willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
declares the functions must be included, in order to make sure the
declarations match the function signature. Make it so.
Said header declares pipe_input_cb_t, so we don't have to do it
ourselves.
svn path=/trunk/; revision=54750
the code to scan for them uses those routines.
This means epan_init() no longer takes those routines as arguments -
which is just as well, given that the mechanism in question is no longer
part of libwireshark, but is part of libwsutil.
This should fix bug 9508.
svn path=/trunk/; revision=53796
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
header type fails, as we might be capturing on more than one interface.
Report the failing interface name in single quotes in some places where
we weren't doing so, for stylistic consistency.
svn path=/trunk/; revision=53593
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
After calling wtap_close(), set the wth to NULL so we don't try to close it
again later. (The core only happens when tshark isn't keeping up with dumpcap's
file rotation.)
Wireshark still has a problem but it's a different one.
svn path=/trunk/; revision=52493
thing as the display filter (-Y) in that case except with more confusing
semantics.
This also lets us fix -c in the single-pass case to unconditionally count
packets. This isn't the old behaviour (which counted them only if they passed
the read filter) but is more consistent with two-pass mode where they are
counted even if they pass the display filter, since they are counted on the
first pass and the display filter is applied on the second pass.
Anyone who wants to use -c to limit packet count conditionally on them passing a
filter should use it in tandem with -2 and -R: the read filter is applied on the
first pass before the count.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9048
svn path=/trunk/; revision=51556
The limits are enforced during the first pass, and frames that get dropped from
the first pass for this reason aren't available to the second pass at all, so
checking again is redundant.
svn path=/trunk/; revision=51460
Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases
causing problems for wmem_leave_file_scope() - remove that XXX comment and add
back the assertion.
Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense
there. init_dissection is only called from epan_new, so cleanup_dissection
should only be called from epan_free.
Add one missing epan_free call to tshark revealed by the above changes.
svn path=/trunk/; revision=51342
packet information to a terminal (which we assume is the same terminal
as the one to which the packet counts are being printed), as they get in
the way of each other.
Don't print it if we're sending the standard error to a terminal, or if
-q is specified, either.
Put all the setting of print_packet_counts together; it looks as if the
default value of print_packet_counts may have been changed to TRUE and
the code to handle -q wasn't changed to set it to FALSE if -q was
specified rather than setting it to TRUE if it wasn't specified.
svn path=/trunk/; revision=51227
as long options, and thus identified with numbers rather than option
letters as the return value of getopt_long(), we now have to include
capture_opts.h even if we're *not* building with libpcap, to provide
#defines for those numbers.
svn path=/trunk/; revision=51115
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
... as per the XXX comment removed from tshark.c this was a mess to keep the linker
happy... I couldn't!
I did this without even understanding whether calling main_window_update was realy
necessary in most cases. I guess nothing or more specific update cbs would be best.
svn path=/trunk/; revision=50188
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
If we're not doing dissection (in 2-pass mode) then don't try to mark frames
as depended upon: in that case epan has not been initialized so we shouldn't
be looking in the edt (and anyway without dissection there won't be any
dependent frames).
(I'm not convinced there's any reason to run 2-pass mode without dissection,
however...)
svn path=/trunk/; revision=49554
capture_sync.c, not from capture.c, so they should be declared in
capture_sync.h, so callers that use the capture_sync.c stuff but not the
capture.c stuff - such as TShark - get the declarations and get their
implementations compared with the signatures that they should have.
Doing so points out that some of them in TShark *don't*, so fix that.
svn path=/trunk/; revision=49517
it into a separate capture_session structure. capture_opts should
contain only user-specified option information (and stuff directly
derived from it, such as the "capturing from a pipe" flag).
svn path=/trunk/; revision=49493
than the standard error.
In Wireshark on Windows, create a console before doing so and destroy it
before exiting. Don't do that in TShark or dumpcap, as those are
console-mode programs on Windows.
This should fix bug 8609 and still allow "wireshark -D" and "wireshark
-L" to work when the standard output isn't redirected.
svn path=/trunk/; revision=49025
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7530
The frame_data_cleanup function was ambiguous; it was being used for two
different purposes, and did neither of them quite properly. Split it instead
into frame_data_reset and frame_data_destroy, and call the correct one depending
on why we were originally calling frame_data_cleanup.
svn path=/trunk/; revision=48324
When doing second pass tshark, packet data is read to cf->pd (and not already freed cf->wth buffer).
Writting files with two pass analysis never worked, buggy since introducing two pass analysis in r30076.
svn path=/trunk/; revision=47851
is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.
svn path=/trunk/; revision=47758
information to crash dumps and the like. (Currently, we only handle OS
X's CrashReporter, but we should do this on other platforms where this
information can be added and would be helpful.)
White space tweaks.
svn path=/trunk/; revision=47104
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
called. (cf_open() calls init_dissection() which, since r45511,
re-initializes the name resolution database.)
