| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
use consistent indentation.
svn path=/trunk/; revision=36921
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5666
Fro me: use 4 -space indentation (not tab) to match surrounding code lines.
svn path=/trunk/; revision=36074
|
|
svn path=/trunk/; revision=33741
|
|
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
|
|
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
|
|
svn path=/trunk/; revision=28144
|
|
svn path=/trunk/; revision=28117
|
|
svn path=/trunk/; revision=27164
|
|
svn path=/trunk/; revision=27155
|
|
svn path=/trunk/; revision=27152
|
|
at the ends of packets.
svn path=/trunk/; revision=22540
|
|
captypes ETH_CAPTYPE_OTHERPOD2 and
ETH_CAPTYPE_GIGPOD2 in comments for
the associated TpS tables.
svn path=/trunk/; revision=22074
|
|
TpS_otherpod[]. Ask about its validity for ETH_CAPTYPE_OTHERPOD2 and
ETH_CAPTYPE_GIGPOD2.
svn path=/trunk/; revision=22016
|
|
svn path=/trunk/; revision=22015
|
|
svn path=/trunk/; revision=22005
|
|
svn path=/trunk/; revision=21998
|
|
svn path=/trunk/; revision=21997
|
|
network type; there's no "presumably" about it.
Suggest that "realtick" might have the right time stamp in other cases
(if not, a comment should explicitly indicate that, so that in all cases
where we either know that realtick is wrong or have a lot of evidence to
show that it's right, we note that fact).
svn path=/trunk/; revision=21996
|
|
Fix some other comments.
Add a suggestion for why the realtick values might correlate with
packets having an FCS.
svn path=/trunk/; revision=21993
|
|
svn path=/trunk/; revision=21983
|
|
(Also: change variable name to correctly reflect usage).
svn path=/trunk/; revision=21982
|
|
svn path=/trunk/; revision=21598
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
svn path=/trunk/; revision=19663
|
|
svn path=/trunk/; revision=19622
|
|
I have taken a look at the trace myself and calculated the TpS to be
20000000.0 for this particular trace. If I also discard the start_timestamp
like it has been done for other versions of the netxray format, then I get
the proper results.
svn path=/trunk/; revision=17869
|
|
(Coverity finds just one at a time...)
svn path=/trunk/; revision=17580
|
|
when comparing index against array size.
svn path=/trunk/; revision=17521
|
|
Sniffer V2 format capture files with captyp=5, timeunit=0.
The ticks_per_sec for this case apparently is 1e6.
Bill Meier
svn path=/trunk/; revision=17019
|
|
define "timezone" as "gint16", as it can be positive (west of
UTC) or negative (east of UTC);
update comments to refer to the new names for structure members;
say the precision of the time stamps is 1 nanosecond only if the
ticks per second is > 10 million;
fix the handling of files truncated exactly on a frame boundary.
svn path=/trunk/; revision=15739
|
|
Set the time stamp resolution based on whether the number of ticks per
second is > 1 million or not.
svn path=/trunk/; revision=15606
|
|
1. Use the new (good work!) 'nanosec' precision only for gig pods;
2. Rework 'struct netxray_hdr' to make it (somewhat) easier
to maintain and revise:
a. Declare known hdr fields such as 'captype' instead
of using offsets in 'xxx placeholder' fields.
d. Define 'unknown' hdr fields using placeholder names
based upon hex-offset in the netxray header record.
(This isn't perfect, but I hope it will make things
more manageable).
3. Update hdr field info (based upon examination of various
capture files):
a. Define a hdr field which appears to be 'time-zone'
[offset in hours from UTC] for the machine doing
the capture.
(Maybe this field can eventually be used for Ethereal
to display the (local) time as it was at the time
of the capture).
b. Describe certain hdr fields as being "file offsets"
(altho the exact use is still unclear).
Update some comments.
svn path=/trunk/; revision=15603
|
|
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
correct.
svn path=/trunk/; revision=15404
|
|
Modified to match the current codebase.
svn path=/trunk/; revision=14832
|
|
traffic as well as Frame Relay traffic, and give some information about
the cruft found in the xxc field of the header for one CHDLC and one FR
capture.
svn path=/trunk/; revision=14659
|
|
svn path=/trunk/; revision=13194
|
|
FCS" bit for 802.11, just as it appears to be for Ethernet, and give
more details on the 4 bytes of junk at the end of the packet (i.e., that
we haven't yet seen an 802.11 capture where it's an FCS rather than just
junk).
svn path=/trunk/; revision=13028
|
|
svn path=/trunk/; revision=12939
|
|
issue.
svn path=/trunk/; revision=12938
|
|
specific to particular types of captures, and the same value might
correspond to more than one CAPTYPE_ definition.
Add an additional CAPTYPE_ for some non-gigabit Ethereal capture seen by
Bill Meier, and fix the range check the time stamp units value as per
his mail.
svn path=/trunk/; revision=12937
|
|
a number of Windows Sniffer captures - apparently the time stamp units
are in a field in the file header.
Add a capture type value seen in at least one ATM capture.
Update some comments, and add some comments.
Get rid of some redundant setting of "timeunit".
svn path=/trunk/; revision=12936
|
|
set to - that causes it to be set to zero.
svn path=/trunk/; revision=12328
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
