a GSList. This permits it to implement the new realloc and free functions. Also
fill in an empty gc function, since there isn't much it can do as far as
garbage-collection goes.
svn path=/trunk/; revision=47169
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
shown for the previous input format (showing "data" as a pointer is a
bit confusing, as it's just in-line data in the input), and give a more
detailed description of the issues with that file format (the size of
the seconds field of the time stamp is platform-dependent).
svn path=/trunk/; revision=46864
an I or O indicating the direction of the packet. This
will be stored in the generated file if the pcap-ng
format is used.
Thanks to Jaap for suggesting to integrate this into
the preamble!
svn path=/trunk/; revision=46744
Leave pcap the default file format for now. The is should be reconsidered
before the next release as it might make sense to use pcapgn as
the default as we do for dumpcap. (We can use the -P option to allow
switching back to pcap).
svn path=/trunk/; revision=46691
use it as example in a few places and point out that if you're not using the
return value to build a subtree, you probably shouldn't be using the function.
svn path=/trunk/; revision=46617
determine the desired type. This has two advantages over the old way:
- just one environment variable for valgrind to override in order to guarantee
that ALL allocators use memory it can track, and just one place to check that
variable
- allocator owners no longer have to include headers specific to their
allocator, allowing them to change allocators without adjusting all their
#includes
svn path=/trunk/; revision=46604
Combine the two comments in the Portability section (which largely said the
same thing) on the perils of that function.
Don't suggest it as an option to ensure there are enough bytes in the TVB.
svn path=/trunk/; revision=46590
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
those options (which had been cut-n-paste from the tshark man page).
For editcap to support these options it would either need to be linked
against libwireshark or the address resolution stuff would need to be moved
from libwireshark to, for example, libwsutil.
svn path=/trunk/; revision=45975
Rather than store the FrameRecord entries in a sorted linked list,
instead use an unsorted GPtrArray, then sort it all at once.
Also, there is no longer the option to limit the amount of sorting (and memory
used), but a new option means we can avoid writing the output file
altogether if the input file is found already to be in order.
svn path=/trunk/; revision=45313
it should also fix bulding error:
Can't open ../../doc/reordercap.pod: No such file or directory at /usr/bin/pod2man line 60
svn path=/trunk/; revision=45283
fix the perldoc link. Maybe someone else can figure out how to also fix:
http contains "http://www.wireshark.org"
Either the hyperlink should be made to work correctly by not including the
trailing quote as part of the link, or simply change it so it's not hyperlinked
at all. Also, it should display a terminating semi-colon as follows:
http contains "http://www.wireshark.org";
svn path=/trunk/; revision=45035
The GTK+ and native Win32 versions are slightly different. The GTK+
version lets you select an output file type and the Win32 version uses
the existing capture filetype. We do the latter for now.
Start documenting significant UI changes in README.qt. This might be
better handled on the wiki.
svn path=/trunk/; revision=44797
Fixed: { -2, -1, 0, 1, 3} (note gap) used a binary search (which would fail);
Note: { -2, -1, 0, 1, 2 ,3 } (no gap) allowed; will still do a direct access;
Also: Add a comment to README.developer extended value string section.
svn path=/trunk/; revision=44659
and add a lot of explanation about how the display filter
engine works.
Modify dftest.c to remove printing of the dfilter_t pointer,
which has absolutely no value for the user.
svn path=/trunk/; revision=43941
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
Build the idl2wrs man page (including the HTML version) but don't install
them: a developer might want to read the man page and the Debian development
package wants to install them.
svn path=/trunk/; revision=43498
File name preferences are basically just string preferences except that the
GUI will present a "Browse" button that allows the user to go and find the
file s/he wants (rather than having to blindly type in the full path).
svn path=/trunk/; revision=43228
return the right error code and information string.
InfoVista bought Accellent Group, and, at least according to the
InfoVista Web site, it's "5View", not "5Views".
svn path=/trunk/; revision=42119
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
Specificaly:
For a field type FT_BOOLEAN:
- If the bitmask field is zero, then the 'display' field
must be 'BASE_NONE';
- If the bitmask field is non-zero, then the 'display' field
must be the field-width of the parent bit field.
svn path=/trunk/; revision=41379
1. Compile and link with (almost exactly) the same options as used
when building Windows Wireshark Gtk.
The options used allow debugging of the exe using Visual Studio exactly
as is done for Wireshark Gtk.
Essentially: configure the "release" version to compile and link with
symbols. (See ui\qt\QtShark for the details).
2. Update QtShark.pro to create a Makefile only for 1 version of Wireshark Qt
which is linked against the "release" Qt libraries.
(IOW: don't create a "debug" Makefile).
