Age | Commit message (Collapse) | Author | Files | Lines |
|
it always fill it in. Have the seek-read routine pass its phdr argument
in. Have it just return a success/failure indication; do the check for
the packet size in the seek-read routine by looking at the caplen field
of the wtap_pkthdr structure.
svn path=/trunk/; revision=45663
|
|
svn path=/trunk/; revision=45656
|
|
both the read and the seek-read routine, now that a pointer to the
wtap_pkthdr is passed to the seek-read routine.
svn path=/trunk/; revision=45655
|
|
svn path=/trunk/; revision=45654
|
|
svn path=/trunk/; revision=45653
|
|
svn path=/trunk/; revision=45649
|
|
Extract it as a string, not a number, and determine the resolution based
on the length of the string, i.e. on the number of digits presented.
(If you base it on the numerical value, leading zeroes will not be taken
into account, but they aren't any different from other digits when
determining the resolution.) The resolution is 1/10^ndigits seconds, so
we have to multiply it by 10^(9-ndigits) to convert the number to
nanoseconds.
svn path=/trunk/; revision=45627
|
|
Process several different flavors of header lines the same: "IP Header",
"IPv6 Header", "ARP Header", "TCP Header", "UDP Header", "ICMP Header",
"ICMPv6 Hdr", "Option Hdr" - the hex data for all of them should be
included in the packet data. Process continuation lines if those
headers wrap over more than one line.
Do not assume, or require, that *any* of those be present; there is no
guarantee that "IP Header" or "IPv6 Header" will be present (there's at
least one IBM page showing a packet with "ARP Header" in a trace), and
there is no guarantee that "TCP Header" will be present (there are
traces with "UDP Header" and "ICMPv6 Hdr").
Do not impose limits, other than the overall line limit, on the amount
of hex data in header or data lines; there is no guarantee that, for
example, a TCP header is 20 bytes long (if there are TCP options, it
*will* have more than 20 bytes).
Make sure we have an even number of hex digits.
Set "caplen" to the actual number of bytes we've read, even if that's
less than the purported packet length.
svn path=/trunk/; revision=45626
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
|
|
pseudo-header into two bytes and fill in both the rate and direction
fields when writing CommView NCF files out.
svn path=/trunk/; revision=45507
|
|
long; that means we read only one byte into our structure, so make its
"rate" element one byte long, so we don't fill in half the "rate"
element with the read - and the *wrong* half on big-endian machines -
and leave the other half un-set and thus containing some random possibly
non-zero data.
In addition, that's not the full data rate for faster networks; for
Wi-Fi, the one-byte "direction" field is actually the upper 8 bits of
the data rate, so combine them when we fill in the data rate in the
pseudo-header.
#BACKPORT
svn path=/trunk/; revision=45504
|
|
unsupported feature.
If we see an IDB after all the IDBs at the beginning of the file,
process it. Fixes bug 7851.
Get rid of unused read_idbs flag in pcapng_t structure. (Also, as per
the above, just because we've read all the IDBs at the beginning of the
section, that doesn't necessarily mean we've read all the IDBs in the
section.)
Fix some places where we reject SPBs.
svn path=/trunk/; revision=45495
|
|
svn path=/trunk/; revision=45457
|
|
From me: instead of logging the error with a macro that requires dbg_out
to be set, and giving up, set dbg_out to stderr, log the message (which
now notes that logging will be done to the standard error), and drive
on.
