Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7530
The frame_data_cleanup function was ambiguous; it was being used for two
different purposes, and did neither of them quite properly. Split it instead
into frame_data_reset and frame_data_destroy, and call the correct one depending
on why we were originally calling frame_data_cleanup.
svn path=/trunk/; revision=48324
When doing second pass tshark, packet data is read to cf->pd (and not already freed cf->wth buffer).
Writting files with two pass analysis never worked, buggy since introducing two pass analysis in r30076.
svn path=/trunk/; revision=47851
is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.
svn path=/trunk/; revision=47758
information to crash dumps and the like. (Currently, we only handle OS
X's CrashReporter, but we should do this on other platforms where this
information can be added and would be helpful.)
White space tweaks.
svn path=/trunk/; revision=47104
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
called. (cf_open() calls init_dissection() which, since r45511,
re-initializes the name resolution database.)
Complain if the user gives an invalid argument to "-W".
Specify the invalid argument if we don't like a "-z" argument.
svn path=/trunk/; revision=46238
should be used (on success, have it return 0). Exit with that exit
status; if the problem is that we couldn't get the interface list or if
there are no interfaces in that list, return 2, as that's not a
command-line syntax error.
svn path=/trunk/; revision=46108
Friendly Names for interfaces on Windows
Notes on the changes the patch covers:
* if_info_t struct: addition of friendly_name
* Dumpcap Interface list format changes:
+ Win32: "dumpcap -D" shows friendly_name in place of descript if known
+ All: machine interface "dumpcap -D -Z none" includes friendly_name in the
list in addition to the existing parameters
* interface_options struct: addition of console_display_name
+ When an interface name is displayed in a console, it will typically be the
console_display_name (instead of name).
+ console_display_name is used as the basis of the autogenerated temp
filenames
+ console_display_name is typically set to the friendly_name if known,
otherwise it is set to the interface name
* Enhancements to capture_opts_add_iface_opt() (the function which process -i
options).
+ Can now specify the interface using its name and friendly_name
+ Interface name matching is case insenstive
+ Name matching first attempts exact matching, then falls back to prefix
matching
(e.g. dumpcap -i local)
+ Validates interface names, instead of blindly sending them off to
winpcap/libpcap
+ Interface specification by number is still supported.
* capture_opts_trim_iface() has been refactored:
+ Instead of repeating a decent chunk of the cost in
capture_opts_add_iface_opt(), it calls capture_opts_trim_iface() to specify the
interface.
* introduction of capture_win_ifnames.[ch] (windows only code)
+ Implements static function GetInterfaceFriendlyNameFromDeviceGuid() - a
windows version independant function to convert an interface guid into its
friendly name. Uses published api functions on windows vista and higher, but
falls back to unpublished API functions on older windows releases.
+ void get_windows_interface_friendlyname(/* IN */ char
*interface_devicename, /* OUT */char **interface_friendlyname); - extracts the
GUID from the interface_devicename, then uses
GetInterfaceFriendlyNameFromDeviceGuid() to do the resolution
* Auto temp filename generation:
+ Now uses wireshark_pcapng_* or wireshark_pcap_* depending on file format
+ Basis temp filename format on console_display_name
+ Win32: if console_display_name is a windows interface guid, extracts
numbers from GUID here (instead of in interface option processing)
GUI CHANGES:
* Dialog that displays when you click the "Manage Interfaces" button (within
Capture Options dialog) has been renamed from "Add new interfaces" to
"Interface Management"
* ui/gtk/capture_dlg.c: new_interfaces_w variable renamed to
interface_management_w
* Win32: Local Interfaces tab on Interface Management dialog, shows includes
friendly name as far left column
* Interface Management dialog defaults to larger size on win32 - so it fits
without resizing local interfaces tab
* Interface Management dialog now saves preferences when you click the apply
button (local hidden interfaces was not persisting across restarts)
* Tweaks: "Interface Details" dialog (Interface list->Capture Interfaces ->
Details):
+ "Friendly Name" renamed to "NDIS Friendly Name"
+ Added "OS Friendly Name" to the top of the list
* Win32: The "Capture Interfaces" dialog now shows the friendly name instead of
device guid
* Welcome screen:
+ The height of the interface list scrollbox dynamically adjusts & updates to
the number visible interfaces.
Up to 10 interfaces can be listed without a scroll bar, the minimum height
is for 2 interfaces.
+ Win32: now shows just the Friendly Name if known - in place of
"Interfacename_Guid:(Description)"
svn path=/trunk/; revision=46083
printed when either -T is not specified or "-T text" or "-T ps" is selected.
