Shuffle the expert severities down, and note that we have only 8 bits
available for FI_ flags unless you shrink the set of event groups and
shuffle them and the expert severities up.
svn path=/trunk/; revision=23731
Move the expert information bits to the top of that field, to avoid
collisions (we had a collision with the 0x00000004 bit).
svn path=/trunk/; revision=23726
packets in the Packet Details View.
This "appendix" bytes are not copied with the Copy functions or in the
Export Selected Packet Bytes.
svn path=/trunk/; revision=22887
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
proto_tree_add_bits_ret_val()
tvb_get_bits()
And modify
proto_tree_add_bits() not to return a value.
little endian is not yet implemented.
svn path=/trunk/; revision=21607
starting at the bit offset given for the number of bits indicated which wll also return
the value of the bits.
Experimental and for review, documentation to be updated.
svn path=/trunk/; revision=21556
copy paste hit again, here is a patch with the accurate declaration of
RVALS in proto.h
Thx gcc-4.1.2 for finding new ways of generating strict aliasing warnings :)
patch with accurate comment and declaration.
svn path=/trunk/; revision=21157
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
proto_can_match_selected() routines, to more clearly separate the two
functions - but have them both call the same underlying routine, so
they both make the same decisions as to whether a match-selected string
can be constructed or not.
svn path=/trunk/; revision=19976
proto_construct_match_selected_string() to indicate what it does - and
have it return a Boolean indication of whether the string could be
built, returning the string through a pointer, and, if that pointer is
null, have it just return the Boolean and not construct the string.
Get rid of proto_can_match_selected() -
proto_construct_match_selected_string() can be used for that, which
means we have only one piece of code that knows whether a "match
selected" string can be constructed or not.
Have proto_construct_match_selected_string() support matching
zero-length FT_NONE (and FT_PCRE, but that shouldn't happen) fields even
if there's no epan_dissect_t, as such a match just checks whether the
field is present.
svn path=/trunk/; revision=19967
This is used to display the field underlined and to allow the user to double-click on it (like FT_FRAMENUM) to open the URL in the configured browser.
Example usage in the x509ce and logotype certificate extensions.
svn path=/trunk/; revision=19383
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
- register H.225.0 over TLS (configurable port 1300)
- register SIP over TLS (fixed port 5061)
- new function proto_tree_get_root()
svn path=/trunk/; revision=19059
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
"proto_tree_add_XXX_format()" routines except that the format doesn't
have to include the field name - the field name, followed by ": ", are
put into the representation string, followed by the result of the
formatting, so you just format the value with the format string, not the
entire representation.
svn path=/trunk/; revision=17221
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
"abort()" if the ETHEREAL_ABORT_ON_DISSECTOR_BUG environment variable is
set; this is for debugging purposes, to make it easier to get a stack
trace of the offending call.
svn path=/trunk/; revision=16013
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
Add some more optional flags to the protocol items, so more "special cases" can be marked in the protocol tree.
New flags:
/** The protocol field has a bad checksum */
FI_CHECKSUM_ERROR
/** The protocol field has an unusual sequence (e.g. TCP window is zero) */
FI_SEQUENCE_WARNING
/** The protocol field has a bad sequence (e.g. TCP segment is lost) */
FI_SEQUENCE_ERROR
svn path=/trunk/; revision=15499
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
by iDEFENSE. Add constant format strings to proto_item_append_text()
in a bunch of other dissectors. Copy a comment from proto.c to proto.h.
svn path=/trunk/; revision=14713