Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5671] New: The Wiretap Library needs several improvements

Date: Wed, 9 Feb 2011 08:01:50 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5671

           Summary: The Wiretap Library needs several improvements to its
                    Network Instruments Observer v9
           Product: Wireshark
           Version: 1.4.3
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: robert@xxxxxxxxxxxxxx


Robert Bullen <robert@xxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #5922|                            |review_for_checkin?
               Flag|                            |

Created an attachment (id=5922)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5922)
This patch resolves all four of the issues listed in this bug. It affects the
following files: file_access.c, network_instruments.c, network_instruments.h,
and wtap.

Build Information:
Version 1.4.3 (SVN Rev 35482 from /trunk-1.4)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jan
11 2011), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Network Instruments Observer v9 format support needs improvements in the
following four areas:

1.) Files where the packet header and packet data are noncontiguous are handled
improperly, resulting in read misalignment and ultimately the error message,
"Observer: bad record: Invalid magic number 0xXXXXXXXX." This bug is caused by
not obeying the packet_entry_header.offset_to_frame field.

2.) Daylight savings time is not properly accounted for in files using local
time encoding.

3.) As of Observer/GigaStor v14, timestamps in the file format changed from
local time encoding to GMT encoding. Wiretap should not only support reading
both formats, but should also allow the user to select which format to write
with different file types. This should function similarly to how lipbpcap
supports both microsecond and nanosecond timestamp granularities with different
file types.

4.) The wtap_dumper.bytes_dumped field is not being properly incremented as
data is written to files.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.