2) Allow for packet hex/ascii to be printed without necessarily requiring that
either packet summary or packet details also be printed. This just means that
if you want packet summary information, use "-Px" instead of just "-x".
3) Fix bug with order of evaluation of -V and "-T psml".
4) If a packet separator is specified, always use it regardless of the -PVx
options chosen.
5) Don't print 2 lines of separation between packets when only printing
hex/ascii. Print 1 line of separation as in all other cases.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7782 plus other misc. enhancements.
svn path=/trunk/; revision=45715
packet_range_init(). Get rid of global cfile references in
packet-range.c. C++-ize packet-range.h. Shuffle some includes around.
svn path=/trunk/; revision=45333
host_name_lookup_process(). If, in the future, we find that we need an
argument for changes we're making, we can add it then.
svn path=/trunk/; revision=45269
This commit reduces size (from 144B to 128B on AMD64) of frame_data structure.
Part of bug 5821: Reduce per-packet memory requirements.
svn path=/trunk/; revision=45071
Remove * from gconstpointers, they are already pointer types.
Add modelines to packet.c and clean up indentation a bit.
svn path=/trunk/; revision=44698
a protocol tree in process_packet_first_pass(). Otherwise we crash with
ERROR:dfvm.c:434:dfvm_apply: assertion failed: (tree)
svn path=/trunk/; revision=43420
"unsaved_changes", and have it be TRUE iff changes have been made to the
file since it was read - *not* if it's a temporary file from a live
capture.
Check the "is_tempfile" member, and the "unsaved_changes" member, when
appropriate.
Just have a set_toolbar_for_capture_file() routine that updates the
"save", "close", and "reload" toolbar as appropriate, given a
capture_file structure - absorb the function of
set_toolbar_for_unsaved_capture_file() into it.
svn path=/trunk/; revision=42721
The problem was that when reading a .pcap file, we don't have any IDBs.
If reqested to write out an pcapng file, we (now) build a dummy IDB which
uses the file's encapsulation as the interface encapsulation. Therefore
it can't be per=packet.
We need to fix this by using wtap_dump_open_ng()...
svn path=/trunk/; revision=41122
the details of what in particular is unsupported; report it in TShark
and Wireshark.
Handle WTAP_ERR_RANDOM_OPEN_PIPE in TShark.
Handle WTAP_ERR_COMPRESSION_NOT_SUPPORTED in TShark, and have its error
message in Wireshark not speak of gzip, in case we support compressed
output in other formats in the future.
If we see a second section header block in a pcap-NG file, don't report
it as "the file is corrupted", report it as "the file uses a feature we
don't support", as that's the case - and don't free up the interface
data array, as the file remains open, and Wireshark might still try to
access the packets we were able to read.
svn path=/trunk/; revision=41041
sent to the standard output if "-w" is specified because, when you
capture, you can capture with the output directed to the standard
output, and dumping some text crap to the standard output will corrupt
your capture file.
svn path=/trunk/; revision=40966
Went through all stderr cases within tshark trying to make tshark "quieter". I
basically ended up agreeing with the submitted in terms of what should be
switched to stdout from stderr. The attached patch does that.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2881
svn path=/trunk/; revision=40862
test scripts are passed.
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40715
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40693
it wasn't, whether it matters; that way you can still capture from a
pipe (named or "-" for standard input) even if you don't have WinPcap.
svn path=/trunk/; revision=40336
and capture_interface_list(). Return it if, on Windows, we ask for the
interface list but don't have WinPcap installed. Handle it like
CANT_GET_INTERFACE_LIST.
svn path=/trunk/; revision=40334
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
getopt() can/should normally be found in unistd.h, so:
- When testing for getopt(), define that we HAVE_GETOPT instead of
HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)
If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.
svn path=/trunk/; revision=38437
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
Added ability to display UTC time or UTC time with date. I liked having the
difference between UTC and local time, not just setting local=UTC.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629
svn path=/trunk/; revision=37898
is mainly an attempt to fix the currently-broken "test.sh" step on the
XP buildbot. If this causes too many problems we might want to have
suite-capture.sh:capture_step_snapshot pass "-P" to dumpcap instead.
svn path=/trunk/; revision=37736
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
Add a new tap flag to indicate that a tap listener is just a "dissector helper",
that is, a tap which is used by a dissector to help it do its dissection but
does not, itself, require dissection.
Use this new flag in the dissectors which register taps.
Remove the (now-unused) have_tap_listeners() function.
svn path=/trunk/; revision=37069
Evan Huus