* ptvcursor_push_subtree(), ptvcursor_pop_subtree() for pushing/popping
subtrees. Multiple levels of subtrees (256 max.), allocation per 8 levels.
* Two new functions creating an item in the tree and pushing a subtree at the
same time. These two functions accept an undefined length
(SUBTREE_UNDEFINED_LENGTH). The length of the item is set at the next pop.
1) ptvcursor_add_with_subtree
2) ptvcursor_add_text_with_subtree
- get rid of potential memory leaks with g_new in ptvcursor_new().
- Documentation of the new ptvcursor functions in README.developer
svn path=/trunk/; revision=21276
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
I have changed the patch according to your suggestions and also changed
the doc[book] files accordingly. I tested the patch and it does seem to
work fine on my test-system.
ULFL: In addition, I've added the en-/disabling to the other (already existing) Copy menu items - some just did nothing, some crashed if nothing was selected.
I've also sligthly changed the menu seperators and made both context menus look a bit more identical.
svn path=/trunk/; revision=21005
I've had a good look at the code in packet-tcp.c, and whilst it's
somewhat impenetrable, I've come to the conclusion that it just doesn't
support multiple pdus as described.
That's not entirely unreasonable in itself; my objection is solely to
the fact that README.developer is completely misleading. In fact, even
the example dissect_cstr won't work on the tcp dissector, because if you
set desegment_len=1 the tcp dissector believes that you know what you
are doing and doesn't let you change your mind later.
Furthermore, 2.7.2 says that you can set desegment_len=-1; that doesn't
work either, because the tcp dissector expects
DESEGMENT_ONE_MORE_SEGMENT, which is 0x0fffffff, which is nowhere near -1.
In short, I think the relevant section of README.developer needs a
rewrite. I attach a patch - comments welcome.
svn path=/trunk/; revision=20974
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
In the Developers Guide, Section 9.3, Example 9.17. Decompressing data
packets for dissection
The code calls tvb_set_free_cb() for the newly created next_tvb. This
is unnecessary as the call to tvb_set_child_real_data() adds next_tvb to
the chained list of tvb, thus ensuring that next_tvb is correctly
deleted. In fact when I had the call in, Visual Studio kept breaking
deep down in ntdll.dll, probably because of a double free every time the
main tvb was deleted.
In README.developer, para 2..2.7 The example conversation code doesn't
assign the result of conversation_new() back into the conversation variable.
svn path=/trunk/; revision=20569
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
tcp_dissect_pdus(), pinfo->desegment_len indicates whether your
dissector needs more data from TCP or not - the return value doesn't
indicate that.
Fix typo.
It appears that the Id keyword is one of the case-insensitive ones in
the svn:keywords property, so if you set it to "ID" it still expands
"$Id$"; it also appears not to expand "$ID$". We use Revision, Date,
and Author in the document to indicate the revision, and don't expand
Id, so that references to "$Id$" get left alone.
Rewrap paragraphs.
svn path=/trunk/; revision=19950
config.nmake contains the target INSTALL1_DIR and INSTALL2_DIR. I guess you can retain the previous behaviour by using . for both DIRs, though I never tested this...
svn path=/trunk/; revision=19302
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
Look for a string that starts with "rdp". This should take care of
cases where a default capture filter is set needlessly.
Update the docs accordingly.
svn path=/trunk/; revision=19236
"I ran doc/README.developer through a spell checker and conservatively
changed misspelled words. Attached is a compressed patch with the
corrections."
svn path=/trunk/; revision=19070
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
only list the files in one place, Makefile.common; make-dissector-reg
will generate the init routines and other boilerplate for you).
svn path=/trunk/; revision=17920
* Written almost 6 years ago, some of the information is outdated.
* The referenced images are missing, so the presentation won't run.
The author agrees to remove it
svn path=/trunk/; revision=17454
Attached a small patch to top level Makefile.am to include the recently
added diamter data files chargecontrol.xml and TGPPSh.xml
From jaaap Keuter:
I've polished up the README.malloc describing ememified memory management. It's basically the same information, but made a bit more accessable. All this in response to bug 511
svn path=/trunk/; revision=16845
new: -D to list interfaces
changed: -i will also accept indices (rather than complete names only)
text copied from the tethereal.pod file
svn path=/trunk/; revision=16793
that if you want to send text to a file, just redirect the standard
output. I've seen at least one message on the Ethereal lists from
somebody who didn't realize that, and I think I've seen more.
svn path=/trunk/; revision=16737
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
I've edited this a bit, without the real knowledge :-(, to make it:
a. look better
b. make more sense (at least to me)
svn path=/trunk/; revision=16325
remove Byte(s) from the dropdown list of filesizes, this doesn't make sense
replace 1000 with 1024, as all (modern?) file managers are based on 1024 bytes for a kilobyte (the old KB vs. KiB controversy)
svn path=/trunk/; revision=16149
IPv6 addresses. Use "tvb_get_ipv4()" in the WINS Replication dissector,
so that it gets the right answer on little-endian *AND* big-endian
machines.
svn path=/trunk/; revision=15753
Makefile.nmake instead of doing our own XCOPYing. Use the "clean-deps"
target when we're done instead of leaving DLLs lying around.
Normalize the use of underscores vs hyphens in the "clean-deps" target.
svn path=/trunk/; revision=15704
returned quite a list of files. Add them to MAINTAINERCLEANFILES.
Whitespace changes (replace multiple spaces by TABs, in a few cases this
needed to be done at the beginning of Makefile lines.
svn path=/trunk/; revision=14891
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
in the plugins subdirectory. This target will copy all plugins to plugins/$(VERSION), thus (t)ethereal will
find and load the plugins when called from within the source tree.
call this target from the main nmake makefile after
installing other dependencies. call it from the nmake makefile
in the doc subdirectory before calling "tethereal -G".
