From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
There is following error message with cmake :
CMake Warning at CMakeLists.txt:490 (find_package):
By not providing "FindQt5LinguistTools.cmake" in CMAKE_MODULE_PATH this
project has asked CMake to find a package configuration file provided by
"Qt5LinguistTools", but CMake did not find one.
Could not find a package configuration file provided by "Qt5LinguistTools"
with any of the following names:
Qt5LinguistToolsConfig.cmake
qt5linguisttools-config.cmake
Add the installation prefix of "Qt5LinguistTools" to CMAKE_PREFIX_PATH or
set "Qt5LinguistTools_DIR" to a directory containing one of the above
files. If "Qt5LinguistTools" provides a separate development package or
SDK, be sure it has been installed.
CMake Error at ui/qt/CMakeLists.txt:205 (QT5_ADD_TRANSLATION):
Unknown CMake command "QT5_ADD_TRANSLATION".
svn path=/trunk/; revision=53169
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
Currently this is only for GTK, but allows users to test it to see if its worth adding to Qt (my personal opinion is yes).
From Jiří Engelthaler
svn path=/trunk/; revision=52790
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
the "unittest" module that comes with Python. Specifically, this
takes advantage of a couple of features in the "unittest" in
Python 2.7. The tests are all the same as before, but much
better managed.
This is in preparation for some work on the display filter code.
svn path=/trunk/; revision=52136
Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
Add the QCustomPlot widget. Thanks to Emanuel Eichhammer for granting a
license change. Move some common code from ui/gtk/tcp_graph.c to
ui/tap-tcp-stream.[ch]. Get rid of tcp_graph_selected_packet_enabled().
It was only used in the menu code and didn't match what we were doing
elsewhere.
Still quite a bit of work to do but it's a promising start.
svn path=/trunk/; revision=51538
name is specified, it currently must be a DLT_ name rather than a
LINKTYPE_ name, as we use libpcap to do the mapping and it currently has
no API to map LINKTYPE_ names to values, but if a number is specified,
it could either be a LINKTYPE_ name or a DLT_ name if the two are
different, and we want to encourage the use of LINKTYPE_ values.
Note that in comments.
svn path=/trunk/; revision=51204
DLT_ value, which is good because it's a numerical value and the
numerical values for some link-layer header types are OS-dependent, but
the numerical values for all LINKTYPE_ values are OS-independent. Use
LINKTYPE_RAW, not the value for the DLT_RAW on some but not all OSes,
for raw IP.
Also, 7 is LINKTYPE_ARCNET_BSD, emphasis on the "_BSD"; there's also a
Linux encapsulation for ARCNet that is different. Note that it's the
BSD flavor.
svn path=/trunk/; revision=51005
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
C++-ize the UAT headers.
Add an ElidedLabel widget. Use it in the File Set, Profile, and UAT
dialogs.
Update the Qt README.
svn path=/trunk/; revision=50896
The overhead is not large, and it makes append much faster (O(1) vs O(n)).
It also will make a queue easy to add, which I need for a dissector I'm
writing...
svn path=/trunk/; revision=50744
Update the README to reflect the value_string name changes in r48645.
From me: reorganize a bit to promote the use of val_to_str over try_val_to_str
in most cases.
svn path=/trunk/; revision=50557
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
just define WS_DLL_PUBLIC_NOEXTERN inside the ifdefs, and define
WS_DLL_PUBLIC as WS_DLL_PUBLIC_NOEXTERN followed by "extern".
Then rename WS_DLL_PUBLIC_NOEXTERN to WS_DLL_PUBLIC_DEF, to clarify that
it's what should be used for definitions; at least on Windows, you
*have* to use it when declaring arrays without a size, and, whilst you
might be able to use WS_DLL_PUBLIC for definitions of functions and
perhaps data definitions other than no-size arrays, it might be clearer
to rename WS_DLL_PUBLIC to WS_DLL_PUBLIC_DECL and use it only for
declarations.
svn path=/trunk/; revision=50334
documentation specific to dissectors should now live in README.dissector - what
remains in README.developer should be useful to anybody coding on Wireshark
regardless of if you're working on the GUI, wiretap, dissectors, etc.
This first pass I did a fairly dumb split of copy-pasting relevant chunks from
one file to the other. There are probably fragments that aren't in the right
file anymore, so cleanup welcome.
svn path=/trunk/; revision=50092
to the tree (to separate this case from the generic DISSECTOR_BUG case).
