Age | Commit message (Collapse) | Author | Files | Lines |
|
a file. Use it.
svn path=/trunk/; revision=32716
|
|
svn path=/trunk/; revision=32537
|
|
svn path=/trunk/; revision=32536
|
|
later Linux kernels.
svn path=/trunk/; revision=32535
|
|
Support PPP-over-USB.
Don't remove the USB pseudo-header from the packet data for
Linux USB packets, just byte-swap it if necessary and have the
USB dissector fetch the pseudo-header from the raw packet data.
Update USB language ID values.
svn path=/trunk/; revision=32534
|
|
Endace ATM and AAL2 enhancements.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447
svn path=/trunk/; revision=31766
|
|
Replace ERF dissector with ATM dissector for protocols 'FP Hint' and 'META'
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4384
svn path=/trunk/; revision=31761
|
|
From me: Remove changes related to the ARP protocol because it doesn't
appear to be necessary for SocketCAN. Will add later if Felix says it is
needed.
svn path=/trunk/; revision=31196
|
|
WTAP_GCOM_TIE1 => WTAP_ENCAP_GCOM_TIE1
WTAP_GCOM_SERIAL => WTAP_ENCAP_GCOM_SERIAL
svn path=/trunk/; revision=31161
|
|
Added support for Solaris IPNET layer
From me:
Some code cleanup in packet-ipnet.c
Added packet-ipnet.c to CMakeFiles.txt
Added WTAP_ENCAP_IPNET to encap_table_base[]
svn path=/trunk/; revision=31159
|
|
Add the ability to open JPEG/JFIF files directly.
From me:
Some code cleanup + add new file to cmake.
svn path=/trunk/; revision=30588
|
|
svn path=/trunk/; revision=29569
|
|
Add Fibre Channel Delimiter Dissector for Fibre Channel FC2.
svn path=/trunk/; revision=29531
|
|
length > 65535, so we shouldn't use a larger value.
svn path=/trunk/; revision=29194
|
|
New DLT value is added for Fibre Channel FC2.
svn path=/trunk/; revision=29115
|
|
Thanks for Tyson Key for reporting the issue.
svn path=/trunk/; revision=28877
|
|
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
|
|
Added support for Daintree's Sensor Network Analyzer capture files.
svn path=/trunk/; revision=28463
|
|
If a PCAP file containing WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR packets is saved,
it gets corrupted because the direction pseudo header isn't included.
svn path=/trunk/; revision=28441
|
|
- Send last byte of header (type) and data to a packetlogger dissector
- Rewrite type to ACI channel in the dissector
- Direction is indirectly given from the PL type
- Dissect PacketLogger NewC and Info as text
svn path=/trunk/; revision=28141
|
|
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
|
|
Add DPNSS link layer dissector, support EyeSDN Trace files with DPNSS.
(Removed a couple of c++ style comments).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3224
svn path=/trunk/; revision=27312
|
|
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
|
|
value.
svn path=/trunk/; revision=27113
|
|
svn path=/trunk/; revision=27099
|
|
followed by 8 bytes of "struct usb_device_setup_hdr", even if there's no
setup information, but it should be interpreted only if setup_flag is 0.
(That's what those mysterious 8 bytes are.)
svn path=/trunk/; revision=27043
|
|
No we can decode those winmail.dat files.
svn path=/trunk/; revision=26864
|
|
patch to support IEE802.15.4 non-ASK PHY.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2906
svn path=/trunk/; revision=26792
|
|
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
|
|
Endace ERFII (extension header) support.
svn path=/trunk/; revision=26287
|
|
Clean up the Linux USB pseudoheader dissection.
svn path=/trunk/; revision=25990
|
|
Implement dissector for IPMB (DLT_IPMB_LINUX, 209).
svn path=/trunk/; revision=25986
|
|
unsigned
svn path=/trunk/; revision=25705
|
|
every 4 spaces or every 8 spaces, so just use spaces.
svn path=/trunk/; revision=25162
|
|
new WTAP_ENCAP files(X2E Xoraya serial frame and X2E Xoraya frame )
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2418
svn path=/trunk/; revision=25154
|
|
This extends the EyeSDN wiretap module to be able to support:
- DSS1/Q.931
- PPP
- LAPB/X.25
- ATM raw cells
- SS7 MTP2
svn path=/trunk/; revision=25123
|
|
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
|
|
IEEE 802.15.4 dissector and DLT_ type.
svn path=/trunk/; revision=24564
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1970 (pending review)
svn path=/trunk/; revision=24463
|
|
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
|
|
svn path=/trunk/; revision=24119
|
|
Format" - this is incomplete and buggy, be careful!
svn path=/trunk/; revision=24079
|
|
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
|
|
per enhancement bug #1795.
svn path=/trunk/; revision=23558
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
|
|
This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
|
|
svn path=/trunk/; revision=23063
|
|
This patch adds support for the Juniper NetScreen snoop output format.
It takes a text-dump op the captured packets and parses the headers
and hex-data. Since the snoop files on a Junpiper NetScreen can be saved
to a tftp-server, this patch makes it quite easy to use the snoop
function of the Juniper NetScreen firewalls.
/* XXX TODO:
*
* o Create a wiki-page with instruction on how to make tracefiles
* on Juniper NetScreen devices. Also put a few examples up
* on the wiki (Done: wiki-page added 2007-08-03)
*
* o Use the interface names to properly detect the encapsulation
* type (ie adsl packets are now not properly dissected)
* (Done: adsl packets are now correctly seen as PPP, 2007-08-03)
*
* o Pass the interface names and the traffic direction to either
* the frame-structure, a pseudo-header or use PPI. This needs
* to be discussed on the dev-list first
* (Posted a message to wireshark-dev abou this 2007-08-03)
*
*/
svn path=/trunk/; revision=22533
|
|
http://www.cacetech.com/documents/PPI_Header_format_1.0.pdf .
svn path=/trunk/; revision=22094
|
|
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
|