20 years agoFixes from Olivier Abad to the code to maintain "wth->data_offset".
guy [Mon, 30 Aug 1999 20:40:13 +0000 (20:40 +0000)]
Fixes from Olivier Abad to the code to maintain "wth->data_offset".

Use "pletohs()" and "pletohl()" to access 16-bit and 32-bit fields in
the file and packet headers, as those fields are little-endian.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@612 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNow that FT_BOOLEAN display filter fields are treated differently (only
gram [Mon, 30 Aug 1999 16:01:42 +0000 (16:01 +0000)]
Now that FT_BOOLEAN display filter fields are treated differently (only
their existence is checked), some FT_BOOLEAN-related functions in dfilter.c
are no longer called. So I removed them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@611 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFixed problem with not being able to filt on field values.
gram [Mon, 30 Aug 1999 15:51:44 +0000 (15:51 +0000)]
Fixed problem with not being able to filt on field values.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@610 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix some compilation warnings.
gram [Sun, 29 Aug 1999 04:15:31 +0000 (04:15 +0000)]
Fix some compilation warnings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@609 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemoved from the display filter/proto_tree code the assumption that
gram [Sun, 29 Aug 1999 04:06:43 +0000 (04:06 +0000)]
Removed from the display filter/proto_tree code the assumption that
a protocol occurs only once in a packet. Because of encapsulation (IP within
IP), a protocol can occur more than once. I don't have a packet trace
showing such a packet, but the code should handle it now. The one thing
that it cannot do, though, is differentiate the levels. It might be
nice to say:
ip{1}.src == && ipx{2}.dst ==

In the dfilter grammar I had left IPXNET variables out of the list
of variables that could be checked for existence. Now you can check
for the existence of ipx.srcnet and ipx.dstnet. Hurrah.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@608 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoStop processing of colorization display filters after first match.
gram [Sat, 28 Aug 1999 23:47:50 +0000 (23:47 +0000)]
Stop processing of colorization display filters after first match.
Remove debugging statements from colors.c.
Add blurb about Match Selected and Colorization to man page.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@607 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdated RSVP with Ashok's patch. Fixes code for 64-bit platforms.
gram [Sat, 28 Aug 1999 21:59:30 +0000 (21:59 +0000)]
Updated RSVP with Ashok's patch. Fixes code for 64-bit platforms.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@606 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFor unknown options without "syntax" errors, show the length in bytes.
guy [Sat, 28 Aug 1999 19:38:37 +0000 (19:38 +0000)]
For unknown options without "syntax" errors, show the length in bytes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@605 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHandle unknown options in "dissect_ip_tcp_options()" better; we assume
guy [Sat, 28 Aug 1999 19:17:17 +0000 (19:17 +0000)]
Handle unknown options in "dissect_ip_tcp_options()" better; we assume
that the only options that contain *no* length byte are the IP and TCP
EOL and NOP options so that we can treat unknown options as
VARIABLE_LENGTH with a minimum of 2, and at least be able to move on to
the next option by using the length in the option, rather than just
reporting the unknown option and processing no options after it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@604 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoA slightly cleaner version - hide the "if it's the last row, the element
guy [Sat, 28 Aug 1999 18:48:55 +0000 (18:48 +0000)]
A slightly cleaner version - hide the "if it's the last row, the element
is pointed to by 'row_list_end', otherwise use 'g_list_nth()'" stuff
inside a macro.

Use that macro in place of an additional "g_list_nth()" call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@603 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"CFILTERS_CONTAINS_FILTER()" should check for the presence of color
guy [Sat, 28 Aug 1999 18:42:28 +0000 (18:42 +0000)]
"CFILTERS_CONTAINS_FILTER()" should check for the presence of color
filters by checking whether the structure pointed to by "cf->colors" has
a non-zero "num_of_filters", not a non-null "color_filters" (the latter
points to the CList widget holding the list of filters, and may be
non-null even if there currently aren't any filters).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@602 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPPP options in LCP, IPCP, etc. are like IP and TCP options - one octet
guy [Sat, 28 Aug 1999 08:31:28 +0000 (08:31 +0000)]
PPP options in LCP, IPCP, etc. are like IP and TCP options - one octet
of option code, one octet of length (which includes the two option code
and length bytes), followed by 0 or more octets of option data, with
some options being fixed-length and some being variable-length.  Put
some stuff from the PPP control protocol option parsing code into the
IP-and-TCP option parsing code, and use the latter instead of the

(That code might also be usable for CDP as well, with some stuff added
to it.)

