Currently this is only for GTK, but allows users to test it to see if its worth adding to Qt (my personal opinion is yes).
From Jiří Engelthaler
svn path=/trunk/; revision=52790
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
the "unittest" module that comes with Python. Specifically, this
takes advantage of a couple of features in the "unittest" in
Python 2.7. The tests are all the same as before, but much
better managed.
This is in preparation for some work on the display filter code.
svn path=/trunk/; revision=52136
Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
Add the QCustomPlot widget. Thanks to Emanuel Eichhammer for granting a
license change. Move some common code from ui/gtk/tcp_graph.c to
ui/tap-tcp-stream.[ch]. Get rid of tcp_graph_selected_packet_enabled().
It was only used in the menu code and didn't match what we were doing
elsewhere.
Still quite a bit of work to do but it's a promising start.
svn path=/trunk/; revision=51538
name is specified, it currently must be a DLT_ name rather than a
LINKTYPE_ name, as we use libpcap to do the mapping and it currently has
no API to map LINKTYPE_ names to values, but if a number is specified,
it could either be a LINKTYPE_ name or a DLT_ name if the two are
different, and we want to encourage the use of LINKTYPE_ values.
Note that in comments.
svn path=/trunk/; revision=51204
DLT_ value, which is good because it's a numerical value and the
numerical values for some link-layer header types are OS-dependent, but
the numerical values for all LINKTYPE_ values are OS-independent. Use
LINKTYPE_RAW, not the value for the DLT_RAW on some but not all OSes,
for raw IP.
Also, 7 is LINKTYPE_ARCNET_BSD, emphasis on the "_BSD"; there's also a
Linux encapsulation for ARCNet that is different. Note that it's the
BSD flavor.
svn path=/trunk/; revision=51005
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
C++-ize the UAT headers.
Add an ElidedLabel widget. Use it in the File Set, Profile, and UAT
dialogs.
Update the Qt README.
svn path=/trunk/; revision=50896
The overhead is not large, and it makes append much faster (O(1) vs O(n)).
It also will make a queue easy to add, which I need for a dissector I'm
writing...
svn path=/trunk/; revision=50744
Update the README to reflect the value_string name changes in r48645.
From me: reorganize a bit to promote the use of val_to_str over try_val_to_str
in most cases.
svn path=/trunk/; revision=50557
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
just define WS_DLL_PUBLIC_NOEXTERN inside the ifdefs, and define
WS_DLL_PUBLIC as WS_DLL_PUBLIC_NOEXTERN followed by "extern".
Then rename WS_DLL_PUBLIC_NOEXTERN to WS_DLL_PUBLIC_DEF, to clarify that
it's what should be used for definitions; at least on Windows, you
*have* to use it when declaring arrays without a size, and, whilst you
might be able to use WS_DLL_PUBLIC for definitions of functions and
perhaps data definitions other than no-size arrays, it might be clearer
to rename WS_DLL_PUBLIC to WS_DLL_PUBLIC_DECL and use it only for
declarations.
svn path=/trunk/; revision=50334
Jeff Morriss