Re: [Wireshark-dev] [Wireshark-commits] rev 40321: /trunk/ /trunk/epan/: base64.h epan.h epan_dissect.h ex-opt.h prefs.h strutil.h timestamp.h tvbuff.h /trunk/gtk/: recent.h /trunk/: airpcap_loader.h
Hello Gerald, On Thu, Dec 29, 2011 at 12:08:48AM +, ger...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=40321 User: gerald Date: 2011/12/28 04:08 PM Log: Add 'extern C' wrappers and #include guards to various header files. What's the motivation for this? Thanks Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] happy birthday, bug 5531!
On Thu, Dec 29, 2011 at 02:25:43PM -0500, Ed Beroset wrote: Chris Maynard wrote: Ed Berosetberoset@... writes: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5531 It's been a year since it was originally submitted. As always, if there's anything I can do to help get this into the main code, please let me know. I know a number of people that are waiting for it. And thanks again for a mighty handy tool! Ed I know it can be frustrating when waiting for something so thanks for your continued patience. If it makes you feel any better, some bugs are over 6 years old. :) Yes, it's a bit frustrating, but I also certainly understand. I wish I had more time to spend on this, too. I have a half-finished documentation section on how to write ASN.1 based dissectors that I'm hoping to finish within the next few weeks and I've been looking over Bill's rewritten tvb_ stuff to see if I can help explain that, too. First I'd have to understand it... I looked at this patch a bit but as I don't know anything about BER I can't comment on much. I have a few small questions that came up during looking at the patch (not all of them relevant to this patch!): - why is eax.[ch] in epan instead of epan/crypt/? - why do we have files named crypt/crypt-aes.c instead of crypt/aes.c? - is eax.c added to CMakeLists.txt as well? - is this in any way related to RFC 6142? - I don't know anything about BER encoding, but is the existence of the function get_ber_len_size owed to missing infrastructure in Wireshark? Thanks Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Fwd: [FOSDEM] Dates for FOSDEM 2012: 4 5 February
On Wed, Dec 28, 2011 at 01:19:14PM -0800, Gerald Combs wrote: Looking at http://fosdem.org/2012/devrooms_for_2012 I assume we haven't got one? Sorry for taking so long to get back to you on this. We don't have a devroom, but we might be able to find a spot in one of the existing rooms. Alternatively I might be able to reserve a conference room at a nearby hotel. I realize it's now short notice, but can anyone interested in meeting at FOSDEM send an email to -dev or to me directly with the dates you can attend? The main event is February 4 and 5 in Brussels, but we could also meet on the 3rd or 6th if that's more convenient. http://fosdem.org/2012/ I'm still interested in coming. I'd *prefer* a meeting during the weekend but Friday or Monday would work for me as well. Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] GTK3 for OSX
Just a question I've been toying with: Would it be ok/make sense to move the official builds on OSX from GTK2 to GTK3? Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] happy birthday, bug 5531!