Complain if the user gives an invalid argument to "-W".
Specify the invalid argument if we don't like a "-z" argument.
svn path=/trunk/; revision=46238
should be used (on success, have it return 0). Exit with that exit
status; if the problem is that we couldn't get the interface list or if
there are no interfaces in that list, return 2, as that's not a
command-line syntax error.
svn path=/trunk/; revision=46108
Friendly Names for interfaces on Windows
Notes on the changes the patch covers:
* if_info_t struct: addition of friendly_name
* Dumpcap Interface list format changes:
+ Win32: "dumpcap -D" shows friendly_name in place of descript if known
+ All: machine interface "dumpcap -D -Z none" includes friendly_name in the
list in addition to the existing parameters
* interface_options struct: addition of console_display_name
+ When an interface name is displayed in a console, it will typically be the
console_display_name (instead of name).
+ console_display_name is used as the basis of the autogenerated temp
filenames
+ console_display_name is typically set to the friendly_name if known,
otherwise it is set to the interface name
* Enhancements to capture_opts_add_iface_opt() (the function which process -i
options).
+ Can now specify the interface using its name and friendly_name
+ Interface name matching is case insenstive
+ Name matching first attempts exact matching, then falls back to prefix
matching
(e.g. dumpcap -i local)
+ Validates interface names, instead of blindly sending them off to
winpcap/libpcap
+ Interface specification by number is still supported.
* capture_opts_trim_iface() has been refactored:
+ Instead of repeating a decent chunk of the cost in
capture_opts_add_iface_opt(), it calls capture_opts_trim_iface() to specify the
interface.
* introduction of capture_win_ifnames.[ch] (windows only code)
+ Implements static function GetInterfaceFriendlyNameFromDeviceGuid() - a
windows version independant function to convert an interface guid into its
friendly name. Uses published api functions on windows vista and higher, but
falls back to unpublished API functions on older windows releases.
+ void get_windows_interface_friendlyname(/* IN */ char
*interface_devicename, /* OUT */char **interface_friendlyname); - extracts the
GUID from the interface_devicename, then uses
GetInterfaceFriendlyNameFromDeviceGuid() to do the resolution
* Auto temp filename generation:
+ Now uses wireshark_pcapng_* or wireshark_pcap_* depending on file format
+ Basis temp filename format on console_display_name
+ Win32: if console_display_name is a windows interface guid, extracts
numbers from GUID here (instead of in interface option processing)
GUI CHANGES:
* Dialog that displays when you click the "Manage Interfaces" button (within
Capture Options dialog) has been renamed from "Add new interfaces" to
"Interface Management"
* ui/gtk/capture_dlg.c: new_interfaces_w variable renamed to
interface_management_w
* Win32: Local Interfaces tab on Interface Management dialog, shows includes
friendly name as far left column
* Interface Management dialog defaults to larger size on win32 - so it fits
without resizing local interfaces tab
* Interface Management dialog now saves preferences when you click the apply
button (local hidden interfaces was not persisting across restarts)
* Tweaks: "Interface Details" dialog (Interface list->Capture Interfaces ->
Details):
+ "Friendly Name" renamed to "NDIS Friendly Name"
+ Added "OS Friendly Name" to the top of the list
* Win32: The "Capture Interfaces" dialog now shows the friendly name instead of
device guid
* Welcome screen:
+ The height of the interface list scrollbox dynamically adjusts & updates to
the number visible interfaces.
Up to 10 interfaces can be listed without a scroll bar, the minimum height
is for 2 interfaces.
+ Win32: now shows just the Friendly Name if known - in place of
"Interfacename_Guid:(Description)"
svn path=/trunk/; revision=46083
printed when either -T is not specified or "-T text" or "-T ps" is selected.
2) Allow for packet hex/ascii to be printed without necessarily requiring that
either packet summary or packet details also be printed. This just means that
if you want packet summary information, use "-Px" instead of just "-x".
3) Fix bug with order of evaluation of -V and "-T psml".
4) If a packet separator is specified, always use it regardless of the -PVx
options chosen.
5) Don't print 2 lines of separation between packets when only printing
hex/ascii. Print 1 line of separation as in all other cases.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7782 plus other misc. enhancements.
svn path=/trunk/; revision=45715
packet_range_init(). Get rid of global cfile references in
packet-range.c. C++-ize packet-range.h. Shuffle some includes around.
svn path=/trunk/; revision=45333
host_name_lookup_process(). If, in the future, we find that we need an
argument for changes we're making, we can add it then.
svn path=/trunk/; revision=45269
This commit reduces size (from 144B to 128B on AMD64) of frame_data structure.
Part of bug 5821: Reduce per-packet memory requirements.
svn path=/trunk/; revision=45071
Remove * from gconstpointers, they are already pointer types.
Add modelines to packet.c and clean up indentation a bit.
svn path=/trunk/; revision=44698