Enable this environment variable when fuzz testing.
Enable the 3rd (without tree but with a read filter) check (added in r49643)
when testing capture files but not when fuzz testing--not sure if we want to
add even more to the fuzzbot's work load now (OTOH I've been running it for
a while and it hasn't buried me in bugs).
svn path=/trunk/; revision=49784
actual wmem_allocator_t structure. This simplifies the internal API and
deduplicates a few alloc/free calls in the individual allocator implementations.
I'd originally made the allocators responsible for this on purpose with the
idea that they'd be able to optimize something clever based on the type of
allocator, but that's clearly more work and complexity than it's worth given
the small number of allocators we create/destroy.
svn path=/trunk/; revision=49512
Improve documentation for tshark's -z io,stat somewhat so that it's clear(er)
that filters for the statistics must be associated with the -z flag and not
applied via -Y.
svn path=/trunk/; revision=49422
recurring callbacks, I suspect most other potential uses will be once-only, so
make that possible, and improve the documentation on the remaining issues.
Also separate out the code into its own files and the testing into its own
test case.
svn path=/trunk/; revision=49209
the behaviour emem has for seasonal trees, which is that the master tree
structure is not actually seasonal - it is permanent. When the seasonal memory
pool is cleared, the root node pointer in all of these permanent trees is set
to NULL, and the pool takes care of actually freeing the nodes.
Wmem can now mimic this by allocating the tree header struct in epan_scope(),
allocating any node structs in file_scope(), and registering a callback on
file_scope() that NULLs the pointer in the epan_scope() header. Yes, this is
confusing, but it seemed simpler than adding manual callback registrations to
every single dissector that currently uses seasonal trees.
The callbacks may also be useful for other things that need cleanup (I'm
thinking resource handles stored in wmem memory that need to be fclosed or
what-have-you before they the handle is lost).
As indicated by the number of caveats in README.wmem, the implementation
probably needs a bit of work to make it safer/saner/more-useful. Thoughts
(or patches!) in this direction are more than welcome.
svn path=/trunk/; revision=49205
It is useful to see not only the minimal, maximum and average service time for
RPC procedures, but also the total time these took.
From me: add it to the man page.
svn path=/trunk/; revision=49144
- better tests
- fix a bug caught by the better tests
- implement append_c and append_unichar, with tests
Wmem string-buffers now have feature parity with their emem equivalents, so
remove them from the TODO list.
svn path=/trunk/; revision=49060
Changes of note:
- Removed the 'Copied from' notice, it's only relevant if they're *not* using
the skeleton code. Added a paragraph to README.developer instead.
- Exorcised all references to if (tree) and placed them in their own section
at the bottom as an optimization. Hopefully this will be less confusing.
svn path=/trunk/; revision=48861
much easier to edit/maintain that way as well as much easier to copy for a
new dissector. Explicitly don't set the SVN id tag since this is a template.
svn path=/trunk/; revision=48860
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
configurable via command line options and print specific drop numbers
at the end. This allows to tune the buffering when using multiple
threads.
This also fixes a logic arrow in enforcing the limits.
The patch for the enhanced counters is from Anders Broman.
svn path=/trunk/; revision=48223
(removed in r48218) which did nothing particularly useful. Also lets us remove
another debugging environment variable.
svn path=/trunk/; revision=48219
Since there's now a suffix rule for the .1 man pages, don't create explicit
rules for them. (Leave a comment explaining why the .html and .4 rules need
to stay.)
Simplify CLEANFILES: there's no need to list each man page, just remove them
all.
svn path=/trunk/; revision=48135
This patch adds a new public API, proto_tree_add_bitmask_len(), identical to
proto_tree_add_bitmask() but using a caller-supplied length rather than an
inferred one. The underlying proto_item_add_bitmask_tree() code is modified
to display only fields for which all defined bits are available, and to
ignore bits that have no corresponding defined field ("forward compatibility"
cases).
From me: minor edits, see the bug for more details.
svn path=/trunk/; revision=48049
a GSList. This permits it to implement the new realloc and free functions. Also
fill in an empty gc function, since there isn't much it can do as far as
garbage-collection goes.
svn path=/trunk/; revision=47169
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
shown for the previous input format (showing "data" as a pointer is a
bit confusing, as it's just in-line data in the input), and give a more
detailed description of the issues with that file format (the size of
the seconds field of the time stamp is platform-dependent).
svn path=/trunk/; revision=46864
an I or O indicating the direction of the packet. This
will be stored in the generated file if the pcap-ng
format is used.
