(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I099b85e98f3b9742b1addd8d260b3e94ca7add31
Reviewed-on: https://code.wireshark.org/review/2866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This has several implications:
- we match user expectations that a ring-buffered tshark capture will run
forever without running out of resources (except where we still have leaks)
- we lose reassembly and request/response matching when the relevant packets
are split across files, but this actually makes our output more consistent
with dissecting those files after-the-fact
I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.
Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I2a973b6168235d5d1c7f2a5f8ac79b97b963d846
Reviewed-on: https://code.wireshark.org/review/2863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This addresses part of, but not all of, the issues in bug ten thousand,
one hundred, and ninety:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10190
(I'm spelling it out to make sure Gerrit doesn't think this change
*does* address all the issues in that bug, and mark it as RESOLVED
FIXED; I feel like I have to treat Gerrit as a dog or small child from
whom I'm trying to keep a secret - "honey, I'm taking the dog to the
vee eee tee".)
Change-Id: Ic234130c1ea84cfaf47901485dca775e168f71d0
Reviewed-on: https://code.wireshark.org/review/2859
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This reverts commit b136182ad4
This function are already marked inline, and profiler don't show much difference in performance,
revert as previous version is cleaner.
Change-Id: I1ac2c30a91b46278730ceee127efa086c7fbc6d6
Reviewed-on: https://code.wireshark.org/review/2828
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The groups are, technically, independent of the notion of a menu, and,
if we have mechanisms by which taps that are not only GUI
toolkit-independent but independent of the *existence* of a GUI can be
registered, they might want to register themselves in a group just in
case they're running in a program that has a GUI.
Also, this might fix the Debian package build.
Change-Id: I29435681e79748fd4f2e0c5ac872cd11f831d172
Reviewed-on: https://code.wireshark.org/review/2830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wsutil contains the only code that uses version.h; make the dependency
explicit, to see whether that fixes the current build issues with Debian
packaging.
Also, get rid of all *other* dependencies on gitversion.
Change-Id: I89fa5e4112633b83a1a7dfa349bc337e3688575f
Reviewed-on: https://code.wireshark.org/review/2823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's no longer used in version_info.c, but is used in the main source
files of TShark and Wireshark (it's already included in dumpcap).
Change-Id: I2169a2bbed678baf26fc8711d7c13d95cce3ee2a
Reviewed-on: https://code.wireshark.org/review/2819
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The catapult dissector tripped on this random file I had. A quick look
at other dissectors which use a construct like "-1] *= '*\\[rn]" showed
packet-irda too, so fix that as well.
Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593
Reviewed-on: https://code.wireshark.org/review/2802
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This includes Windows (which doesn't even have getopt()).
Change-Id: I01a3a9a00014176875ddad6760c387bf7aa9de84
Reviewed-on: https://code.wireshark.org/review/2804
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a comment indicating why we're not generating text2pcap_OBJECTS from
text2pcap_SOURCES and using that.
Change-Id: I8235080c3ea2bb31861a9c4f5aee9e6ce6a0808c
Reviewed-on: https://code.wireshark.org/review/2801
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The routines to get libpcap version information just say "no pcap here"
if we don't have it, so they're called regardless of whether we were
compiled with it.
Change-Id: I4e58cce83f7c0e36aa6ef9b40ec7075732402f3b
Reviewed-on: https://code.wireshark.org/review/2800
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the output for them resemble the output for other programs.
Change-Id: I45dbee32ad403b8fedc2350ac9096ac1a5820cbe
Reviewed-on: https://code.wireshark.org/review/2799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Splitting %s from \n makes it clearer that the %s's in question take
arguments that already include a newline, and that the subsequent \n
adds a blank line.
Change-Id: I5bac8ca80b42f7de980ad29480042cae3166ff7e
Reviewed-on: https://code.wireshark.org/review/2797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have --version print the version number, the copyright information, the
"compiled with" information, the "running on/with" information, and the
compiler information.
Have --help print the version number, a one-line summary of what the
program does, a reference to http://www.wireshark.org for more
information, a Usage: line, and a list of command-line options.
This means programs doing that don't need to include version.h; that's
left up to get_ws_vcs_version_info() to do.
Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb
Reviewed-on: https://code.wireshark.org/review/2794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
