make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
1) The tvb + name (aka. data_source) is only used when the protocol tree is visible
The current implementation of add_new_data_source() doesn't take this into account and simply allocates a data_source regardless. This is what packet_add_new_data_source() tries to rectify.
A couple of dissectors have already been switched over to the new packet_add_new_data_source(). Many are still missing. Help appreciated!
svn path=/trunk/; revision=29427
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.
svn path=/trunk/; revision=29066
That means that G_GINT64_MODIFIER will be defined, so don't check
whether it's defined.
We don't use the PRI[douxX]64 macros, as we use the GLib print routines
and thus use G_GINT64_MODIFIER instead. Get rid of the checks for
whether inttypes.h defines PRI[douxX]64; just check whether it exists at
all.
That means we don't set INTTYPES_H_DEFINES_FORMATS, so don't check for
it.
svn path=/trunk/; revision=25243
Adds a heur_dissector_delete() function to allow heuristic dissectors to be
dynamically disabled based upon, for example, preference settings.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1697
svn path=/trunk/; revision=22463
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
structures allocated by a dissection. Currently, it's the same as
"init_dissection()", but they should be split with "init_dissection()"
allocating the initial data structures and "cleanup_dissection()"
freeing them and *not* reallocating the initial data structures.
Use "cleanup_dissection()" in "cf_close()" to make it easier to find leaks.
svn path=/trunk/; revision=13881
filter/selector/protocol associations for each dissector. This will be
used to improve our automated tests, but someone with time on their
hands could probably use it to generate a protocol poster using Graphviz.
svn path=/trunk/; revision=13721
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
use to format 64-bit integers.
Fix the RSVP dissector to use that rather than hardcoding "%ll" in.
Remove the "only if G_HAVE_GINT64 is defined" bit from the discussion of
64-bit integers - we're too dependent on having them to support
compilers that don't have a 64-bit integral data type. Do, however,
note that neither "long" nor "long long" are acceptable, and also note
that you shouldn't assume "%ll" does the trick for printing them.
svn path=/trunk/; revision=11182
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8574
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
comparison function to use based on the type value passed in. For the
traditional unsigned integer table, require FT_UINT{8,16,24,32}; if the
type is FT_STRING or FT_STRINGZ, use the string hashing functions
instead.
Add routines for manipulating entries and looking up dissectors in
string dissector tables.
svn path=/trunk/; revision=8407
"dissector_get_port_handle()", "dissector_handle_get_short_name()",
"dissector_handle_get_protocol_index()", "new_register_dissector()", and
"new_create_dissector_handle()" to the list of APIs available to
plugins on platforms where plugins have to call core Ethereal routines
through pointers.
"extern"alize the remaining routines in "epan/packet.h".
svn path=/trunk/; revision=8116
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788