Shuffle the arguments to "dissect_ip_tcp_options()" to resemble those of
various other dissectors (i.e., with the "proto_tree *" at the end).

Add in code to dissect a pile of PPP options documented in various RFCs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@601 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanged ip.flags from FT_UINT16 to FT_UINT8, and made it highlight only
gram [Sat, 28 Aug 1999 03:56:03 +0000 (03:56 +0000)]
Changed ip.flags from FT_UINT16 to FT_UINT8, and made it highlight only
one byte in the hexdump.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@600 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoSet protocol column to "IP" for fragmented IP packets. It was not being set at
gram [Sat, 28 Aug 1999 02:33:47 +0000 (02:33 +0000)]
Set protocol column to "IP" for fragmented IP packets. It was not being set at
the IP layer, leaving the lower layer's abbreviation in the protocol column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@599 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemoved debug printf's.
gram [Sat, 28 Aug 1999 02:18:15 +0000 (02:18 +0000)]
Removed debug printf's.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@598 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't do file-read progress bar updates with a timeout; instead, update
guy [Sat, 28 Aug 1999 01:51:58 +0000 (01:51 +0000)]
Don't do file-read progress bar updates with a timeout; instead, update
the progress bar up to 100 times, as we get another percent closer to
completion.  That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.

The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@597 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoKeep in the "wtap" structure the current offset into the file being
guy [Sat, 28 Aug 1999 01:19:45 +0000 (01:19 +0000)]
Keep in the "wtap" structure the current offset into the file being
read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@596 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoTouched these files to make 'make dist' happy.
gram [Fri, 27 Aug 1999 23:39:32 +0000 (23:39 +0000)]
Touched these files to make 'make dist' happy.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@595 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdated docs.
gram [Fri, 27 Aug 1999 22:57:56 +0000 (22:57 +0000)]
Updated docs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@594 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdded gtk subdirectory, with patched gtkclist.c in it. We can use this
gram [Fri, 27 Aug 1999 22:27:18 +0000 (22:27 +0000)]
Added gtk subdirectory, with patched gtkclist.c in it. We can use this
optimized gtkclist until Guy's changes appear in the offical GTK+.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@593 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"long" -> "gint32" ("gint32" is 32 bits, "long" isn't necessarily 32
guy [Fri, 27 Aug 1999 20:10:14 +0000 (20:10 +0000)]
"long" -> "gint32" ("gint32" is 32 bits, "long" isn't necessarily 32
bits and is definitely not 32 bits on some platforms).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@592 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanged packet-tr.c to insert tr.sr, a FT_BOOLEAN field, only if tr.sr
gram [Fri, 27 Aug 1999 19:27:22 +0000 (19:27 +0000)]
Changed packet-tr.c to insert tr.sr, a FT_BOOLEAN field, only if tr.sr
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:


or by its negation:


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@591 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdated RSVP decoder with Ashok's newest code.
gram [Fri, 27 Aug 1999 19:21:36 +0000 (19:21 +0000)]
Updated RSVP decoder with Ashok's newest code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@590 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe token-ring decoder now takes into account some really garbled
gram [Fri, 27 Aug 1999 19:15:38 +0000 (19:15 +0000)]
The token-ring decoder now takes into account some really garbled
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@589 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNo, 0xCC is SNRME. (I *told* you I hated reversing bit strings....)
guy [Fri, 27 Aug 1999 18:02:41 +0000 (18:02 +0000)]
No, 0xCC is SNRME.  (I *told* you I hated reversing bit strings....)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@588 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoTEST is 0xE0, not 0xC0; 0xC0 is SNRME. (I hate having to reverse bit
guy [Fri, 27 Aug 1999 18:01:02 +0000 (18:01 +0000)]
TEST is 0xE0, not 0xC0; 0xC0 is SNRME.  (I hate having to reverse bit
strings....)  Thanks to Tom Gallagher at Madge for pointing this out.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@587 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoProperly pluralize "bytes" in the detail line for "dissect_data()".
guy [Thu, 26 Aug 1999 17:51:44 +0000 (17:51 +0000)]
Properly pluralize "bytes" in the detail line for "dissect_data()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@586 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDissect unknown IP protocols with dissect_data().
gram [Thu, 26 Aug 1999 17:31:37 +0000 (17:31 +0000)]
Dissect unknown IP protocols with dissect_data().

