This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
1. Include stdio.h, stdlib.h and string.h only if needed;
2. Add dissector source filename to epan/CMakeLists.txt as well as
epan/Makefile.common.
svn path=/trunk/; revision=32495
indication, not necessarily a base (the base is "how to display" some
numeric fields, but it's not how to display some other fields).
Note that FIELDDISPLAY is the number of bits in the field containing an
FT_BOOLEAN bitfield.
svn path=/trunk/; revision=32480
tap-diameter-avp.patch:
- make diameter.cmd_code configurable rather than hard coded in
- more fields in the output
- documetation/man pages + usage examples
- switch option parser from stdlib to glib to avoid troubles with M$ c++
diameter-dict.patch
remove strage spaces in the AVP names.
svn path=/trunk/; revision=32294
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
makes time-shifting using editcap easier. Sort the flags in the capinfos
man page alphabetically to match the other man pages. Add a
time-shifting example to the mergecap man page.
svn path=/trunk/; revision=31905
Added se_tree_lookup32_array_le to emem.[ch]. This function is similar to
se_tree_lookup32_le already defined.
Updated README.binarytrees to reflect this added function and corrected minor
spelling issues.
svn path=/trunk/; revision=31812
bit, so as not to imply that there's some form of global "mode"
Wireshark is in when it passes a null or non-null pointer (there isn't),
and to explicitly note that there is *no* guarantee about the value of
"tree" on the first call to the dissector. (I.e., please do not build a
mental model of how Wireshark works in that regard, and write your
dissector based on that mental model - you *will* be wrong.)
svn path=/trunk/; revision=31560
Gerald Combs