Age | Commit message (Collapse) | Author | Files | Lines |
|
implemented wtap_dump_file_seek() and _tell()
implemented the previously declared but unimplemented wtap_dump_file_seek() and wtap_dump_file_tell() functions and used them in the seven files that had previously used a plain ftell or fseek and added error checking as appropriate. I also added a new error WTAP_ERR_CANT_SEEK_COMPRESSED and put it next to WTAP_ERR_CANT_SEEK causing renumbering of two of the existing error codes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48348
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45457
|
|
From me: instead of logging the error with a macro that requires dbg_out
to be set, and giving up, set dbg_out to stderr, log the message (which
now notes that logging will be done to the standard error), and drive
on.
Part of fix for bug 7824.
svn path=/trunk/; revision=45454
|
|
svn path=/trunk/; revision=45015
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
svn path=/trunk/; revision=43000
|
|
svn path=/trunk/; revision=42998
|
|
svn path=/trunk/; revision=42427
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
calling g_free() on that argument after calling destroy_k12_file_data()
is always an error.
svn path=/trunk/; revision=42067
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7084
svn path=/trunk/; revision=42062
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
Kaul: http://www.wireshark.org/lists/wireshark-dev/201104/msg00170.html
svn path=/trunk/; revision=36710
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
svn path=/trunk/; revision=36492
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
an email I found when looking for some other stuff and which I then
found with a Google search.
svn path=/trunk/; revision=35898
|
|
svn path=/trunk/; revision=35809
|
|
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
|
|
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
|
|
svn path=/trunk/; revision=28119
|
|
svn path=/trunk/; revision=28117
|
|
we get an improper buffer length, throw an error instead of
aborting. Clean up the debugging code.
svn path=/trunk/; revision=27918
|
|
More remove checking for NULL before g_free().
svn path=/trunk/; revision=27728
|
|
svn path=/trunk/; revision=27683
|
|
svn path=/trunk/; revision=27659
|
|
do *not* modify the string handed to them - they g_mallocate a new
string and return it.
Create routines that *do* ASCII-only case mapping in place, and use them
instead.
Clean up indentation.
svn path=/trunk/; revision=26131
|
|
svn path=/trunk/; revision=25937
|
|
svn path=/trunk/; revision=25539
|
|
svn path=/trunk/; revision=25257
|
|
svn path=/trunk/; revision=24181
|
|
"Buffer lenght:"
(recursively grepped through the source and corrected all occurences, even
the ones just in comments)
svn path=/trunk/; revision=23211
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1827
Update README.developer to tell developers not to use fopen() and friends
directly.
svn path=/trunk/; revision=23206
|
|
provided in bug #1864
svn path=/trunk/; revision=23015
|
|
svn path=/trunk/; revision=22091
|
|
least, "int foo()" defines or declares an old-style function, not one
with no arguments.
svn path=/trunk/; revision=21488
|
|
record does not match any given one.
I noticed that these records have the first byte changed so When a lookup fails mask the byte and lookup again.
svn path=/trunk/; revision=21303
|
|
svn path=/trunk/; revision=21079
|
|
wiretap
remove all compiler warnings:
a) prevent wrong malloc/free definitions by lex/yacc generated files
b) add int/time_t casts - MSVC2005 is more "sensitive" about this than MSVC6
svn path=/trunk/; revision=21078
|
|
svn path=/trunk/; revision=21045
|
|
add another interface record type with the very same arch than the "old" one.
now I can read all the K15 files I got.
svn path=/trunk/; revision=21044
|
|
be able to read files with records larger than 0x2000 bytes
this fixes http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=532
svn path=/trunk/; revision=21043
|
|
svn path=/trunk/; revision=21013
|
|
In the attached patch, the K12 wiretap now saves the content of record
after captured packet data. The K12 dissector then could extract them and provide
useful information to properly dissect FP frames (user plane of UTRAN Iub
interface).
svn path=/trunk/; revision=20749
|
|
Kriang Lerdsuwanakij <lerdsuwa@users.sourceforge.net>
I discovered that Wireshark K12xx detects the type of input (E1 timeslot or ATM)
based on the extra information. My previous patch to enable Wireshark to open
K12xx files with no extra information (extra_len equals 0 in SRCDEST record)
failed to give later dissectors the input type.
Attached is the patch to correct this for ATM PVC. It adds VPI/VCI/CID information
for display in the dissected tree (in k12_open function). k12_read and k12_seek_read
are also made more robust. These are reverse engineered based on hexeditor
and constants found in tektronix configuration file. Please apply the patch.
svn path=/trunk/; revision=20705
|