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@585 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoConvert a bunch of uses of "fd->cap_len" to use "pi.captured_len" (or to
guy [Thu, 26 Aug 1999 07:34:43 +0000 (07:34 +0000)]
Convert a bunch of uses of "fd->cap_len" to use "pi.captured_len" (or to
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@584 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIntroduces a new global gboolean variable: proto_tree_is_visible.
gram [Thu, 26 Aug 1999 07:01:44 +0000 (07:01 +0000)]
Introduces a new global gboolean variable: proto_tree_is_visible.
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@583 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe dfilter yacc grammar now keeps track of every GNode that it allocates.
gram [Thu, 26 Aug 1999 06:20:50 +0000 (06:20 +0000)]
The dfilter yacc grammar now keeps track of every GNode that it allocates.
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.

Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@582 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCorrectly set global_df->dftree to NULL after a bad parse.
gram [Wed, 25 Aug 1999 22:54:17 +0000 (22:54 +0000)]
Correctly set global_df->dftree to NULL after a bad parse.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@581 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoReverted TCP follow back to old behavior of leaving list of packets in
gram [Wed, 25 Aug 1999 22:20:03 +0000 (22:20 +0000)]
Reverted TCP follow back to old behavior of leaving list of packets in
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@580 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse END_OF_FRAME rather than "fd->cap_len - offset" - END_OF_FRAME used
guy [Wed, 25 Aug 1999 17:38:36 +0000 (17:38 +0000)]
Use END_OF_FRAME rather than "fd->cap_len - offset" - END_OF_FRAME used
to be just "fd->cap_len - offset", but it's now "pi.captured_len - offset",
which means that, for a protocol built atop TCP, like LPD, it'll take
into account the fact that the IP (and thus TCP) data in the packet may
end before the end of the frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@579 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd in the Async Map option.
guy [Wed, 25 Aug 1999 07:32:46 +0000 (07:32 +0000)]
Add in the Async Map option.

Add in the Identification and Time Remaining codes for LCP.

Add in a pile of other LCP options, albeit without anything more than
names for now.

Don't say "1 bytes", say "1 byte".

Don't use "dissect_data()" to dissect part of a *CP packet, and don't
dissect opaque data if there're zero bytes of it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@578 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut in support for dissecting LCP and IPCP options.
guy [Wed, 25 Aug 1999 06:52:04 +0000 (06:52 +0000)]
Put in support for dissecting LCP and IPCP options.

Have a common routine to parse both LCP and IPCP, as IPCP is based on

Have only one "value_string" array of PPP protocol types, with all the
types we know about.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@577 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe bulk of the PPP dissection is common between "dissect_ppp()" and
guy [Wed, 25 Aug 1999 03:56:07 +0000 (03:56 +0000)]
The bulk of the PPP dissection is common between "dissect_ppp()" and
"dissect_payload_ppp()"; put it into a common routine, called by both
(which means we now dissect LCP and IPCP in PPP requests even if they
aren't inside PPPOE or GRE packets).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@576 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"read_filters()" is actually called late enough in the startup process
guy [Wed, 25 Aug 1999 03:22:46 +0000 (03:22 +0000)]
"read_filters()" is actually called late enough in the startup process
that it can pop up a message box; have it do so.

Make the "Can't open file" message boxes in "colors.c" include the
"errno" error message in the message they put up.

Don't complain about being unable to open the color filter file if it
doesn't exist (perhaps the user just never made one).

Make the message for a failure to open the preferences file resemble
that for a failure to open a color filter file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@575 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNBIPX packet type 3 appears to be the equivalent, in NBIPXland, of the
guy [Wed, 25 Aug 1999 01:36:21 +0000 (01:36 +0000)]
NBIPX packet type 3 appears to be the equivalent, in NBIPXland, of the
NetBIOS Datagram Service in NBTland; a capture Gilbert sent had a pile
of those packets containing what looked like SMB browser announcements,
which are sent out as broadcast datagrams.  Label them as such, and
treat them as such.

