| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do it with a bunch of ifs rather than with a translation table; that
lets the logic work differently for DLT_ -> LINKTYPE_ mapping and
LINKTYPE_ -> DLT_ mapping.
Have two "matching" ranges, so that the linktypes that preceded the BSDs
all going off in their own directions can be handled as a matching
range.
Avoid doing mapping if the corresponding LINKTYPE_ and DLT_ codes have
the same numerical value.
For LINKTYPE_ -> DLT_ mapping, don't map link-layer type values outside
either of the matching ranges if we don't have a specific mapping set up
for them, just treat the LINKTYPE_ value as if it's a DLT_ value. That
makes us handle some DLT_ codes outside the high mapping range to which
we assigned matching LINKTYPE_ codes, as well as attempting, as best we
can, files written with platform-dependent DLT_ codes (such as DLT_RAW)
as link-layer type codes (programs *on that platform* will handle them
correctly; programs will not do so on other platforms, but that's better
than not handling them correctly anywhere).
Update various comments.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apple appears to have tweaked their pcap/funcattrs.h to do the right
thing at some point, so 1) there's no need to urge them to do so any
more and 2) they only seem to export libpcap APIs in macOS, so redo the
PCAP_AVAILABLE() stuff to be more like what they've done.
We remove the include of <Availability.h>, as we don't need it ourselves
(we don't do the availability stuff in our releases, for reasons given
in the comment before the availability stuff), and Apple uses
<os/availability.h> - we leave it up to them to modify the header, just
as they do with, for example, ZLib's zlib.h.
(Many thanks to the Apple people who picked this up!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* amount
* anymore
* authentication
* availability
* bracket
* captured
* casted
* communications
* compliant
* configurable
* cumulate
* deinitialize
* descriptors
* didn't
* disassembler
* disassociate
* distributions
* divvy
* doing
* entries
* everything
* explicitly
* explosion
* expression
* extracting
* failed
* family
* find
* github
* global
* implementations
* incorrectly
* intel
* interlocked
* justifying
* know
* launched
* libraries
* malloced
* mask
* maximum
* network
* nonexistent
* number
* occurred
* optimizer
* overflow
* overwrite lower
* packet
* packetfilter
* packets
* parse hosts
* payload
* phase
* programmers
* promiscuous
* protocol
* receiving
* redefinition
* sampling
* savefile
* schwartz
* should
* snapshot
* something
* specifies
* straightforward
* stream
* subdir
* support
* surrogate
* suse
* system is
* test with
* than
* those
* unmaintained
* valid
* way
* western
* wireshark
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
This part is in line with the draft-ietf-opsawg-pcap.
Moreover:
Update some comments.
Update pcap-sita.html.
|
| |
|
|
|
|
|
|
| |
This reverts commit c2dfd817646d071bf62a3968a0454301e5395d18.
From a Denis remark: struct pcap_file_header is in a public header.
pcap-savefile.manfile.in will be updated separately.
|
| |
|
|
|
|
| |
Update pcap-savefile.manfile.in accordingly.
This is in line with the draft-ietf-opsawg-pcap.
|
| | |
|
| | |
|
| |
|
|
| |
See tcpdump-htdocs pull request 27.
|
| |
|
|
| |
As discussed on tcpdump-workers@.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
32-bit code.
|
| |
|
|
|
|
|
|
|
|
| |
1) EXP_PDU_TAG_LINKTYPE isn't used any more.
2) EXP_PDU_TAG_HEUR_DISSECTOR_NAME is used.
3) EXP_PDU_TAG_PROTO_NAME was renamed to EXP_PDU_TAG_DISSECTOR_NAME to
reflect that it is (and always has been) a Wireshark internal dissector
name, not the name of a protocol.
|
| |
|
|
| |
Signed-off-by: gorgas-waller <frank.gorgas-waller@auerswald.de>
|
| | |
|
| |
|
|
|
|
| |
_declspec(deprecated(msg)) doesn't require the function name, and takes
a message as an argument and causes it to be used as the warning/error
message for use of an undeclared function.
|
| |
|
|
| |
[skip ci]
|
| | |
|
| |\
| |
| | |
Add speed specific USB 2.0/1.1/1.0 linktypes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
USB 2.0/1.1/1.0 devices (or 3.x and newer when connected to hosts that
are not Super-Speed capable) operate at one of three speeds:
* Low-Speed (1.5 Mbps)
* Full-Speed (12 Mbps)
* High-Speed (480 Mbps)
While the packets are generally common to all three speeds, there are
some differences that span across different layers. The capture speed
should be available to analyzer and it makes sense to expose it via
speed specific linktypes. Existing USB 2.0/1.1/1.0 captures can be
manually, retroactively updated to speed specific linktype.