This way "tethereal -G" will recognize the filterable
fields from the plugins, too.
svn path=/trunk/; revision=14284
This target will copy all files, mainly dlls, which
are necessary to run (t)ethereal to the source tree.
After copying all necessary dlls to the source tree,
you can run (t)ethereal directly from the source tree.
svn path=/trunk/; revision=14259
Boolean value that's true if any of the bits in question are set and
false if none of them are, not to an integer or slice value with the
only the bits set in both values set.
svn path=/trunk/; revision=14033
not the result of dissecting that data.
Note that "-F" applies to the output of "-w", that "-S" says "dissect
and print even if you're doing '-w'", and that "-T" applies to the
dissected output, not the "-w" output.
svn path=/trunk/; revision=13975
it serves the same purpose as the register routine in a built-in
dissector, and don't require all dissectors to have one, as they might
just be taps.
Get rid of the stats tree's init routine, as it's just a tap, and as it
doesn't do anything.
Update the idl2eth Python script to generate plugins with register routines.
svn path=/trunk/; revision=13644
Introduce a new init routine for plugins,
which does not take the plugin api table as an
argument and allows etheral to distinguish
between plugins using the old and the new api.
Update README.plugins accordingly
Change all g_warnings() in epan/plugins.c to report_failue().
On windows we do not have a log console open while
loading the plugins, because a log console cannot be opened before the prefs have been read. Thus g_warnings()
does not work for reporting problems with plugins.
svn path=/trunk/; revision=13596
(it's now in an "ethereal" directory, so there's no need for it to have
a name that distinguishes it from files for other programs) - if it's
not found as "preferences", try "ethereal.conf" for compatibility - and
update the man pages appropriately.
Fix a typo in the section color filters (the file name is "colorfilters",
not "color filters").
svn path=/trunk/; revision=13559
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
section, as is done for other files. Just refer to those files in the
section for the "Save" button for the capture and display filter dialog
boxes.
svn path=/trunk/; revision=12398
the platform for which we're building (and that both should be avoided
if possible, i.e. write your code so that it works on all platforms).
svn path=/trunk/; revision=11973
particularly, should disregard all the renaming they did of some
routines, as the old names work Just Fine in 2.x but the new names don't
work in 1.2[.x]).
svn path=/trunk/; revision=11936
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
the specified filter.
Note in the manual that you can't use capture filters when reading a
capture file, and that read filters might require too much CPU when
doing a live capture.
svn path=/trunk/; revision=11594
before using its value, or must check for a null return value and handle
it specially, otherwise you put Ethereal at risk of crashing with bad
packet data.
svn path=/trunk/; revision=11475
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
interval, not over the entire capture (a sum over the entire capture
would yield only one value, which isn't very interesting to plot).
svn path=/trunk/; revision=11359
have to", indicating that if it's too much work to explicitly test for a
null protocol tree, you might want to avoid those tests and rely on the
protocol tree routines not to do much work if passed a null protocol
tree pointer.
svn path=/trunk/; revision=11346
"-T" option.
Talk about packet details rather than the protocol tree, just as we do in
the Ethereal manual page.
Clean up the descriptions of some of the "-z" options.
Fix some typos.
svn path=/trunk/; revision=11344
use to format 64-bit integers.
Fix the RSVP dissector to use that rather than hardcoding "%ll" in.
Remove the "only if G_HAVE_GINT64 is defined" bit from the discussion of
64-bit integers - we're too dependent on having them to support
compilers that don't have a 64-bit integral data type. Do, however,
note that neither "long" nor "long long" are acceptable, and also note
that you shouldn't assume "%ll" does the trick for printing them.
svn path=/trunk/; revision=11182
and not writing to another capture file, for use with "-z" options.
Note that "-z proto" *doesn't* print statistics at the end - it modifies
the packet summary output.
Note that on at least some BSDs the "status" character is set to "off"
by default, so you have to set it explicitly in order to be able to ^T
an application such as Tethereal.
svn path=/trunk/; revision=11038
convenient to put into a command line (no capital letters, no spaces to
require quotes), and one that's a detailed description for use in the
UI. Allow either of them in the preferences file or "-o" option; use
the detailed description in the UI, and also use it when writing the
preferences out, so that the preference will be readable by older
versions of Ethereal (assuming the preference existed in that version).
Update "README.developer" to give more detail about an enum_val_t (and
to put the _t in), and to give a more detailed description of the
"radio_buttons" argument to "prefs_register_enum_preference()".
svn path=/trunk/; revision=10982
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
calls the middle pane the "Packet Details" pane, which is perhaps less
geeky than "Protocol Tree". Update the man page to call it the "packet
details".
Update the description of the menu items to more closely reflect current
reality.
svn path=/trunk/; revision=10781
will not swallow the '\r\n' line end sequence when invoking chomp(), but
instead the '\r' character will remain. For this reason, chomp() cannot
be used and global removal of '\r' and '\n' characters must be used
instead, like in: $_ =~ s/[\r\n]//g;
svn path=/trunk/; revision=10719
line to every Makefile.am file for a given plugin XXX:
XXX_la_LIBADD = -L../../epan -lethereal @GLIB_LIBS@
This way symbols defined in libethereal and GLib are resolved when linking
the plugin dissector modules.
svn path=/trunk/; revision=10601
own modified Per-VLAN STP, so there's some extra stuff at the end of the
packet that needs to be decoded).
Indicate in a comment in packet-cisco-oui.c what PVSTP is.
svn path=/trunk/; revision=10589
Sebastien Tandel