This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
1. Include stdio.h, stdlib.h and string.h only if needed;
2. Add dissector source filename to epan/CMakeLists.txt as well as
epan/Makefile.common.
svn path=/trunk/; revision=32495
indication, not necessarily a base (the base is "how to display" some
numeric fields, but it's not how to display some other fields).
Note that FIELDDISPLAY is the number of bits in the field containing an
FT_BOOLEAN bitfield.
svn path=/trunk/; revision=32480
tap-diameter-avp.patch:
- make diameter.cmd_code configurable rather than hard coded in
- more fields in the output
- documetation/man pages + usage examples
- switch option parser from stdlib to glib to avoid troubles with M$ c++
diameter-dict.patch
remove strage spaces in the AVP names.
svn path=/trunk/; revision=32294
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
makes time-shifting using editcap easier. Sort the flags in the capinfos
man page alphabetically to match the other man pages. Add a
time-shifting example to the mergecap man page.
svn path=/trunk/; revision=31905
Added se_tree_lookup32_array_le to emem.[ch]. This function is similar to
se_tree_lookup32_le already defined.
Updated README.binarytrees to reflect this added function and corrected minor
spelling issues.
svn path=/trunk/; revision=31812
bit, so as not to imply that there's some form of global "mode"
Wireshark is in when it passes a null or non-null pointer (there isn't),
and to explicitly note that there is *no* guarantee about the value of
"tree" on the first call to the dissector. (I.e., please do not build a
mental model of how Wireshark works in that regard, and write your
dissector based on that mental model - you *will* be wrong.)
svn path=/trunk/; revision=31560
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
itself a valid value for that field - it should be ORed with a value.
Indicate that it will never be possible to record in a header_field_info
a byte order for all fields, as some protocols do not specify the
endianness of fields (for example, DCE RPC uses "receiver makes it
right", with the sender sending data in its byte order, with an
indication in the packet of what that byte order is).
svn path=/trunk/; revision=31248
The ability to continue processing additional files if and when
wtap_open_offline() should fail. A new -C option reverts to capinfos'
original behavior which is to cancel any further file processing at
first file open failure.
Change the behavior of how the default display of all infos is initiated.
This gets rid of a special post getopt() argument count test.
Add new table output format (with related options). This feature allows
outputting the various infos into a tab delimited text file, or to a comma
separated variables file (*.csv) instead of the original "long" format.
svn path=/trunk/; revision=30956
level) way to handle passing the result of strlen() to a routine
expecting a int-sized value, mark it as "OK", not "Compiler warning".
svn path=/trunk/; revision=30747
Put the description of the default time format after the description of
all the time formats, i.e. say "the default is relative" after we say
what "relative" is.
svn path=/trunk/; revision=29089
Do some work on "Interface" section to have it match current Wireshark:
additionas/changes to "Menu Items" sub-section.
Various other minor reformatting and rewording.
svn path=/trunk/; revision=29081
checks that really check whether the packet is valid; DISSECTOR_ASSERT()
should only be used for cases where the dissector is making an
assumption about its internal state.
svn path=/trunk/; revision=29006
AUTHORS-SHORT) into doc/. This cleans up the top-level Makefile.am (no more
need to have rules for each man page in both files) and solves the
parallel-build problem described in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3494
svn path=/trunk/; revision=28784
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
* adding pydoc documentation to doc/README.python
* possible to access directly libwireshark via libhandle and raw_<tvb|pinfo|tree>
* transform some methods into properties
* update sample to reflect changes/features
* adding comments!!!
svn path=/trunk/; revision=28532
e_ip->ip_ttl is currently always set to 0, in attachment fix.
I also (in same patch, sorry) submit cleanup to use ep_alloc() instead
of static e_ip buffers, I didn't test it, but I hope it's ok.
There's note about static buffers in doc/README.tapping, which should
also be updated, but I don't feel so good with my English :)
From me:
Rename e_ip to ws_ip. Update the static buffers note in README.tapping.
svn path=/trunk/; revision=28425
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
a decimal separator, as the "," will make the command fail.
(of course it would be nice to have this fixed, but for now, it at least
informs the user how to work around the issue)
svn path=/trunk/; revision=28046
- Enabled "Copy Description" in the main menu and gave it
accelerator key CTRL+SHIFT+D
- Added "Copy Fieldname" to copy the fieldname of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+F)
- Added "Copy Value" to copy the value of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+V)
- Updated documentation to reflect the changes
svn path=/trunk/; revision=28006
tvb_get_seasonal_string();
tvb_get_seasonal_stringz();
.. which work the same as the ephemeral versions of the functions, but use
se_alloc() instead of ep_alloc().
svn path=/trunk/; revision=27868
This patch implements a function for dissecting bitfields with better control
over the resulting representation than the existing proto_tree_add_bitmask()
routine. This function will be used by reworked IPMI/ATCA dissector (bug 2048).
The function is described in README.developer. In short, the differences are as
follows:
- The new function does not require a hf_XXX field for the whole bitmask. When
the bitmask includes several unrelated fields, such hf_XXX field does not make
sense.
- The new function allows better control over the way the sub-item descriptions
are added to the top-level item. For example, proto_tree_add_bitmask() function
does not add non-enumerated integers, does not use true_false_string to display
boolean.
- The new function allows to specify "fallback" text for the top-level item
which is used if no items were added to the top-level item.
svn path=/trunk/; revision=25920
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
to override UAT entries from the command line, e.g.
-o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",\"0\",\"\",\"0\",\"\""
Fix up white space.
svn path=/trunk/; revision=24338
The attached patch makes the Statistics -> RTP -> Show All Streams feature of
wireshark accessible via tshark.
I found it helpful in dealing with tons of RTP captures.
svn path=/trunk/; revision=24252
tcpdump (in the tcpdump package) into its own manpage
(pcap-filter) in the libpcap package in the CVS HEAD
branch. Reference the new and the old location for that
information.
svn path=/trunk/; revision=24020
- The "showHex" name cannot be the name paramter. Changing it to "show_hex" should be fine.
- There is also a missing ';' at the end of a line in the example.
This fixes bug 2092.
svn path=/trunk/; revision=23840
Fixed two typos in ReadMe.Developer documentation:
In the example code given, a comment is not properly closed and a semicolon was
missing in variable definition.
This fixes bug 2085.
svn path=/trunk/; revision=23824
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
http://library.gnome.org/devel/glib/unstable/glib-Miscellaneous-Macros.html#id2571572
G_INLINE_FUNC
#define G_INLINE_FUNC
This macro is used to export function prototypes so they can be linked with an external version when no inlining is performed. The file which implements the functions should define G_IMPLEMENTS_INLINES before including the headers which contain G_INLINE_FUNC declarations. Since inlining is very compiler-dependent using these macros correctly is very difficult. Their use is strongly discouraged.
This macro is often mistaken for a replacement for the inline keyword; inline is already declared in a portable manner in the glib headers and can be used normally.
svn path=/trunk/; revision=22980
case N ... M:
as that's not supported by all compilers.
Say so in the Portability section of README.developer, in the hopes of
discouraging others from using that GCCism.
svn path=/trunk/; revision=22976
Gerald Combs