Joerg Mayer wrote: I looked at this patch a bit but as I don't know anything about BER I can't comment on much. I have a few small questions that came up during looking at the patch (not all of them relevant to this patch!): - why is eax.[ch] in epan instead of epan/crypt/? It could be moved to epan/crypt, and that may well be appropriate. - why do we have files named crypt/crypt-aes.c instead of crypt/aes.c? Historic. Back in 2007, there was no epan/crypt and crypt-aes.c was in in epan. In 2007, epan/crypt was created and code moved but not renamed. - is eax.c added to CMakeLists.txt as well? No, it isn't. A quick check shows a number of files in epan are not. $for foo in *.c ; do grep -q $foo CMakeLists.txt ; if [ $? -eq 1 ]; then echo $foo; fi ; done diam_dict.c dtd_grammar.c dtd_parse.c dtd_preparse.c eax.c exntest.c inet_aton.c radius_dict.c reassemble_test.c tpg.c tvbtest.c uat_load.c Keeping three different build systems (CMake, make, nmake) synchronized is perhaps in need of some additional automation. Should we use Makefile.common in CMake to reduce this problem? A little more checking: $ for foo in *.c ; do grep -q $foo Makefile.common ; if [ $? -eq 1 ]; then echo $foo; fi ; done asm_utils.c exntest.c inet_aton.c reassemble_test.c tpg.c tvbtest.c I can see that the various test programs shouldn't be there, and it appears that the configure script handles inet_aton.c, but it appears that tpg.c isn't in either. Is it used at all? - is this in any way related to RFC 6142? Not directly, no. That RFC describes one rather idiosyncratic way to implement the same C12.22 standard over TCP/IP and UDP/IP. I know of no real implementation that follows it, but if one ever did, there would be no problem with this dissector on such a stream. (If anybody reading this has implemented such a thing, please send me a sample capture or add it to the sample captures so I can verify this.) - I don't know anything about BER encoding, but is the existence of the function get_ber_len_size owed to missing infrastructure in Wireshark? Good question, but I think it's more attributable to the particular usage of BER and cryptography to secure this particular protocol. I created three functions (get_ber_len_size, get_ber_len_raw and encode_ber_len) which might have been put into packet-ber.c but I decided that these functions are unlikely to be generally useful. This is because these functions are to assist in constructing BER encodings in memory (for processing with cryptography) rather than the more usual direction of disassembling BER encodings, which is what packet-ber.c does. Where the latter kinds of functions are needed, the existing functions in packet-ber.c were used without problems, so I don't think there's missing infrastructure in Wireshark. Ed ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Is this a Bug? PCAP can't deal with ipv4ipv6 hybrid data?
I am processing a hybrid pcap file using libpcap and filter expression. The
pcap file is hybrid with ipv4 ipv6 packets. The code fragment is as follows:
/**/
pcap_t * fp;
string pcapfilename = g00.pcap;
string pcap_filter = tcp dst port 80;
struct bpf_program filtercode;
// open pcap file
if ((fp = pcap_open_offline(pcapfilename.c_str(), errbuf)) == NULL)
{
cout file open failed endl;
return 0;
}
//set filter stringif (pcap_filter.length() 0)
{
u_int32_t netmask = 0x;
struct bpf_program filtercode;
if (pcap_compile(fp, filtercode, pcap_filter.c_str(), 1, netmask) 0)
{
cout compile filter code error pcap_geterr(fp) endl;
pcap_close(fp);
return 0;
}
if (pcap_setfilter(fp, filtercode) 0)
{
cout set filter error pcap_geterr(fp) endl;
pcap_close(fp);
return 0;
}
}
// read packetswhile((ret = pcap_next_ex(fp, hdr, pData)) 0) //!!!
notice here !!!
{
cout I got it!!! endl;
}
/**/
I'm assure that the pcap file has many packets with tcp dest port 80, but I
got nothing while I try to read it out.
While I traced into the program, I got the ret is -2, it means the end of
file is encountered.
I used another pcap file with pure ipv4 packets to test above code, it ran
correctly and I got the right packets as expected.
Is this a bug?
2011-12-30
homeryan___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] GTK3 for OSX
On Dec 30, 2011, at 12:41 PM, Joerg Mayer wrote: Just a question I've been toying with: Would it be ok/make sense to move the official builds on OSX from GTK2 to GTK3? Depends on: * Does GTK3 compile? For GTK2 we need some patches? * Is it stable for releases? I haven't tried it yet? Best regards Michael Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Is this a Bug? PCAP can't deal with ipv4ipv6 hybrid data?
On Dec 29, 2011, at 10:30 PM, homeryan wrote:
I am processing a hybrid pcap file using libpcap and filter expression.
Then the right place to ask is tcpdump-work...@lists.tcpdump.org, as per
http://www.tcpdump.org/
The name nonwithstanding, that list is for both libpcap and tcpdump, and both
for people working on both of them and for people using both of them.
