Age | Commit message (Collapse) | Author | Files | Lines |
|
Fixed some indentation.
svn path=/trunk/; revision=24353
|
|
routines to correctly follow the clarified PcapNg standard document.
svn path=/trunk/; revision=24349
|
|
svn path=/trunk/; revision=24307
|
|
point, so we don't have issues with numbers not being exactly
representable; that makes it less likely that the change described below
will change a time stamp if it's not fixing the time stamp (i.e., if
time_day is 0).
The Sniffer manual "Expert Sniffer(R) Network Analyzer Operations,
Release 5.50" says that a frame2_rec has a time stamp with an 8-bit
time_high field and an 8-bit time_day field. Interpreting the time
stamp that way fixes the time stamps in at least some captures; see, for
example, bug 2251.
Fix/update some comments (for example, the Sniffer documentation is no
longer at that URL).
svn path=/trunk/; revision=24296
|
|
svn path=/trunk/; revision=24295
|
|
svn path=/trunk/; revision=24282
|
|
svn path=/trunk/; revision=24280
|
|
svn path=/trunk/; revision=24269
|
|
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
|
|
svn path=/trunk/; revision=24258
|
|
won't be annoyed by debug messages
svn path=/trunk/; revision=24198
|
|
svn path=/trunk/; revision=24181
|
|
svn path=/trunk/; revision=24180
|
|
(although they are the same value right now)
svn path=/trunk/; revision=24159
|
|
unused)
svn path=/trunk/; revision=24149
|
|
svn path=/trunk/; revision=24142
|
|
svn path=/trunk/; revision=24141
|
|
svn path=/trunk/; revision=24140
|
|
- read simple packet block
- read various options
- jump over unknown block types
- more sanity checks
svn path=/trunk/; revision=24139
|
|
svn path=/trunk/; revision=24133
|
|
block types.
svn path=/trunk/; revision=24128
|
|
svn path=/trunk/; revision=24119
|
|
block to the data offset.
svn path=/trunk/; revision=24083
|
|
svn path=/trunk/; revision=24082
|
|
svn path=/trunk/; revision=24081
|
|
svn path=/trunk/; revision=24080
|
|
Format" - this is incomplete and buggy, be careful!
svn path=/trunk/; revision=24079
|
|
svn path=/trunk/; revision=24054
|
|
otherwise use as the per-packet encapsulation.
The close routine does nothing; get rid of it - you don't *need* a close
routine (by default, the subtype_close pointer is null, which means that
nothing per-file-type is done when the file is closed).
Make the code to handle the length fields in the ERF header common,
rather than copying it to each group of record types.
svn path=/trunk/; revision=24053
|
|
fix http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1727 (pppd format file
incorrectly detected as being an ERF file) by:
The file_seek() call has been replaced by a call to file_read(), so, when the
end of the file is reached and the current record is truncated, we have got an
error.
This solves the problem of bad file format detection.
Additionaly, the ERF heuristic has been improved.
svn path=/trunk/; revision=24051
|
|
svn path=/trunk/; revision=23956
|
|
svn path=/trunk/; revision=23952
|
|
Aka: Newer autofoo tools broke because of the _SOURCE ending.
svn path=/trunk/; revision=23904
|
|
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
|
|
Error message when capturing too short WTAP_ENCAP_USB_LINUX type packets
contains a copy-paste typo.
From me:
Fix some addresses in AUTHORS.
svn path=/trunk/; revision=23882
|
|
functions.
svn path=/trunk/; revision=23806
|
|
with automake/autoconf, so we pick up config.h.
svn path=/trunk/; revision=23805
|
|
no-longer-needed wiretap/wtap-capture.h.
Clean up wiretap/libwiretap.vcproj (note: this isn't going to scale, if
it has to contain a list of all the files, as most committers will be
editing only Makefile.common files).
svn path=/trunk/; revision=23803
|
|
Copy the MSVC++-version-checking stuff from it into the top-level
config.h.win32, and try to set up config.nmake so that MSC_VER_REQUIRED
is defined in all Makefiles that include config.nmake.
svn path=/trunk/; revision=23802
|
|
Fix indentation.
svn path=/trunk/; revision=23798
|
|
the top-level directory.
Don't build config.h in the wiretap directory - it now uses config.h
from the top-level directory. Get rid of the template config.h.win32 in
that directory.
Get rid of files that are no longer in the wiretap directory or are no
longer constructed in that directory.
svn path=/trunk/; revision=23797
|
|
svn path=/trunk/; revision=23795
|
|
cause gastric distress to at least som eversions of MSVC, and possibly
other compilers.
svn path=/trunk/; revision=23790
|
|
svn path=/trunk/; revision=23691
|
|
svn path=/trunk/; revision=23651
|
|
in Wireshark when reading CommView files. Also write out these values when
coming from a file format with encapsulation type 802.11 with radio.
svn path=/trunk/; revision=23617
|
|
svn path=/trunk/; revision=23616
|
|
used by the mpeg-audio dissector: instead keep the data inside the wiretap
module and add accessor functions. I think this should fix
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677 and anyway it's
cleaner.
svn path=/trunk/; revision=23612
|
|
svn path=/trunk/; revision=23608
|
|
extension found at least on OS X). Also change from 4 to 5 bytes in each strftime() to allow space for the NULL terminator with 4 character outputs.
svn path=/trunk/; revision=23595
|