Might packet type 2 be the equivalent of the NetBIOS Session Service -
both of them contain SMBs, but the former is a connection-oriented
service (LLC I frames, presumably, in NBF, and TCP in NBT), and the
latter is a datagram-oriented service (LLC UI frames, presumably, in
NBF, and UDP in NBT)?  For now, we leave type 2 as "SMB (over NBIPX)",
but we might want to label it as "NetBIOS session" or whatever the
appropriate term is.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@574 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDump the values of the "flags" and "ttl" fields of the CDP header.
guy [Wed, 25 Aug 1999 00:55:45 +0000 (00:55 +0000)]
Dump the values of the "flags" and "ttl" fields of the CDP header.

Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.

Make the type and length fields of a TLV unsigned.

Correctly check for the end of the (captured part of the) frame.

Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.

Dissect "unknown" TLVs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@573 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInstead of adding the TLV type and length values as hidden values, enter
guy [Wed, 25 Aug 1999 00:42:49 +0000 (00:42 +0000)]
Instead of adding the TLV type and length values as hidden values, enter
them with "proto_tree_add_item()" rather than "proto_tree_add_text()"
when adding them to the subtree for a TLV item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@572 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDump the values of the "flags" and "ttl" fields of the CDP header.
guy [Wed, 25 Aug 1999 00:24:32 +0000 (00:24 +0000)]
Dump the values of the "flags" and "ttl" fields of the CDP header.

Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.

Make the type and length fields of a TLV unsigned.

Correctly check for the end of the (captured part of the) frame.

Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.

Dissect "unknown" TLVs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@571 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFixed CPP #ifdef and comment.
gram [Wed, 25 Aug 1999 00:03:59 +0000 (00:03 +0000)]
Fixed CPP #ifdef and comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@570 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemoved unnecessary #include lines.
gram [Tue, 24 Aug 1999 23:00:56 +0000 (23:00 +0000)]
Removed unnecessary #include lines.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@569 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFixed the array problem in packet-netbios.
gram [Tue, 24 Aug 1999 22:36:34 +0000 (22:36 +0000)]
Fixed the array problem in packet-netbios.
Fixed the default case in the packet-cdp while() statement to look for
non-zero offsets. I should fix the other cases where offset += length.
Meanwhile, however, I added cdp.tlv.type and cdp.tlv.len as two filterable
fields so that one can use "cdp.tlv.len == 0" as a display filter to
find the packet that was causing problems.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@568 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "strchr()" rather than "index()" - "strchr()" is the ANSI standard
guy [Tue, 24 Aug 1999 18:53:08 +0000 (18:53 +0000)]
Use "strchr()" rather than "index()" - "strchr()" is the ANSI standard
routine, it's what we use elsewhere in Ethereal, all modern UNIXes have
it, and it's declared in <string.h>, unlike "index()" which isn't
necessarily declared there (and thus we get GCC warnings about "index()"
being undeclared).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@567 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanged #include "glib.h" to #include <glib.h>, for stylistic reasons.
gram [Tue, 24 Aug 1999 17:36:24 +0000 (17:36 +0000)]
Changed #include "glib.h" to #include <glib.h>, for stylistic reasons.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@566 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemoved unnecessary #include "etypes.h" lines.
gram [Tue, 24 Aug 1999 17:26:16 +0000 (17:26 +0000)]
Removed unnecessary #include "etypes.h" lines.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@565 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUpdated the deliverables because of the spec-file change.
gram [Tue, 24 Aug 1999 17:19:45 +0000 (17:19 +0000)]
Updated the deliverables because of the spec-file change.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@564 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanged spec file for producing RPMs to ethereal.spec.in so that
gram [Tue, 24 Aug 1999 17:18:35 +0000 (17:18 +0000)]
Changed spec file for producing RPMs to ethereal.spec.in so that
'configure' can update the version automatically. That way we don't
have to update the spec file every time the version of ethereal changes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@563 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdded John McDermott's colorization routines. There's still some
gram [Tue, 24 Aug 1999 16:27:23 +0000 (16:27 +0000)]
Added John McDermott's colorization routines. There's still some
debug printf's in there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@562 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIn the summary display for CLIP frames, make the protocol CLIP (which
guy [Tue, 24 Aug 1999 06:16:27 +0000 (06:16 +0000)]
In the summary display for CLIP frames, make the protocol CLIP (which
will get overridden in any case).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@561 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIn the summary display for PPP frames, make the protocol PPP (which will
guy [Tue, 24 Aug 1999 06:14:16 +0000 (06:14 +0000)]
In the summary display for PPP frames, make the protocol PPP (which will
get overridden in any case).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@560 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIn the summary display for Ethernet frames, make the protocol Ethernet
guy [Tue, 24 Aug 1999 06:10:05 +0000 (06:10 +0000)]
In the summary display for Ethernet frames, make the protocol Ethernet
and the info field an indication of whether it's Ethernet II, raw 802.3,
or (LLC-atop) 802.3 (which will be overridden by other protocols, if we
know the protocol inside the frame).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@559 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMore completely decode the frame control field of an FDDI frame.
guy [Tue, 24 Aug 1999 06:01:45 +0000 (06:01 +0000)]
More completely decode the frame control field of an FDDI frame.