Part of fix for bug 7824.
svn path=/trunk/; revision=45454
|
|
svn path=/trunk/; revision=45344
|
|
svn path=/trunk/; revision=45231
|
|
- speed up writing timestamp by avoiding g_snprintf()
- avoid call to strstr()
- don't use g_snprintf() for writing a liternal string
- avoid atio() for single-digit strings
- avoid some strcmp() calls where the release number at the end wasn't
important
svn path=/trunk/; revision=45091
|
|
support doesn't.
svn path=/trunk/; revision=45022
|
|
svn path=/trunk/; revision=45016
|
|
svn path=/trunk/; revision=45015
|
|
svn path=/trunk/; revision=45003
|
|
Move the GTK+ text import code to the common UI directory. Create
wtap_encap_requires_phdr() from code in file_import_dlg.c.
svn path=/trunk/; revision=44904
|
|
Enhancement to add more trace record fields in Citrix NetScaler capture file format.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7713
svn path=/trunk/; revision=44895
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266 :
Since we have to 'downconvert' the ERF time stamps to Wireshark's internal
representation anyway, we may as well report the resolution which we convert
to, rather than the original native resolution.
svn path=/trunk/; revision=44800
|
|
g_strlcpy().
svn path=/trunk/; revision=44608
|
|
writes a log.
Also re-line-up args under function definitions.
svn path=/trunk/; revision=44444
|
|
needed when wrinting the file if the format is converted to pcapng.
Should we do this for other file formats as well?
A pcapng file with per packet encapsulation will need an IDB per encapsulation as the EPB does not have a linktype indicator only a interface index.
svn path=/trunk/; revision=44281
|
|
LINKTYPE_AX25.
svn path=/trunk/; revision=44211
|
|
Part 1 of the fix for bug 7529.
svn path=/trunk/; revision=44202
|
|
This should fix the crash in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266
svn path=/trunk/; revision=44141
|
|
svn path=/trunk/; revision=44138
|
|
svn path=/trunk/; revision=44076
|
|
This fixes part of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533
which deals with Crash in vwr.c while reading the capture file.
svn path=/trunk/; revision=44075
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533
which deals with Div by 0 crash in pcapng_read_packet_block().
svn path=/trunk/; revision=44074
|
|
yesterday, also in _seek_read()). Spotted by running 'valgrind-wireshark.sh -2'.
svn path=/trunk/; revision=44043
|
|
svn path=/trunk/; revision=44019
|
|
svn path=/trunk/; revision=44016
|
|
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
|
|
that this doesn't write a Nokia file type properly, it just doesn't corrupt an existing one (read in by Wireshark) if resaved.
svn path=/trunk/; revision=43815
|
|
than Network Instruments Observer files, as we don't know whether they
are already decrypted.
svn path=/trunk/; revision=43796
|
|
it as appropriate in the code to read Network Instruments Observer
captures (rather than tweaking the "protected" flag in the packet data),
and use that flag in the 802.11 dissector.
Fix indentation while we're at it (tabs are not *ipso facto* 4 spaces).
svn path=/trunk/; revision=43795
|
|
wireless capture is decrypted a flag is set on the packet in the BFR file indicating that the packet is decrypted instead of modifying the protected flag in the frame control flags of the packet header. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7478
svn path=/trunk/; revision=43727
|
|
svn path=/trunk/; revision=43675
|
|
interface for which we have information.
Fixes bug 7467.
Should also cause an error message, rather than an unreadable capture
file, to be produced for the cases in bug 7381. (This isn't a fix for
bug 7381; it's arguably an improvement, in the sense that a circuit
breaker tripping or a fuse blowing for a short circuit is an improvement
over a fire starting, but it's not a *fix*, any more than a circuit
break or fuse *fixes* the short circuit.)
#BACKPORT
svn path=/trunk/; revision=43657
|
|
interface information when opening an output file, one of which I fixed
in my previous checkin and the other of which I didn't notice. Shuffle
code around a little bit so that the lumps are identical and then put
them into a common routine (*with* the fix in question).
#BACKPORT
svn path=/trunk/; revision=43655
|
|
we're making a fake interface description (it should match the time
stamp resolution). The dump code for pcap-NG now requires the time
units per second value, as it needs to correctly compute the time stamp
value to write out in an EPB.
svn path=/trunk/; revision=43652
|
|
for the interface, not based on the default resolution of 1 microsecond.
Fixes bug 7457.
Fix a comment.
Clean up indentation.
#BACKPORT
svn path=/trunk/; revision=43649
|
|
svn path=/trunk/; revision=43633
|