name is specified, it currently must be a DLT_ name rather than a
LINKTYPE_ name, as we use libpcap to do the mapping and it currently has
no API to map LINKTYPE_ names to values, but if a number is specified,
it could either be a LINKTYPE_ name or a DLT_ name if the two are
different, and we want to encourage the use of LINKTYPE_ values.
Note that in comments.
svn path=/trunk/; revision=51204
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
to the tree (to separate this case from the generic DISSECTOR_BUG case).
Enable this environment variable when fuzz testing.
Enable the 3rd (without tree but with a read filter) check (added in r49643)
when testing capture files but not when fuzz testing--not sure if we want to
add even more to the fuzzbot's work load now (OTOH I've been running it for
a while and it hasn't buried me in bugs).
svn path=/trunk/; revision=49784
variable (WIRESHARK_DEBUG_USE_SLICES) which turns off the slab allocator and uses
g_slices instead (which can themselves be turned off by setting
G_SLICE=always-malloc).
This makes debugging problems in slab-allocated memory easier to find
(hopefully including https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 ).
Set WIRESHARK_DEBUG_USE_SLICES when running Valgrind on *shark.
Remove unused structure member: emem_chunk_t.org.
svn path=/trunk/; revision=47110
shown for the previous input format (showing "data" as a pointer is a
bit confusing, as it's just in-line data in the input), and give a more
detailed description of the issues with that file format (the size of
the seconds field of the time stamp is platform-dependent).
svn path=/trunk/; revision=46864
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
prevents OutOfMemory exceptions from being thrown. This makes it easier
to debug such conditions.
Set this variable in test-fuzzed-cap.sh but not in fuzz-test.sh; it's nice
to see the friendly out-of-memory error message in the bug reports the
latter script generates.
svn path=/trunk/; revision=41656
rawshark but broke the ability to feed it live packets with a
pcap_pkthdr prefix on some 64-bit architectures.
Add a "-p" flag which lets us explicitly handle file-based or
memory-based packet record headers.
svn path=/trunk/; revision=34522
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
From reading the rawshark(1) manpage my assumption was that rawshark
could be used like
$ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ...
However rawshark either expects the -r argument to be -
(read from stdin) or a pipe which results in the following error
message:
rawshark: ".../test.pcap" is neither an interface nor a pipe
The proposed rawshark.pod patch updates the -r description to
the implemented rawshark functionality.
The patch also applies to the current SVN version.
svn path=/trunk/; revision=33063
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
Jeff Morriss