In the summary display for FDDI frames, make the protocol FDDI and the
info field the description of the frame control field (which will be
overridden by other protocols, if the frame is an async LLC frame).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@558 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
guy [Tue, 24 Aug 1999 03:19:34 +0000 (03:19 +0000)]
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).

(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)

Use the encapsulation type to decide whether to bit-swap addresses in

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@557 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHave "get_xdlc_control()" and "dissect_xdlc_control()" just return a
guy [Mon, 23 Aug 1999 23:24:36 +0000 (23:24 +0000)]
Have "get_xdlc_control()" and "dissect_xdlc_control()" just return a
Boolean indicating whether the frame has any payload to dissect or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@556 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe only LLC frame types that should be dissected based on their SAP or,
guy [Mon, 23 Aug 1999 22:47:13 +0000 (22:47 +0000)]
The only LLC frame types that should be dissected based on their SAP or,
if the SAPs are SNAP, based on their ethertype are I frames and UI
frames; others don't have payload to be dissected as belonging to other

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@555 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAlwasy compile in swaptab[] so that we can swap addresses, even if we
gram [Mon, 23 Aug 1999 22:13:35 +0000 (22:13 +0000)]
Alwasy compile in swaptab[] so that we can swap addresses, even if we
don't need to.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@554 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe Single UNIX Specification doesn't say that "mkstemp()" creates the
guy [Mon, 23 Aug 1999 05:02:50 +0000 (05:02 +0000)]
The Single UNIX Specification doesn't say that "mkstemp()" creates the
temporary file with mode rw-------, so we won't assume that all UNIXes
will do so; instead, we set the umask to 0077 to take away all group and
other permissions, attempt to create the file, and then put the umask
back (puts into "try_tempfile()", called by "create_tempfile()" to
create temporary files, the "umask()" calls that Gilbert put into
"capture.c" to deal with the same problem).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@553 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoModify the comments to show how much of a mess the different DLT_ values
guy [Sun, 22 Aug 1999 19:08:40 +0000 (19:08 +0000)]
Modify the comments to show how much of a mess the different DLT_ values
on different flavors of BSD are - even worse than I thought, now that
I've seen the BSD/OS <net/bpf.h>.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@552 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRename BSD_AF_INET6_OPENBSD to BSD_AF_INET6_BSD, as
guy [Sun, 22 Aug 1999 19:05:44 +0000 (19:05 +0000)]

1) OpenBSD and NetBSD might use the same value;

2) BSD/OS uses the same value;

so maybe FreeBSD is the only outlier.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@551 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't use zero-length arrays - not all compilers support them, and we're
guy [Sun, 22 Aug 1999 07:27:06 +0000 (07:27 +0000)]
Don't use zero-length arrays - not all compilers support them, and we're
not using the structure members so declared, anyway; instead, put in a
comment to note that the data follows, in a certain format.

Use "guint8", "guint16", and "guint32" instead of "unsigned char",
"unsigned short", and "unsigned long", as per the rest of Ethereal; the
first two pairs are equivalent, but "unsigned long" is *not* necessarily
a 32-bit data type (it's not a 32-bit data type on most 64-bit
platforms, for example).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@550 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemove the include of <sys/time.h> from "file.h" - it's neither
guy [Sun, 22 Aug 1999 07:19:28 +0000 (07:19 +0000)]
Remove the include of <sys/time.h> from "file.h" - it's neither
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).

Include <time.h> in "file.c", to declare "struct tm".

Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@549 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDon't check to make sure "-k" was specified with "-S" or "-F" but not
guy [Sun, 22 Aug 1999 07:12:32 +0000 (07:12 +0000)]
Don't check to make sure "-k" was specified with "-S" or "-F" but not
with "-W" unless we actually support "libpcap", as "fork_mode" isn't
defined unless HAVE_LIBPCAP is defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@548 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoPut "packet-atm.c" in.
guy [Sun, 22 Aug 1999 07:10:08 +0000 (07:10 +0000)]
Put "packet-atm.c" in.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@547 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix the pcap-encapsulation-to-wiretap-encapsulation mapping table.
guy [Sun, 22 Aug 1999 03:50:31 +0000 (03:50 +0000)]
Fix the pcap-encapsulation-to-wiretap-encapsulation mapping table.

Have the code that opens "libpcap" files for writing check to make sure
that the Wiretap encapsulation can be written to a "libpcap" file, and
return -1 and supply a new WTAP_ERR_UNSUPPORTED_ENCAP error code if it

Handle that new error code in "wtap_strerror()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@546 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a "wtap_strerror()" routine, which takes as an argument an error
guy [Sun, 22 Aug 1999 02:52:48 +0000 (02:52 +0000)]
Add a "wtap_strerror()" routine, which takes as an argument an error
code supplied by a Wiretap routine (whether a positive UNIX "errno" code
or a negative Wiretap error code), and returns an error message
corresponding to it.

Use that to construct the message Ethereal put up in a message box for
those errors for which we don't have Ethereal put up a message of its

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@545 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet rid of some cruft left in by previous checkins as placeholders.
guy [Sun, 22 Aug 1999 02:29:40 +0000 (02:29 +0000)]
Get rid of some cruft left in by previous checkins as placeholders.

Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't

Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").

Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").

Print unsigned quantities in Wiretap messages with "%u", not "%d".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@544 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFreeBSD and OpenBSD both use 23 for AF_IPX (that may have been in
guy [Sun, 22 Aug 1999 01:48:24 +0000 (01:48 +0000)]
FreeBSD and OpenBSD both use 23 for AF_IPX (that may have been in
4.4-Lite), but they use different values for AF_INET6; define and handle
both of them.

Add AF_ISO as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@543 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd a comment.
guy [Sun, 22 Aug 1999 01:35:34 +0000 (01:35 +0000)]
Add a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@542 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHave the message boxes put up for "libpcap" errors include the error
guy [Sun, 22 Aug 1999 01:02:42 +0000 (01:02 +0000)]
Have the message boxes put up for "libpcap" errors include the error
message from "libpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@541 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoDLT_NULL, from "libpcap", means different things on different platforms
guy [Sun, 22 Aug 1999 00:47:56 +0000 (00:47 +0000)]
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:

1) PPP-over-HDLC (some version of ISDN4BSD?);

2) big-endian AF_ value (BSD on big-endian platforms);

3) little-endian AF_ value (BSD on little-endian platforms);

4) two octets of 0 followed by an Ethernet type (Linux, at least
   on little-endian platforms, as mutated by "libpcap").

Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.

Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_

Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet

Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.

Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces.  Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).

Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@540 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRichard J�rgensen <ric@tbit.dk> pointed out that ICMP and IGMP checksums
gerald [Sat, 21 Aug 1999 21:06:11 +0000 (21:06 +0000)]
Richard J�rgensen <ric@tbit.dk> pointed out that ICMP and IGMP checksums
were printed in the wrong byteorder.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@539 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMove the code to set "max_data" in "dissect_nbss()" earlier, so that
guy [Sat, 21 Aug 1999 17:59:36 +0000 (17:59 +0000)]
Move the code to set "max_data" in "dissect_nbss()" earlier, so that
it's set before we dissect continuations.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@538 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoJochen Friedrich's patch to add IPv6 support for DLT_NULL.
guy [Sat, 21 Aug 1999 17:56:06 +0000 (17:56 +0000)]
Jochen Friedrich's patch to add IPv6 support for DLT_NULL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@537 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThis is the code in packet-nbns that handles continuation messages.
sharpe [Sat, 21 Aug 1999 08:45:09 +0000 (08:45 +0000)]
This is the code in packet-nbns that handles continuation messages.

It checks to see if the packet we have in front of us does not start with
one of the four NetBIOS over TCP/IP message types, or if it is a data
message, then looks for \0377SMB in the first four bytes ...

