Age | Commit message (Collapse) | Author | Files | Lines |
|
This is POC we may want to have more efficient use of the frame data
structure etc. But this allows for work to be done on the GUI to actually add comments.
svn path=/trunk/; revision=40969
|
|
svn path=/trunk/; revision=40947
|
|
Add new linktype 243 for MPEG2-TS.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6796
svn path=/trunk/; revision=40884
|
|
Allow dissectors to indicate that an ATM AAL5 frame contains SSCOP.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6717
svn path=/trunk/; revision=40750
|
|
encapsulation value and returns a GArray containing all the file types
that could be used to save a file of that file type and that
encapsulation value (which could be WTAP_ENCAP_PER_PACKET), with the
input file type first if that can be used and pcap or pcap-ng first if
not and if one of them can be used, and with pcap and pcap-ng clustered
together if they're among the file types that can be used.
Use that routine for the GTK+ file save dialog.
svn path=/trunk/; revision=40685
|
|
a field that gives the default extension for the file type,
*without* a leading "." (i.e., just the extension, not the "."
that separates it from the rest of the file name), which is NULL
if there are no known extensions;
a field that gives a semicolon-separated list of *other*
extensions, without "*." or ".", which is NULL if there are no
known extensions or there are no known extensions other than the
default.
Rename wtap_file_extension_default_string() to
wtap_default_file_extension() (matches the name of the field).
svn path=/trunk/; revision=40678
|
|
GSList of extensions for a file type, including extensions for the
compressed versions of those file types that we can read.
svn path=/trunk/; revision=40623
|
|
svn path=/trunk/; revision=40622
|
|
Wireshark distribution, give us code to read it. If somebody wants it
in their private version of Wireshark, they can manage that themselves.
(We should support plugins for file types at some point; I think we
already have support for Lua file readers.)
svn path=/trunk/; revision=40620
|
|
Move pcap-NG right after standard pcap in the list of file types, so
that it shows up early in the list of output file types in the "Save
As..." dialog box (if, that is, it's supported; if not, neither is pcap,
as they use the same link-layer header type values).
svn path=/trunk/; revision=40493
|
|
collision-prone.
svn path=/trunk/; revision=40320
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
Solaris 11 snoop files with IP over Infiniband data are not recognized.
Attached patch allows to view such data.
svn path=/trunk/; revision=40072
|
|
Enhancement of Hilscher Analyzer Dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6082
svn path=/trunk/; revision=39804
|
|
software. More work is needed:
we don't know where the capture start time is yet;
we aren't handling the "stop capture" record;
we don't know where the ISDN channel is;
there might be non-ISDN file formats;
but this at least is easier than trying to text2pcap hex dumps from that
software into pcap files.
svn path=/trunk/; revision=39588
|
|
This patch extends the ATM parser so as to allow GPRS NS traffic encapsulated
in ATM AAL5.
Additionally, added support for this into the 'Meta' dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6447
svn path=/trunk/; revision=39394
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
Added support for saving ERF files.
From me:
Use crc routines from libwsutil.
svn path=/trunk/; revision=38826
|
|
- Add new dissector packet-mime-encap which understands mime_file fragmentation.
svn path=/trunk/; revision=37636
|
|
svn path=/trunk/; revision=37543
|
|
svn path=/trunk/; revision=37479
|
|
svn path=/trunk/; revision=37215
|
|
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
|
|
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
|
|
A variant of 3GPP TS 27.010 multiplexing protocol dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5829
svn path=/trunk/; revision=36927
|
|
don't have an "additional information" string.
Get rid of WTAP_ERR_ZLIB; just report an internal error with
WTAP_ERR_INTERNAL instead. (If they start happening, we can think about
supplying an "additional information" string for compression errors on
output.)
svn path=/trunk/; revision=36774
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
to check for it on close.
svn path=/trunk/; revision=36593
|
|
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
svn path=/trunk/; revision=36384
|
|
svn path=/trunk/; revision=36376
|
|
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
|
|
Add support for LAPD data link type.
svn path=/trunk/; revision=35771
|
|
svn path=/trunk/; revision=35223
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5242
svn path=/trunk/; revision=34576
|
|
include the FCS, and use it for the Daintree SNA file format. While
we're at it, explicitly check to make sure the purported packet length
gives it at least one byte of packet data, and fix some print formats to
use %u for unsigned values.
svn path=/trunk/; revision=33678
|
|
svn path=/trunk/; revision=33583
|
|
svn path=/trunk/; revision=33118
|
|
the payload. Should fix bug 4401.
svn path=/trunk/; revision=32828
|
|
a file. Use it.
svn path=/trunk/; revision=32716
|
|
svn path=/trunk/; revision=32537
|
|
svn path=/trunk/; revision=32536
|
|
later Linux kernels.
svn path=/trunk/; revision=32535
|
|
Support PPP-over-USB.
Don't remove the USB pseudo-header from the packet data for
Linux USB packets, just byte-swap it if necessary and have the
USB dissector fetch the pseudo-header from the raw packet data.
Update USB language ID values.
svn path=/trunk/; revision=32534
|
|
Endace ATM and AAL2 enhancements.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447
svn path=/trunk/; revision=31766
|
|
Replace ERF dissector with ATM dissector for protocols 'FP Hint' and 'META'
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4384
svn path=/trunk/; revision=31761
|
|
From me: Remove changes related to the ARP protocol because it doesn't
appear to be necessary for SocketCAN. Will add later if Felix says it is
needed.
svn path=/trunk/; revision=31196
|
|
WTAP_GCOM_TIE1 => WTAP_ENCAP_GCOM_TIE1
WTAP_GCOM_SERIAL => WTAP_ENCAP_GCOM_SERIAL
svn path=/trunk/; revision=31161
|