// open pcap file
if ((fp = pcap_open_offline(pcapfilename.c_str(), errbuf)) == NULL)
{
cout file open failed endl;
return 0;
}
(You probably also want to print the contents of errbuf there, to indicate
*why* the file open failed, but, as the file open isn't failing, that's not
part of the issue you're having.)
I'm assure that the pcap file has many packets with tcp dest port 80,
So are they IPv4 packets sent to TCP port 80, IPv6 packets sent to TCP port 80,
or both?
If they're only IPv6 packets sent to TCP port 80 - i.e., if there are no IPv4
packets sent to TCP port 80 - what happens if you make the filter ip6 and tcp
dst port 80? If that string doesn't give an error from pcap_compile() (this
is a test to make sure your version of libpcap is not so old as not to have
IPv6 support or not to include that support by default), what happens if you
open the file in, for example, Wireshark (which you presumably have, as you're
sending this to the Wireshark list)? Do those packets have, for example,
extension headers?
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Fwd: [FOSDEM] Dates for FOSDEM 2012: 4 5 February
On 2011-12-28 22:19, Gerald Combs wrote: On 12/4/11 11:56 AM, Jakub Zawadzki wrote: Hi, On Thu, Oct 27, 2011 at 03:53:27PM -0700, Gerald Combs wrote: On 10/27/11 1:07 AM, Martin Kaiser wrote: Should we register at http://fosdem.org/2012/call_for_devrooms [1] I placed a request a few weeks ago. Some of the core developers and I were planning to attend and the rest of the developer community is welcome to join us. Looking at http://fosdem.org/2012/devrooms_for_2012 [2] I assume we haven't got one? Sorry for taking so long to get back to you on this. We don't have a devroom, but we might be able to find a spot in one of the existing rooms. Alternatively I might be able to reserve a conference room at a nearby hotel. I realize it's now short notice, but can anyone interested in meeting at FOSDEM send an email to -dev or to me directly with the dates you can attend? The main event is February 4 and 5 in Brussels, but we could also meet on the 3rd or 6th if that's more convenient. http://fosdem.org/2012/ Hi, That weekend I'm scheduled for a training camp in the Bodyflight windtunnel in Bedford (UK), so FOSDEM would be out for me, unfortunately. If need be I could try to change my return trip through Brussels, but that would mean we would only have the afternoon available. Thanks, Jaap Links: -- [1] http://fosdem.org/2012/call_for_devrooms [2] http://fosdem.org/2012/devrooms_for_2012 ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 40321: /trunk/ /trunk/epan/: base64.h epan.h epan_dissect.h ex-opt.h prefs.h strutil.h timestamp.h tvbuff.h /trunk/gtk/: recent.h /trunk/: airpcap_loader.h
On 12/30/11 1:49 AM, Joerg Mayer wrote: Hello Gerald, On Thu, Dec 29, 2011 at 12:08:48AM +, ger...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=40321 User: gerald Date: 2011/12/28 04:08 PM Log: Add 'extern C' wrappers and #include guards to various header files. What's the motivation for this? I plan to check in Qt code soon. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 40321: /trunk/ /trunk/epan/: base64.h epan.h epan_dissect.h ex-opt.h prefs.h strutil.h timestamp.h tvbuff.h /trunk/gtk/: recent.h /trunk/: airpcap_loader.h
On Fri, Dec 30, 2011 at 04:40:34PM -0800, Gerald Combs wrote: What's the motivation for this? I plan to check in Qt code soon. Nice!!! Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Is this a Bug? PCAP can't deal with ipv4ipv6 hybrid data?
Thank you, I will post this mail to tcpdump mail list. 2011-12-31 homeryan 发件人:Guy Harris 发送时间:2011-12-31 04:50 主题:Re: [Wireshark-dev] Is this a Bug? PCAP can't deal with ipv4ipv6 hybrid data? 收件人:Developer support list for Wireshark 抄送: On Dec 29, 2011, at 10:30 PM, homeryan wrote: I am processing a hybrid pcap file using libpcap and filter expression. Then the right place to ask is tcpdump-work...@lists.tcpdump.org, as per http://www.tcpdump.org/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
