor of using
capture-file-type-specific close routines, as per the comment before
that switch statement.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1740 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
capture file for an unsupported link-layer encapsulation type (as the
nettl reader does), and report it correctly if it occurs on an open or
read attempt rather than a save attempt.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1647 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
forwarding e-mail address.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1522 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
hideous problem on FreeBSD 3.[23] (and perhaps other BSDs) if
HAVE_UNISTD_H is defined before "zlib.h" is included, turn "file_seek()"
into a subroutine defined in a file that *undefines* HAVE_UNISTD_H
before including "zlib.h", so that the *only* call to "gzseek()" is made
from a file that does not have HAVE_UNISTD_H defined when it includes
"zlib.h".
Move "file_error()" to that file while you're at it, so it holds all the
wrappers that hide the presence or absence of zlib from routines to read
capture files.
Turn "file.h", which declared those wrapper functions as well as wrapper
macros, into "file_wrapper.h" - it belongs with the "file_wrapper.c"
file that defines the wrapper functions, not with "file.c" which handles
higher-layer file access functions.
Remove the comment in "configure.in" that explained why defining
HAVE_UNISTD_H was a bad idea, as we're not obliged to define it and work
around the problem. (The comment in "file_wrapper.c" explains the
workaround.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1463 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Also, explicitly compare the result of "memcmp()" against 0 - the
appearance of a comparison operator in the expression makes it clearer
what test is being done.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1061 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
and aligned g_malloc calls with g_free calls (i.e, we no longer mix-and-match
C-library malloc with GLIB g_free, and vice-versa).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1000 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Assign a range of Wiretap errors for zlib errors, and have
"wtap_strerror()" use "zError()" to get an error message for
them.
Have the internal "file_error()" routine return 0 for no error
and a Wiretap error code for an error.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@769 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
The "fh" member of a "wtap" structure points to something constructed
from the "fd" member of that structure, so that closing the stream
referred to by "fh" also closes the underlying file descriptor; get rid
of an unnecessary close of "wth->fd".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@720 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@704 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
gzip. The zLib library is used for this purpose. If zLib is not available
(or it's use is disabled by the --disable-zlib option to configure), you
can still compile Ethereal but it will be unable to read compressed capture
files.
IMPORTANT:
Now all file accesses to capture files should be done through special macros.
Specifically, for any use of the following functions on capture files, replace them.
The arguments for the right-side functions are exactly the same as for the
original stdio functions.
fopen file_open
fdopen filed_open
fread file_read
fwrite file_write
fseek file_seek
fclose file_close
ferror file_error
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@695 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
header fields we don't look at - some implementations of the standard
I/O library routines (e.g., the ones in Solaris 2.5.1, at least) appear
not to be clever enough to handle seeks that occur within the buffer by
moving the current buffer position; instead, they do a seek on the
underlying file descriptor *and* appear to throw out the buffer, forcing
them to do another read.
Instead, read the entire record header into a structure, and pick the
relevant bits out of it.
Also, skip over the FCS in LAPB captures by reading it rather than
seeking around it (should we put it in the pseudo-header?).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@625 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
be truncated - treat a record with a data length of 0 as an end of file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@619 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
all, not just before the third time you use it....
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@613 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Use "pletohs()" and "pletohl()" to access 16-bit and 32-bit fields in
the file and packet headers, as those fields are little-endian.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@612 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@596 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@528 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@523 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@516 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: a
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@417 f5534014-38df-0310-8fa8-9805f1628bb7
|