libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
the right thing in Wireshark and TShark, as both of them call
epan_init() to set the appropriate "report an error" function.
That obviates the need to have TShark have its own private version of
simple_dialog().
Have cmdarg_err() just call failure_message() instead of duplicating the
code in failure_message().
svn path=/trunk/; revision=25201
proto.[hc]
define new APIs to allow delayed registration of protocol fields,
so that dissectors with "flexible" fields like xml, radius, diameter,
snmp do not have to load their files at startup but can do so as late as possible.
gtk/dfilter_expr_dlg.c :
have the expression dialog registering all prefixes so that all fileds appear in the dialog
tshark.c
register all prefixes when called with -G
epan/radius_dict.l
epan/dissectors/packet-radius.c
epan/dissectors/packet-radius.h
refactor registration to delay dictionary loading as long as possible
svn path=/trunk/; revision=24762
used within a display filter.
(the usefullness of "frame.time_delta_displayed" in a display filter is very limited
since it bites it's own tail. Still, wireshark and tshark should at least show the
same behaviour)
svn path=/trunk/; revision=24708
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
The attached patch makes the Statistics -> RTP -> Show All Streams feature of
wireshark accessible via tshark.
I found it helpful in dealing with tons of RTP captures.
svn path=/trunk/; revision=24252
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
that we can find out what the signal action for SIGHUP is without
changing it).
That renders report_counts() safe to use at the end of a capture; do so.
Clean up indentation.
svn path=/trunk/; revision=23256
We can simply block waiting for input from the child process because we are
in a CLI that does not need to worry about updating a GUI while we're waiting
for packets and so forth.
Before I realized that I wrote a working (for me) method using select() that
I've left in for now (#ifdef'd out).
svn path=/trunk/; revision=22999
rewrite the tshark capture code almost completely, to use dumpcap instead of it's own pcap functionality.
This works on Win32 and should work on unix/linux (but I'm not sure here). Some stuff needs to be cleaned up, some more may need to be rewritten to specifically work with unix/win32. Futher work needs to be done at:
1. read filters (simply document current behaviour?)
2. event loop polling
3. privileges
4. code cleanup (e.g. in capture_loop.c)
Be prepared that tshark might not work as before / expected at least in the next days!
svn path=/trunk/; revision=22969
fetch the major OS version. If we're running Windows >= 6 (Vista)
_and_ npf.sys isn't running, warn the user in Wireshark and TShark.
Add a recent prefs item to disable the warning in Wireshark.
svn path=/trunk/; revision=22877
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
Try to call get_interface_descriptive_name() as little as possible (storing
the result in capture_opts) to avoid a performance hit during live capture
(especially if you have lots of interfaces) and to avoid leaking memory.
One issue with this is that capture_opts.c cannot (without adding significant
dependencies) set the iface_descr so readers of that field (only gtk/main.c
and tshark.c) use a macro to (set if not already set and) get the value of
that field.
svn path=/trunk/; revision=22587
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
it's a pointer to an arbitrary object, assumed to be correctly aligned,
not a pointer to a not-necessarily-properly-aligned array of bytes.
Cast it, so we won't get alignment warnings.
svn path=/trunk/; revision=21940
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set and, if so and we weren't run
with special privileges, set the running_in_build_directory_flag. Have
it do the same if it finds ".libs" in the pathname of the program and we
weren't run with special privileges, as that means it was probably run
from the libtool wrapper script and presumably thus isn't an installed
binary.
This means that get_credential_info() has to be called before
init_progfile_dir().
Clean up some indentation.
svn path=/trunk/; revision=21866
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1289
Rename 'svnversion' to 'wireshark_svnversion' to resolve a symbol conflict with
GTK 2.10.6 (hmm, shouldn't GTK not be exporting that symbol or at least naming
it so as to prevent such collisions? Well, so should we, so...)
From Andreas Fink: change #ifdef for size_t in airdcap_interop.h to fix
compile on MacOS X.
svn path=/trunk/; revision=20726
Guy Harris