Support all possible file formats that wiretap writes, using the
same "-F" flag that other CLI tools like editcap, mergecap, and tshark
support. Default is still pcap for now; a future commit will switch
to pcapng and remove the "-n" option, to match other CLI tools.
Add support in text2pcap for the regex mode added to "Import from
Hex Dump" in 3.6.0 The input and output indicators cannot (yet?)
be configured, and are set to the default of allowing any of "iI<"
for inbound and "oO>" for outbound. This reaches feature parity
between text2pcap and Import from Hex Dump, fixes#16724.
(There might be some more cleanups to do, including docs.)
Add information about the different kind of comparisons with
multiple fields to the wireshark-filter man page.
Add some minimal information to the user guide. It would be
nice to have a section dedicated to this with some examples.
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
Add docs/diagnostic-options.adoc, which is a snippet that documents our
various --log-* options. Include it in the dumpcap, rawshark, and tshark
man pages.
Make the ws_log_print_usage output more consistent.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
Currently used to define ssize_t on platforms that lack it.
Fix some Windows build errors caused by moving the definition into a
separate header.
Fix some narrowing warnings on Windows x64 from changing the definition
of ssize_t from long int to int64_t.
The casts in dumpcap are ugly but necessary. The whole code needs
to be rewritten for portability, or the warnings disabled.
Update to reflect the transition from C99 to C11. Remove obsolete
comments and recommendations. Add a bit about transitioning to C
fixed width types.
Related to #17768.
This commit includes all statistics / taps that exist up through the
3.4.x release. Another commit will handle the ones added in the 3.6
branch. Mention that statistics are unaffected by the display filter
(but are affected by capture and read filters, and usually have their
own filters) at the top rather than repeating the same boilerplate
in half the options.
Ping #8353
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
Update README.stats_tree including the sample implementation for
changes in the API, such as the enum return value and needing to
set the node datatype as either int or float.
Also update the comments in the stats_tree header to make it clear
that abbrev and name refer to the abbreviation used in the tshark -z
option, and the name of the menu and window in the GUI for the stats
tree.
A number of protocols have IDs that can be reused that are used as
lookup keys. In most cases the frame number should be used as well
to differentiate repeat appearances of an ID. For response/request
matching, it is frequently useful to find the most recent frame number
(greatest value less than or equal to the current one) that contained
an ID.
We can achieve that by using a multimap that stores values with a given
ID in a tree keyed with the frame number. This works better than using
a map or a tree alone:
1) A map isn't ordered, so doesn't allow for less than or equal comparison.
2) Using a tree requires an ordering on all the ID components, and then
having to test all the components other than the frame number separately
for equality after retrieval.
Currently the multimap does not support inserting items without specifying
the tree key (and having the multimap generate a key), because the total
capacity of trees (including deleted nodes) is not tracked. If other use
cases are needed, this could be added later along with more generic
multimap support.
Use a multimap in ANSI MAP, ANSI TCAP, and GSM SMS, all of which need to
match lookup IDs that can be reused. Fix#7653.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
Wireshark's config.h isn't available to third-party plugins, and the
developers of the plugin might not even have their own config.h, so
don't include it in the example (if it *does* have its own config.h, the
developers will presumbly know that they should include it).
Unlike other header fields in filter expressions protocol names
cannot contain upper-case letters. Remove that restriction. This
should make start-up slightly faster as it remove an extra loop
for each protocol filter name.
This was added in 9ead15a6eb but
I don't see a reason to have different rules for protocols and
fields, it seems the README.developer was just being vague and
conflating PROTOABBREV with PROTOFILTERNAME.
The recommendation for lower case is a style recommendation,
and it's a good one, but it should be applied uniformly. As
long as we are not enforcing this for all field filter values
there is no point in enforcing it just for protocol names and
actually it is detrimental, e.g:
hi2operations
HI2Operations.IRIsContent
HI2Operations.UUS1_Content_element
HI2Operations.iRIContent
HI2Operations.iRISequence
HI2Operations.IRIContent
HI2Operations.iRI_Begin_record_element
HI2Operations.iRI_End_record_element
HI2Operations.iRI_Continue_record_element
HI2Operations.iRI_Report_record_element
(...)
It's weird and unexpected to have this difference and there is
no technical reason to require it. What we should probably do
is not include the protocol name in the FIELDFILTERNAME and
have the registration mechanism append it to the PROTOFILTERNAME.
Also disallow leading '-' everywhere in filter names, not just
protocol filter names. It's a universal requirement.
A charconst uses the same semantic rules as unparsed so just
use the latter to avoid redundancies.
We keep the use of TOKEN_CHARCONST as an optimization to avoid
an unnecessary name resolution (lookup for a registered field with
the same name as the charconst).
This is a first pass that covers the WSDG, WSUG, man page, a code
comment and a README. Plenty left to do in the Debian files, a few
Lua examples and other misc files.
Remove the generate_*_pages targets that were recently introduced,
since they're not really needed. Only add the "manpages" target
if we have Asciidoctor.
Move our attributes.adoc includes to the very top of each man page.
Older versions of Asciidoctor complain if it's not at the top. and
additionally generate <file>.man instead of <file>.<section> if we don't
explictly supply an output file.
Asciidoctor lets us generate multiple documents at once, so do so for
our man pages. If we're using AsciidoctorJ this minimizes the number
of JVM instances we have to spin up. This reduces the build time on my
Windows VM here quite a bit, and will hopefully do so on the CI builders.
Add a .editorconfig file in cmake/modules.
John Thacker