Thanks to Jaap for suggesting to integrate this into
the preamble!
svn path=/trunk/; revision=46744
Leave pcap the default file format for now. The is should be reconsidered
before the next release as it might make sense to use pcapgn as
the default as we do for dumpcap. (We can use the -P option to allow
switching back to pcap).
svn path=/trunk/; revision=46691
use it as example in a few places and point out that if you're not using the
return value to build a subtree, you probably shouldn't be using the function.
svn path=/trunk/; revision=46617
determine the desired type. This has two advantages over the old way:
- just one environment variable for valgrind to override in order to guarantee
that ALL allocators use memory it can track, and just one place to check that
variable
- allocator owners no longer have to include headers specific to their
allocator, allowing them to change allocators without adjusting all their
#includes
svn path=/trunk/; revision=46604
Combine the two comments in the Portability section (which largely said the
same thing) on the perils of that function.
Don't suggest it as an option to ensure there are enough bytes in the TVB.
svn path=/trunk/; revision=46590
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
those options (which had been cut-n-paste from the tshark man page).
For editcap to support these options it would either need to be linked
against libwireshark or the address resolution stuff would need to be moved
from libwireshark to, for example, libwsutil.
svn path=/trunk/; revision=45975
Rather than store the FrameRecord entries in a sorted linked list,
instead use an unsorted GPtrArray, then sort it all at once.
Also, there is no longer the option to limit the amount of sorting (and memory
used), but a new option means we can avoid writing the output file
altogether if the input file is found already to be in order.
svn path=/trunk/; revision=45313
it should also fix bulding error:
Can't open ../../doc/reordercap.pod: No such file or directory at /usr/bin/pod2man line 60
svn path=/trunk/; revision=45283
fix the perldoc link. Maybe someone else can figure out how to also fix:
http contains "http://www.wireshark.org"
Either the hyperlink should be made to work correctly by not including the
trailing quote as part of the link, or simply change it so it's not hyperlinked
at all. Also, it should display a terminating semi-colon as follows:
http contains "http://www.wireshark.org";
svn path=/trunk/; revision=45035
The GTK+ and native Win32 versions are slightly different. The GTK+
version lets you select an output file type and the Win32 version uses
the existing capture filetype. We do the latter for now.
Start documenting significant UI changes in README.qt. This might be
better handled on the wiki.
svn path=/trunk/; revision=44797
Fixed: { -2, -1, 0, 1, 3} (note gap) used a binary search (which would fail);
Note: { -2, -1, 0, 1, 2 ,3 } (no gap) allowed; will still do a direct access;
Also: Add a comment to README.developer extended value string section.
svn path=/trunk/; revision=44659
and add a lot of explanation about how the display filter
engine works.
Modify dftest.c to remove printing of the dfilter_t pointer,
which has absolutely no value for the user.
svn path=/trunk/; revision=43941
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
Build the idl2wrs man page (including the HTML version) but don't install
them: a developer might want to read the man page and the Debian development
package wants to install them.
svn path=/trunk/; revision=43498
File name preferences are basically just string preferences except that the
GUI will present a "Browse" button that allows the user to go and find the
file s/he wants (rather than having to blindly type in the full path).
svn path=/trunk/; revision=43228
return the right error code and information string.
InfoVista bought Accellent Group, and, at least according to the
InfoVista Web site, it's "5View", not "5Views".
svn path=/trunk/; revision=42119
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
Specificaly:
For a field type FT_BOOLEAN:
- If the bitmask field is zero, then the 'display' field
must be 'BASE_NONE';
- If the bitmask field is non-zero, then the 'display' field
must be the field-width of the parent bit field.
svn path=/trunk/; revision=41379
1. Compile and link with (almost exactly) the same options as used
when building Windows Wireshark Gtk.
The options used allow debugging of the exe using Visual Studio exactly
as is done for Wireshark Gtk.
Essentially: configure the "release" version to compile and link with
symbols. (See ui\qt\QtShark for the details).
2. Update QtShark.pro to create a Makefile only for 1 version of Wireshark Qt
which is linked against the "release" Qt libraries.
(IOW: don't create a "debug" Makefile).
3. Remove unused variable assignments from config.pri.
(They can be added back if needed in the future).
svn path=/trunk/; revision=40768
Chris Maynard