It seems to work well on one large trace of Samba activity that I have.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@536 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoThe 16-bit and 32-bit fields in the "frame4" record header in ATM
guy [Fri, 20 Aug 1999 23:11:05 +0000 (23:11 +0000)]
The 16-bit and 32-bit fields in the "frame4" record header in ATM
Sniffer captures are little-endian; convert them as necessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@535 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix the e-mail address for Jeff Foster.
guy [Fri, 20 Aug 1999 21:57:29 +0000 (21:57 +0000)]
Fix the e-mail address for Jeff Foster.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@534 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCall "init_mib()" in "proto_register_snmp()"; not doing so causes core
guy [Fri, 20 Aug 1999 21:26:37 +0000 (21:26 +0000)]
Call "init_mib()" in "proto_register_snmp()"; not doing so causes core
dumps (probably because the SNMP libraries expect it to have been

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@533 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanged some symbols inside parser, fixed default error message in
gram [Fri, 20 Aug 1999 21:19:28 +0000 (21:19 +0000)]
Changed some symbols inside parser, fixed default error message in
dfilter_compile, and removed debug printf that I left in match_selected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@532 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoInclude "snprintf.h" if necessary, to squelch some "gcc -Wall"
guy [Fri, 20 Aug 1999 20:45:14 +0000 (20:45 +0000)]
Include "snprintf.h" if necessary, to squelch some "gcc -Wall"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@531 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoEnabled error reporting for bad ETHER values in display filters. A new
gram [Fri, 20 Aug 1999 20:37:47 +0000 (20:37 +0000)]
Enabled error reporting for bad ETHER values in display filters. A new
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@530 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoCleaned up the two routines besides the main display filter mechanism
gram [Fri, 20 Aug 1999 19:43:10 +0000 (19:43 +0000)]
Cleaned up the two routines besides the main display filter mechanism
that use display filters, TCP follow and Match Selected.

In Match Selected, I made it put the display filter that it creates
in the text entry widget. The code was already there, but it didn't work
because code was missing in the GUI initialization routine that runs
when Ethereal starts. The text entry widget pointer was not being passed
to the Match Selected menu item.

In TCP follow, I made it _not_ put the display filter that it creates
in the text entry widget. I find it annoying that a really long
display filter is left in the widget, and others have voiced their
opinion on this too. In addition, after applying the display filter
and retreiving the TCP data, the display filter (if any) that the user
had in place _before_ running TCP follow is put back and the packet
list is set back to the way it was before TCP follow is run. I think this
is more expected. The drawback is that display filtering is run twice,
once to retreive the TCP data and once to reset the display.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@529 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoFix a comment.
guy [Fri, 20 Aug 1999 08:00:24 +0000 (08:00 +0000)]
Fix a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@528 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd Olivier Abad to the list of Wiretap authors, as the code to read
guy [Fri, 20 Aug 1999 07:58:50 +0000 (07:58 +0000)]
Add Olivier Abad to the list of Wiretap authors, as the code to read
RADCOM WAN/LAN Analyzer capture files is his.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@527 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoNote that we now have the ability to read Ethernet and X.25 captures
guy [Fri, 20 Aug 1999 07:55:49 +0000 (07:55 +0000)]
Note that we now have the ability to read Ethernet and X.25 captures
from RADCOM WAN/LAN Analyzers.

(BTW, the previous checkin also removed the comments about the hack
wherein we pretended that ATM Sniffer captures were really Ethernet,
Token-Ring, or RFC 1483 captures, given that said hack was itself

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@526 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoRemove the stuff about filters in Wiretap, as that capability was
guy [Fri, 20 Aug 1999 07:51:22 +0000 (07:51 +0000)]
Remove the stuff about filters in Wiretap, as that capability was
removed when a more powerful display filtering mechanism was added to

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@525 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoGet rid of an unused variable left stranded on the beach when a wave
guy [Fri, 20 Aug 1999 07:38:30 +0000 (07:38 +0000)]
Get rid of an unused variable left stranded on the beach when a wave
washed out to sea the code that used to pretend that an ATM Sniffer
capture was an Ethernet or Token-Ring Sniffer capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@524 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoAdd support for reading Full Frontal ATM from an ATM Sniffer capture
guy [Fri, 20 Aug 1999 06:55:20 +0000 (06:55 +0000)]
Add support for reading Full Frontal ATM from an ATM Sniffer capture
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.

Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@523 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMade handling of byte strings in scanner and parser much simpler,
gram [Fri, 20 Aug 1999 06:01:07 +0000 (06:01 +0000)]
Made handling of byte strings in scanner and parser much simpler,
improving size of grammar and creating the possibility of dfilter_compile
reporting errors back to user. In this case, if an ETHER variable is
compared against a byte string that is not 6 bytes, an error condition is
flagged appropriately. I have not put in the code to conver that error flag
to a message to the user, but that's what I'm working on next.

Also, fixed sample debug session in README to show correct gdb prompt.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@522 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMade LanAlyzer smarter about reading trace files, thereby removing a
gram [Fri, 20 Aug 1999 04:49:18 +0000 (04:49 +0000)]
Made LanAlyzer smarter about reading trace files, thereby removing a
variable from lanalyzer_t (plus an additional variable which wasn't being
used). While I was in there I cleaned up some comments and renamed a couple
variables to make more sense.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@521 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"open_cap_file()" calls "close_cap_file()" if its attempt to open the
guy [Fri, 20 Aug 1999 04:41:31 +0000 (04:41 +0000)]
"open_cap_file()" calls "close_cap_file()" if its attempt to open the
capture file succeeds, so that it cleans out any state in the
"capture_file" structure it was handed before filling it in with new
state for the new capture file.

This means it destroys any read filter associated with the
"capture_file" structure it was handed, so the "rfcode" field must be
set *after* calling "open_cap_file()" but *before* calling
"read_cap_file()".  Do so for the "capture file (and possibly read
filter) supplied on the command line" case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@520 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoMade iptrace wiretap module return error on partial packets, instead of
gram [Fri, 20 Aug 1999 04:07:09 +0000 (04:07 +0000)]
Made iptrace wiretap module return error on partial packets, instead of
expecting it as normal. Added paragraph about iptrace oddities to README.
I also added a section to the README about how to report bugs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@519 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHave the per-capture-file-type open routines "wtap_open_offline()" calls
guy [Thu, 19 Aug 1999 05:52:55 +0000 (05:52 +0000)]
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code.  Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.

Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on

Add some new error codes for them to return.

Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.

Handle the additional errors we can get when opening a capture file.

If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@518 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoUse "g_strdup()" rather than "strdup()".
guy [Thu, 19 Aug 1999 05:42:22 +0000 (05:42 +0000)]
Use "g_strdup()" rather than "strdup()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@517 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoHave the per-capture-file-type open routines "wtap_open_offline()" calls
guy [Thu, 19 Aug 1999 05:31:38 +0000 (05:31 +0000)]
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code.  Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.

Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on

Add some new error codes for them to return.

Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.

Handle the additional errors we can get when opening a capture file.

If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@516 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoChanges to compile in win32.
gram [Wed, 18 Aug 1999 22:49:48 +0000 (22:49 +0000)]
Changes to compile in win32.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@515 f5534014-38df-0310-8fa8-9805f1628bb7

20 years agoIn "wtap_dump_close()", don't shove the return value of "fclose()" into
guy [Wed, 18 Aug 1999 17:49:34 +0000 (17:49 +0000)]
In "wtap_dump_close()", don't shove the return value of "fclose()" into
the variable for the return value of "wtap_dump_close()", just check it
against EOF; shoving it into "ret" means it gets set to 0 on a
successful close, but a return value of 0 means "wtap_dump_close()"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@514 f5534014-38df-0310-8fa8-9805f1628bb7

20 years ago"wtap_pcap_encap_to_wtap_encap()" shouldn't return a file type if it
guy [Wed, 18 Aug 1999 17:08:47 +0000 (17:08 +0000)]
"wtap_pcap_encap_to_wtap_encap()" shouldn't return a file type if it
can't translate the encapsulation type, it should return an
encapsulation type; we add a new one, WTAP_ENCAP_UNKNOWN. and have it
return that.

Have "capture()" handle "wtap_pcap_encap_to_wtap_encap()" returning that
encapsulation type (if it happens, we need to add a new Wiretap
encapsulation type to handle the new "libpcap" encapsulation type).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@513 f5534014-38df-0310-8fa8-9805f1628bb7