| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
routine, used both by read and seek-read routines.
svn path=/trunk/; revision=49988
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
doesn't need to return the number of bytes of captured packet data (it
can just stuff that into the struct wtap_pkthdr), so have it return a
Boolean success/failure indication.
svn path=/trunk/; revision=49376
|
|
have it return -1 for errors or EOF, and have iseries_read() check for a
negative return value and return FALSE. That simplifies it a bit, and
handles the "no more records in the file" case
(iseries_seek_next_packet() will hit EOF and return -1 with *err set to
0, which is what the callers of a read routine expect at EOF).
Get rid of duplicate (and incorrect before the change) comment.
svn path=/trunk/; revision=49375
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48424
|
|
return an "EOF or error" indication - an EOF without an error will
return 0.
In iseries_seek_next_packet(), return an error code of WTAP_ERR_BAD_FILE
and an appropriate error message if we don't find a packet header within
the next ISERIES_MAX_TRACE_LEN lines, don't just return -1 and leave the
error information unchanged.
Setting an argument variable before returning has no effect, so don't do
it (so that we don't leave the mistaken impression that it *is* doing
something).
Clean up indentation.
svn path=/trunk/; revision=46819
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
be infinite?
svn path=/trunk/; revision=46757
|
|
if that squelches a loop-optimization warning.
svn path=/trunk/; revision=46752
|
|
Extract it as a string, not a number, and determine the resolution based
on the length of the string, i.e. on the number of digits presented.
(If you base it on the numerical value, leading zeroes will not be taken
into account, but they aren't any different from other digits when
determining the resolution.) The resolution is 1/10^ndigits seconds, so
we have to multiply it by 10^(9-ndigits) to convert the number to
nanoseconds.
svn path=/trunk/; revision=45627
|
|
Process several different flavors of header lines the same: "IP Header",
"IPv6 Header", "ARP Header", "TCP Header", "UDP Header", "ICMP Header",
"ICMPv6 Hdr", "Option Hdr" - the hex data for all of them should be
included in the packet data. Process continuation lines if those
headers wrap over more than one line.
Do not assume, or require, that *any* of those be present; there is no
guarantee that "IP Header" or "IPv6 Header" will be present (there's at
least one IBM page showing a packet with "ARP Header" in a trace), and
there is no guarantee that "TCP Header" will be present (there are
traces with "UDP Header" and "ICMPv6 Hdr").
Do not impose limits, other than the overall line limit, on the amount
of hex data in header or data lines; there is no guarantee that, for
example, a TCP header is 20 bytes long (if there are TCP options, it
*will* have more than 20 bytes).
Make sure we have an even number of hex digits.
Set "caplen" to the actual number of bytes we've read, even if that's
less than the purported packet length.
svn path=/trunk/; revision=45626
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
svn path=/trunk/; revision=42197
|
|
- fix a few small memory leaks;
- fix some indentation to match style used (gnu);
- remove trailing whitespace;
- ...
svn path=/trunk/; revision=42196
|
|
svn path=/trunk/; revision=42147
|
|
svn path=/trunk/; revision=42146
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
svn path=/trunk/; revision=40909
|
|
svn path=/trunk/; revision=40907
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
svn path=/trunk/; revision=37604
|
|
iseries.c:305: warning: unused variable 'tcpformat'
svn path=/trunk/; revision=37467
|
|
This is significant update to the existing iseries wiretap module. It adds
support for IPv6 (formatted & unformatted comms traces), in addition I've
tidied up the sscanf routines to better handle traces files with offset lines.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5957
svn path=/trunk/; revision=37466
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
Update or remove some additional "we don't have ferror() in zlib"
comments to reflect the current reality.
svn path=/trunk/; revision=36568
|
|
help squelch Coverity CIDs 701-709.
svn path=/trunk/; revision=36511
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
svn path=/trunk/; revision=35954
|
|
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
|
|
iSeries capture processor. Parse the start date into year/month/day at
the time we see it, rather than for every packet; that means we don't
need to allocate a buffer to hold the date as a string (a buffer which
we weren't ever freeing).
svn path=/trunk/; revision=31981
|
|
svn path=/trunk/; revision=30608
|
|
svn path=/trunk/; revision=27683
|
|
svn path=/trunk/; revision=26479
|
|
do *not* modify the string handed to them - they g_mallocate a new
string and return it.
Create routines that *do* ASCII-only case mapping in place, and use them
instead.
Clean up indentation.
svn path=/trunk/; revision=26131
|
|
argument, as
1) it doesn't modify the string that argument points to
and
2) it's a buffer of "char".
Use g_ascii_xdigit_value() and put the values of the two bytes together
ourselves; strtoul() is a bit of overkill for two-hex-digit pairs.
While we're at it, check for invalid hex digits, and for bytes where
only one hex digit is present.
svn path=/trunk/; revision=25392
|
|
since rev 17756, meant that attempts to read iSeries files would fail in the
"Make sure it [pkt_encap] is not WTAP_ENCAP_PER_PACKET" assertion in
wtap_read().
Also set file_encap to WTAP_ENCAP_ETHERNET (instead of WTAP_ENCAP_PER_PACKET)
since it seems that all the packets in iSeries files are Ethernet (or at least
this module currently only supports Ethernet).
svn path=/trunk/; revision=25388
|
|
svn path=/trunk/; revision=25257
|
|
svn path=/trunk/; revision=25254
|
|
svn path=/trunk/; revision=24295
|
|
svn path=/trunk/; revision=24180
|
|
svn path=/trunk/; revision=23232
|
|
Attached is a small patch that correct an issue with reading certain IBM
iSeries Comms traces.
Traces where data has been dropped for whatever reason now have the
packet number suffixed with an asterix "*", this causes the current
iSeries wiretap routine to report a "bad" header. The attached patch
simply scans the packet number field and removes any "* characters prior
to scanning, the fact that data may be missing is more than adequately
reported later by current wireshark packet processing.
Regards .. Martin
svn path=/trunk/; revision=23000
|
|
Check for a case where, conceivably, the on-the-wire packet length (from
the IP header) could be shorter than the captured data length (due to
Ethernet padding), and handle it by making sure the on-the-wire length
is always >= the captured data length.
svn path=/trunk/; revision=21490
|
|
svn path=/trunk/; revision=21361
|
|
them, add -Wno-pointer-sign to CFLAGS when gcc will accept it.
svn path=/trunk/; revision=21253
|
|
Comment out -Werror in plugins/asn1/ until warnings can be fixed.
svn path=/trunk/; revision=21158
|
