| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
in order to check whether to use ANSI C features such as "const".
GCC defines it as 1 even if extensions that render the implementation
non-conformant are enabled; Sun's C compiler (and, I think, other
AT&T-derived C compilers) define it as 0 if extensions that render
the implementation non-conformant are enabled; Microsoft Visual C++
6.0 doesn't define it at all if extensions that render the implementation
non-conformant are enabled.
We define it as 0 in "config.h.win32", so that those generated files will use
those features (and thus not get type warnings when compiled with
MSVC++).
svn path=/trunk/; revision=2698
|
|
svn path=/trunk/; revision=2696
|
|
svn path=/trunk/; revision=2675
|
|
just an EOF, it should set "*err" to 0. Fix up a bunch of read routines
for various capture file types to set "*err" appropriately.
svn path=/trunk/; revision=2667
|
|
svn path=/trunk/; revision=2654
|
|
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
|
|
svn path=/trunk/; revision=2640
|
|
svn path=/trunk/; revision=2639
|
|
don't need to work around that.
The offset, for a given packet, at which "ascend_seek()" should start
searching for that packet's header must be computed separately from the
offset, for that packet, at which "ascend_seek()" should start searching
for the *next* packet - if the file is a "wdd" capture, and the packet
has a "Date:" header and a WD_DIALOUT_DISP header, the search for that
packet should start at the beginning of the "Date:" header, but the
search for the next packet should start after the WD_DIALOUT_DISP
header, as if we start it after the "Date:" header, the search will stop
at the packet's own WD_DIALOUT_DISP header, as a packet could have a
WD_DIALOUT_DISP header but no "Date:" header.
svn path=/trunk/; revision=2620
|
|
place call to" header (I presume this can happen if there was a call in
progress when the packet was sent or received); don't require the
Date: 01/12/1990. Time: 12:22:33
Cause an attempt to place call to 14082750382
to be present in every packet.
(Only the date on the first packet is used, and only if it's present in
the first packet; if the first packet doesn't have a date, we can't
easily go back and fix up the previous packets, *especially* in programs
such as Tethereal and editcap which make only one pass through the
capture.
We set the called number to a null string if that's the case; we could
assume, in the sequential pass, that it's the phone number from the last
call, and remember that for use when doing random access.)
svn path=/trunk/; revision=2617
|
|
is WTAP_ENCAP_LAPB *or* WTAP_ENCAP_V120, and we have to set "p2p.sent"
in the capture file for *all* WTAP_ENCAP_LAPD captures; fix the
i4btrace and Sniffer capture file readers to do so.
(XXX - should we eliminate "x25.flags", and use "p2p.sent" instead? The
directions for X.25 are DTE->DCE and DCE->DTE, not "sent" and
"received", but I suspect that "sent" and "received" should be thought
of from the point of view of the DTE, so DTE->DCE is "sent" and DCE->DTE
is "received"; the directions for ISDN are user->network and
network->user, but I suspect that "sent" and "received" should be
thought of from the standpoint of the user equipment, so user->network
is "sent" and network->user is "received".)
svn path=/trunk/; revision=2606
|
|
fix the interpretation of the date and time reported in capture
files;
use that date and time only to set the start date and time of
the capture, not to generate the time stamp for every packet.
Make the "struct tm" used for that local to the code to handle that
production in the grammar, rather than global.
For all captures, we *can* now fstat a compressed file (and have been
able to do so for a while, in fact), so revert to doing so and using the
ctime of the capture file if we can't get a date and time from the
file's contents.
svn path=/trunk/; revision=2605
|
|
Remove what appear to be a pair of dangling "else"s.
Before calling "mktime()" on a "struct tm", you have to set "tm_isdst",
so it knows what to do about daylight savings time; set it to -1, so it
picks the appropriate time (except, presumably, for those times that
don't exist, when the clock is moved forward, where there is no
appropriate time, and those times that exist twice, when the clock is
moved backward, where there are *two* times and you can't tell which is
appropriate).
svn path=/trunk/; revision=2604
|
|
these other than a trace file a client sent me. The header appears to
be similar to frame2 and frame4 records, but with extra bytes at the end.
The trace file also contains record types 13 - 17 which appear to contain
metainformation such as retransmit counts.
svn path=/trunk/; revision=2508
|
|
wiretap configure scripts as well as in the main configure script.
svn path=/trunk/; revision=2501
|
|
bundled with GTK+ 1.0[.x]), it works only with 1.2[.x] and later, so we
no longer need to check for 1.0[.x] and define HAVE_GLIB10.
svn path=/trunk/; revision=2500
|
|
svn path=/trunk/; revision=2464
|
|
8, which is NDIS's ATM type. At least one capture appears to have
LLC-encapsulated frames in it; for now, we'll map it to
WTAP_ENCAP_ATM_RFC1483 - and make Ethereal dissect
WTAP_ENCAP_ATM_RFC1483 by handing the frames to "dissect_llc()".