Low-Speed device will always operate at Low-Speed, regardless of what
host it is connected to. USB cable connected to Low-Speed device only
ever carries packets sent at Low-Speed.
High-Speed device will operate at High-Speed when connected to High-Speed
capable host. If High-Speed Detection Handshake succeeds, the cable will
only carry High-Speed packets.
Full-Speed device will always operate at Full-Speed, regardless of what
host it is connected to. High-Speed device connected to Full-Speed host
or hub, will operate at Full-Speed. The cable connected to device
operating at Full-Speed can only carry Full-Speed or Low-Speed packets
preceded by Low-Speed preamble (PRE packet) sent at Full-Speed. Non-hub
device operating at Full-Speed always ignores Low-Speed packets. The hub
forwards the Low-Speed packets to downstream ports but does not act upon
the actual Low-Speed packet contents. The packets intended for device
operating at Full-Speed are always sent at Full-Speed.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow up on earlier commits (0c21cb2, 341acb8, f4840dc, 69f105d) and
try to fix the last remaining issue.
In pcap/bpf.h do not try to duplicate the contents of pcap-types.h, it
was a bad idea of mine because in a public header HAVE_SYS_TYPES_H is
out of place. Instead of that in pcap/bpf.h trust the including file
to have unsiged integer types defined (usually by means of including
either pcap/pcap.h or pcap-types.h). Include pcap-types.h not from
gencode.c, but from gencode.h, so the latter can include pcap/bpf.h and
itself can be included early. Add a comment.
|
| |/
|
|
| |
As discussed on the mailing list in August 2020.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
If TLS is used with rpcap, user names and pasword don't go over the wire
in clear text.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Don't commit to it being a "class" field.
Fix the bitfield for it.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There's a reserved field that was originally intended to handle
alternate link-layer type values; it would contain a "class" value
indicating what the lower 16 bits of the field indicate. We currently
only support a "class" value of 0, meaning "it's a LINKTYPE_ value".
Reject files where it's non-zero.
|
| | | |
|
| | |
| |
| |
| |
| | |
All they should have to do is to change this header to define
PCAP_AVAILABLE as __API_AVAILABLE(__VA_ARGS__).
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Don't tell people to use a routine that doesn't exist; instead, if they
need it, tell them to request it ("request" includes "give us a reason
to believe that they really need it" - what operations do you expect to
do on the HANDLE in question? Note that pcap_getevent() is what you
want if you want to wait for an event on it.).
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We'd reserved LINKTYPE_HDLC for it; we rename that to
LINKTYPE_NETBSD_HDLC, define DLT_HDLC as 16 on NetBSD (that's the value
they use) and as the same value as LINKTYPE_NETBSD_HDLC on others, so
it's at least defined everywhere, map between DLT_HDLC and
LINKTYPE_NETBSD_HDLC in capture files, and make sure we treat DLT_C_HDLC
and DLT_HDLC the same (as NetBSD appears to use DLT_HDLC for Cisco
HDLC).
Also, expand some comments.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e9eaad85f3888c72f79de705fae7e0768d8a622d.
We only need to do this for CAN FD frames; readers of the frames can use
thse heuristics to determine whether to trust the len8_dlc field without
our help.
|
| | |
| |
| |
| |
| |
| | |
We already clean it up for CAN FD frames; clean it up for classic CAN
frames as well, to allow heuristics to be used to try to guess whether
the len8_dlc field was filled in.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't provide a DLT_LINUX_SLL header. Instead, tweak the header
provided by the kernel to 1) put the "CAN ID and flags" field in host
byte order, as that's what DLT_CAN_SOCKETCAN specifies and 2) check
whether the protocol field provided as metadata (which we normally
incorporate into a DLT_LINUX_SLL header) is CAN FD rather than CAN and,
if it's CAN FD, set the CANFD_FDF flag in the DLT_CAN_SOCKETCAN header's
flags field, to indicate to the reader of the packets that it's CAN FD
rather than CAN classic.
This addresses GitHub issue #1052.
Incorporates some changes from GitHub pull request #1035.
|
| | |\
| | |
| | | |
Added DLT_NETANALYZER_NG and LINKTYPE_NETANALYZER_NG
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Consistenly use "XYZZY compiler M.N and later" rather than "... or
later".
Consistently refer not only to GCC but to compilers claiming to be "like
GCC X.Y" by defining __GNUC__ the same way GCC X.Y does.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The first test is "is this someting that's not XL C", as is the case for
other compilers; that test is done as "are both __xlC__ and __ibmxl__
undefined". If either of them are defined, use __ibmxl_version__ if
__ibmxl__ is defined, and use __xlC__ otherwise.
That makes it a bit easier to read.
|
| | | |
| | |
| | |
| | |
| | | |
This is especially useful for XL C, where the tests aren't a simple
single "XL vs. not XL C" test.
|
