"gzgets()" is the one most recently added; it was added in 1.0.9.
Check for it, rather than for a list of functions, when checking for
"zlib" support - if you check for N functions, and they're all there,
you get N "-lz"s added to the list of libraries with which to link.
Indicate in the README that "zlib" versions prior to 1.0.9 definitely
won't work.
svn path=/trunk/; revision=1144
CMU SNMP library was linked in and, if one of them was, information
about the version of the library, if that information is available.
svn path=/trunk/; revision=1140
"capture.c", along with the other code that deals with the sync pipe.
Close the sync pipe, and get rid of the temporary capture file, on
errors.
Split "tail_cap_file()" into routines to set up to read from the capture
file, to read a specified number of packets from it when told to do so
by the child process, and to read the rest of the capture file and
finish up the capture, to provide the code in "capture.c" the hooks it
needs.
Have a common routine to set the status bar to report the file name and
number of dropped packets, to use both when reading in a capture file in
its entirety all at once and when done with a "read it while the capture
is writing to it" live capture.
svn path=/trunk/; revision=1137
"gzseek()" *and* "gztell()" *and* "gzgets()" *and* "zError()" are all in
Zlib - we use all of them, and it appears that some older versions of
Zlib that some users had on their systems don't have some of them.
svn path=/trunk/; revision=1136
regardless of whether we were displaying it in real time or not; if we
were displaying it in real time, activate "File/Save", rather than
"File/Save As", when it finishes.
svn path=/trunk/; revision=1135
"gzseek()" *and* "gztell()" *and* "gzgets()" *and* "zError()" are all in
Zlib - we use all of them, and it appears that some older versions of
Zlib that some users had on their systems don't have some of them.
svn path=/trunk/; revision=1134
both LAPB and PPP captures get written out with that network type.
Flag it as WTAP_ENCAP_UNKNOWN when the file is opened, and, when we see
the first packet, check whether the address field is 0xFF, in which case
we flag it as PPP, or anything else, in which case we flag it as LAPB.
svn path=/trunk/; revision=1129
put it into a subroutine in "packet-arp.c", and call it from
"packet-q2931.c".
Add a "packet-arp.h" header to hold declarations of routines exported by
"packet-atm.c" (other than the ATM dissector itself), moving them out of
"packet.h".
Use the aforementioned NSAP dissector to display ATM addresses in NSAP
format, and display E.164 addresses as ASCII text (under the assumption
that they're presented as a string of IA5, i.e. ASCII, characters, just
as they are in Q.931).
svn path=/trunk/; revision=1124
requests, as described in RFC 2225; they do *not* have the same format
as regular ARP requests, so dissect them differently.
Inverse ARP is also used on ATM, so add the Inverse ARP request and
reply message types. (It's also used with other protocols, e.g. Frame
Relay.)
Handle zero-length addresses (meaning the address is absent).
They can have up to 6 different address fields, so make "bytes_to_str()"
have six static buffers in which it can return strings.
svn path=/trunk/; revision=1123
dissector; I don't think it's guaranteed that even a Sniffer will tell
you that (there may be situations where it can't figure it out, and
where the user didn't tell it), we may need it for "atmsnoop" traffic
and other types of ATM traffic as well, we will probably want to add to
it the ability to let the user specify "virtual circuit X.Y is this kind
of traffic", and we may also have Ethereal try to intuit it based on
previous traffic in the capture (Q.2931 call setup, LANE traffic, etc.).
Don't show the cell count if it's zero - assume that means we don't know
how many cells made up the packet. Also don't show the AAL5 trailer if
the cell count is zero - the ATM Sniffer *might* sometimes supply a cell
count of 0 even if it has the AAL5 trailer, I guess, and we *might* see
some other capture file format that has the AAL5 trailer but no cell
count, but we'll cross that bridge when we come to it.
Add support for "atmsnoop" captures to the code to handle "snoop"
captures.
Use the field in "iptrace" headers that appears to be, in ATM captures,
a direction indicator - we may have the direction backwards, but, as an
STP packet was tagged as a DCE->DTE packet, and as the capturing
machine, which also was presumably the recipient of the packet, was an
AIX box, not a switch or bridge or some piece of networking equipment
such as that, it *probably* wasn't sending the STP packet, it was
probably receiving it.
svn path=/trunk/; revision=1120
necessarily start at an offset of 128 into the file; we have to read the
first entry in the frame table to find the offset in the file of the
first frame. (That also works on NetMon 1.0.)
Keep the header size around, though, as we'll need it if we add code to
*write* NetMon files.
svn path=/trunk/; revision=1119
<flo@rfc822.org> for the sample traces.
It turns out that the iptrace 2.0 header is simply an extension to
the iptrace 1.0 header. It also appears that iptrace 1.0 has only tv_sec, but
not tv_usec, which explains why the fields are separated in the iptrace 2.0
header, but doesn't explain why the iptrace 2.0 header has tv_sec copied
in two places.
I changed iptrace.c to detect FDDI captures via if_type, even though I
don't have a trace to substantiate this. If *should* work, given that
loopback, ethernet, token-ring, and X.25 work. If it doesn't work, someone
will let me know.
svn path=/trunk/; revision=1117
UNICODE strings in transact SMBs.
Added decode of NetShareEnum transact request. Will have to clean that all
up and use the decode engine when I get it done.
Still more fix ups to be done, but the book is calling, and I have to write
some stuff after an interview with LinuxCare.
svn path=/trunk/; revision=1113
the history of display filters. If it is deemed useful to put the filter in
the histor of filters also, then I can do that.
When Match Selected produces byte-range display filters (field[x:y] == x.y.z),
use notation without length, since the length is no longer needed.
(field[x] == x.y.z is produced)
When Match Selected prodcues a filter for FT_ETHER's, use ether_to_str()
instead of sprintf().
svn path=/trunk/; revision=1112
we put up a special error, just use "wtap_strerror()" to generate the
error message - it'll handle both "errno" errors and Wiretap-specific
errors.
svn path=/trunk/; revision=1108