While we're at it, we'll have Ethereal panic if handed a Wiretap packet
type it doesn't dissect, rather than giving you a rather blank
dissection.
svn path=/trunk/; revision=2457
|
|
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
|
|
svn path=/trunk/; revision=2452
|
|
svn path=/trunk/; revision=2450
|
|
svn path=/trunk/; revision=2449
|
|
svn path=/trunk/; revision=2448
|
|
file header to 4; fortunately, as they appear to put their extensions to
snoop into the padding at the end of the record, all their capture files
look alike to programs such as snoop and Ethereal that ignore the
padding, so we can just treat version 4 just like version 2 (unless and
until Brent decides a new snoop format is called for, changes the record
header, and picks a version number that's the same as one used by
Shomiti).
svn path=/trunk/; revision=2447
|
|
objects are reference-counted so that won't make it disappear if
Ethereal is also linked with it as a shared SNMP library.
svn path=/trunk/; revision=2444
|
|
of Nokia box (firewall) - yep, it's yet *another* mutant libpcap format
that didn't change the magic number, sigh....
svn path=/trunk/; revision=2440
|
|
svn path=/trunk/; revision=2430
|
|
is, for now, handled as WTAP_ENCAP_PPP (although we may have to split
WTAP_ENCAP_PPP into more than one type at some point).
svn path=/trunk/; revision=2423
|
|
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
|
|
that these calls work on Win32. I still don't have a good reason as to
why this is necessary, but it fixes the problem. I'll continue looking
for a reason.
svn path=/trunk/; revision=2386
|
|
every C file. I noticed this because of a build break of csids.obj on
Win32.
svn path=/trunk/; revision=2378
|
|
encapsulation type codes - for those libpcap type codes whose numerical
value is interpreted differently by different versions of libpcap,
include <pcap.h> if you can and, if you can, use what it defines to
control which Wiretap code we map those type codes to.
Also, map the new libpcap type codes introduced by libpcap 0.5.
svn path=/trunk/; revision=2369
|
|
svn path=/trunk/; revision=2335
|
|
svn path=/trunk/; revision=2299
|
|
instead of != ==.
svn path=/trunk/; revision=2273
|
|
Set "current_blob" when the first read is done from the random file, as
"current_blob" is the current blob in the random file.
svn path=/trunk/; revision=2262
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
sequential pass through the file build a list of information about the
compressed blobs, with the starting offset in the compressed file and in
the uncompressed byte stream for each blob.
When seeking on the random stream, check whether the target location is
within the uncompressed buffer we currently have; if not, use that list
to figure out which blob contains the target location, and read that
blob into the buffer. Then, as we now know that the target location is
within the uncompressed buffer we currently have, just move the current
pointer into that buffer to the target location.
This means we don't have to read forwards through any uninteresting
blobs in order to seek forwards, and don't have to go all the way back
to the beginning and seek forwards in order to seek backwards.
svn path=/trunk/; revision=2251
|
|
IPLog format.
svn path=/trunk/; revision=2231
|
|
svn path=/trunk/; revision=2203
|
|
svn path=/trunk/; revision=2189
|
|
the C run-time library sets "statb.st_mode" appropriately, at least for
plain files and directories; it just doesn't offer the POSIX "S_ISxxx()"
macros to test the file type.
If those macros aren't defined (which might also be the case on really
ancient UNIX systems), define them appropriately, and use them even on
Win32 systems, so that we can properly report attempts by a user to read
from a directory on Win32, just as we do on UNIX.
svn path=/trunk/; revision=2188
|
|
defined on Win32 systems - it's not defined in <sys/types.h> on those
systems.
In "buffer.c", include "config.h", to cause HAVE_WINSOCK_H to be
defined, on systems that have it, so that we include it in <buffer.h>.
svn path=/trunk/; revision=2187
|
|
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
|
|
1) aclocal expects autoconf/automake macros to be hidden;
2) GTK+ hid its autoconf/automake macros;
and, if both places exist but aren't the same directory, returns a "-I"
flag to tell aclocal to look in GTK+'s directory.
Then have "autogen.sh", and Makefiles in directories with "acinclude.m4"
files, use that script and pass what flag it supplies, if any, to
aclocal.
This should, I hope, avoid problems such as those FreeBSD systems where
GTK+ was installed from a port or package (and thus stuck its macros in
"/usr/X11R6/share/aclocal") but aclocal doesn't look there.
(It doesn't solve the problem of somebody downloading and installing,
say, libtool from source - which means it probably shows up under
"/usr/local", with its macros in "/usr/local/share/aclocal" - on a
system that comes with aclocal (meaning it probably just looks in
"/usr/share/aclocal", but that may be best fixed by, whenever you
download a source tarball for something that's part of your OS,
configuring it to install in the standard system directories and
*overwriting* your OS's version.)
svn path=/trunk/; revision=2165
|
|
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
|
|
pointers and arrays in a number of places, to remove warnings some
compilers give.
svn path=/trunk/; revision=2160
|
|
When capturing, report errors trying to create the output file
with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
When checking whether an "open()" of a capture file succeeded, check
whether "open()" returns a negative number, not whether it returns 0.
In "wtap_open_offline()", if the file to be opened is a directory,
return EISDIR, not WTAP_ERR_NOT_REGULAR_FILE, so that the error message
can say "that's a directory, not a file".
If "wtap_open_offline()" returns WTAP_ERR_NOT_REGULAR_FILE, don't just
say the file is "invalid", say it's a "special file" or socket or some
other weird type of file.
svn path=/trunk/; revision=2144
|
|
a random stream open.
svn path=/trunk/; revision=2097
|
|
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
|