3. Remove unused variable assignments from config.pri.
(They can be added back if needed in the future).
svn path=/trunk/; revision=40768
letting Boring Old Make do it; I have that autotools+make working with a
--with-qt option, albeit in a not-yet-ready-for-prime-time state.
svn path=/trunk/; revision=40618
more hard-coded definitions from QtShark.pro. Quote an error message to
fix a Qt Creator complaint.
Add ui\qt\config.pri to the top-level "all" nmake target.
Update README.qt.
svn path=/trunk/; revision=40607
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
given link-layer type, e.g. 802.11, might have multiple header types
(802.11, 802.11 plus various radio headers, Ethernet), and multiple
link-layer types might have the same header type (802.11 interfaces
might supply Ethernet headers, and Linux loopback interfaces supply
Ethernet headers as well).
Point to tcpdump.org's page of link-layer header types, rather than to
the net/bpf.h header that 1) might not exist on your system and 2) might
not be up-to-date if it does exist.
svn path=/trunk/; revision=39529
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..."
should be increased from milliseconds to microseconds (from 3 to 6 decimal
places) in order to be consistent with -z relative time-related options such as
"-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places.
[Please note that separate enhancement requests for 6 decimal of precision in
Wireshark will be submitted shortly.)
2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames
and bytes should each have 15 spaces like all the other column types.
3.) The types "FRAMES" and "BYTES" should be added to allow users to display
these values separately and allow for filters to be specified.
4.) The 'SUM' option should allow for relative time values such as SRTs to be
summed. This would be useful for the calculation of such things as
request concurrency (total_SRT_time / duration).
5.) The tshark man page needs some corrections and readability improvements
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915
svn path=/trunk/; revision=37555
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
if an error occurred while processing.
E.G.,: For the default (no -C option):
'capinfos invalid.xxx' or 'capinfos a.pcap invalid.xxx c.pcap'
should exit with an error status
(after processing all the input args) if there is an error for invalid.xxx.
With this fix, I expect fuzz-test.sh (and list_protos_in_cap.sh
and presumably other scripts) will work a bit more as as expected.
svn path=/trunk/; revision=36487
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointer to a NULL-terminated string in the TVB. It is no safer than dissectors
which call tvb_get_strsize() and then tvb_get_ptr() but it makes it clear that
this usage of tvb_get_ptr() is safe.
This function is slightly more efficient than tvb_get_ephemeral_stringz()--but
only as long as we're not using composite TVBs.
svn path=/trunk/; revision=35493
tvb_get_ephemeral_fake_unicode() functions have been superceded by
tvb_get_unicode_string() and tvb_get_ephemeral_unicode_string() respectivey.
svn path=/trunk/; revision=35349
is a unicode (UTF-16) version of tvb_get_ephemeral_stringz(). It scans
a tvbuff for a UTF-16 string and converts it to UTF-8 upon return.
svn path=/trunk/; revision=35253
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
rawshark but broke the ability to feed it live packets with a
pcap_pkthdr prefix on some 64-bit architectures.
Add a "-p" flag which lets us explicitly handle file-based or
memory-based packet record headers.
svn path=/trunk/; revision=34522
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
LoadLibrary and g_module_open only for the program directory and system
directory on Windows. Use them to replace a bunch of LoadLibrary and
g_module_open calls. Use the extension ".dll" for all the DLLs that we
load. Add comments about DLL loading in Python.
svn path=/trunk/; revision=33924
for (guint8 = 0; guint8 < guint; guint8++)
(one of which recently caused an infinite loop with a fuzzed packet in
the buildbot).
svn path=/trunk/; revision=33639
dftest and randpkt are installed during make install, but they are not
documented in any man page.
This is a start. It's more or less a compilation of information found elsewhere.
svn path=/trunk/; revision=33504
The attached patch simply documents a long supported but hidden tshark -G
option.
Tshark's print_usage() has been augmented as well as the tshark man page.
svn path=/trunk/; revision=33253
From reading the rawshark(1) manpage my assumption was that rawshark
could be used like
$ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ...
However rawshark either expects the -r argument to be -
(read from stdin) or a pipe which results in the following error
message:
rawshark: ".../test.pcap" is neither an interface nor a pipe
The proposed rawshark.pod patch updates the -r description to
the implemented rawshark functionality.
The patch also applies to the current SVN version.
svn path=/trunk/; revision=33063
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
1. Include stdio.h, stdlib.h and string.h only if needed;
2. Add dissector source filename to epan/CMakeLists.txt as well as
epan/Makefile.common.
svn path=/trunk/; revision=32495
indication, not necessarily a base (the base is "how to display" some
numeric fields, but it's not how to display some other fields).
Note that FIELDDISPLAY is the number of bits in the field containing an
FT_BOOLEAN bitfield.
svn path=/trunk/; revision=32480
Gilbert Ramirez