plugin_ldadd was removed in 262a84c384.
Change-Id: I516aa1be3466433bf8db83ab3d1773bf88082e8c
Reviewed-on: https://code.wireshark.org/review/24850
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Micro version bump for mate to homogenize it between CMake and autotools.
The cmake macro doesn't handle the "a" suffix and it doesn't seem worth
implementing.
Change-Id: Ib022c6aa170623b83a9700e4fa098c60a9cddfab
Reviewed-on: https://code.wireshark.org/review/24847
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
plugin.rc is Windows specific, also add condition to reflect that.
Change-Id: Ibbb7dab77dd1f277e2302c8f931218ca433f8c72
Reviewed-on: https://code.wireshark.org/review/24833
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Currently more autotools than CMake.
Change-Id: I167f0bdd49d70d72f6155a4d978975c034ce3b4a
Reviewed-on: https://code.wireshark.org/review/24773
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I728091998c531c992aa1b741b03e653460a0e77f
Reviewed-on: https://code.wireshark.org/review/24499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Replace the GPLv2+ blurbs in the doc and docbook directories with SPDX
headers as appropriate. This includes example code such as
packet-PROTOABBREV.c.
Remove dfilter2pod.pl and dfilter2xml.pl. We haven't used them since
2010.
Change-Id: I4adec02a9a4bc3e71e32bdf89f2754edaf696938
Reviewed-on: https://code.wireshark.org/review/24343
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After other changes, add info about -G help
and update output from -G dissector-tables.
Change-Id: I339d5c31a606720ef92e641e59ec5a45114321a8
Reviewed-on: https://code.wireshark.org/review/24188
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Convenience function to add the same parameters to find_conversation as
find_or_create_conversation.
Change-Id: I3a92541cb9c1e827a9de8248825636debbd989cd
Reviewed-on: https://code.wireshark.org/review/24118
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move The Slowest Migration In The History Of Ever a little further
along.
Change-Id: Ib8b49708e7036dd412a7ffc8660ded9f681374c0
Reviewed-on: https://code.wireshark.org/review/24006
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't need to be this strict for bundled plugins about following
the GNU Coding Standards.
Change-Id: I18ed1b81d428eea15ea387102823f588287daf81
Reviewed-on: https://code.wireshark.org/review/23918
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ptvcursor_add_ret_uint
ptvcursor_add_ret_int
ptvcursor_add_ret_string
ptvcursor_add_ret_boolean
Change-Id: I41fa91b1ab805778d34a61215830b12a1331e864
Reviewed-on: https://code.wireshark.org/review/23895
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tcpdump just got a --print option, which causes packet information to be
printed even if the raw packets are being saved to a file with -w. We
have -P for the same purpose; make --print another name for it.
While we're at it:
document --help and --version;
just speak of -P/--print as causing printing even of the packet
details, even though -V forces printing with -w, for consistency
with how --print is documented for tcpdump;
fix the description of -h/--help.
Change-Id: Idf650a202a09a2d1682edbd9d76123f1b1412b55
Reviewed-on: https://code.wireshark.org/review/23888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only plugins built for the same feature release (X.Y) are assured binary
compatibility. Make sure we don't try to run unsuitable code and, if so,
warn the user. This might happen for example if the user manually copies
a binary plugin to the wrong folder, intentionally or by accident.
I'm using "release version" to loosely mean not a patch release
(i.e: a feature release).
Change-Id: I896e9cbbd2d3843623fff6af8ef51002ec06f1f8
Reviewed-on: https://code.wireshark.org/review/23807
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Print the SHA256, RIPEMD160, and SHA1 hashes for each file instead of
SHA1, RIPEMD160, and MD5. SHA256 seems to be the preferred file hashing
algorithm these days and MD5 is actively discouraged. Note that we might
remove SHA1 (which is also discouraged) as well.
Change-Id: I74d972ae5f3484c83175cd3f3c7a55f99c171e20
Reviewed-on: https://code.wireshark.org/review/23761
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add flow graph functionality to tshark through -z option.
Output is same as ASCII format saved from GUI.
Change-Id: Iee0bfea7215858e6488b4728581be28287e9ea1a
Reviewed-on: https://code.wireshark.org/review/23652
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for extcap control pipes on Windows.
Improved read loop in InterfaceToolbarReader.
Delay opening control pipes until extcap has opened the fifo pipe.
Make extcap_example.py work on Windows.
Bug: 13833
Change-Id: I4b47d25452637759b8a3be53be48eee5365bc0e4
Reviewed-on: https://code.wireshark.org/review/23211
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert the contents of the top-level README to Markdown and give it a
.md extension. Most of our documentation is plain text or AsciiDoc, but
the top-level README file in a Git repository is special in that many
online browsers will show the README contents along with the directory
listing and those browsers tend to favor Markdown. This is true of
GitHub (which we're currently mirroring to), Gerrit via its Gitiles
plugin (which we're not yet using but likely will), and other places.
Add "foreign" to AM_INIT_AUTOMAKE. There is probably a joke to be
made here about the FSF and border walls.
Change-Id: I87c306d74864e1f0a432225b160a1b4483ee946c
Reviewed-on: https://code.wireshark.org/review/23049
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust the following CMake and Autotools behaviors in order to
synchronize their respective install behaviors:
- Disable tfshark by default in CMakeOptions.txt
- Add profiles/Bluetooth/preferences to Makefile.am
- Add missing captype and ciscodump entries to doc/Makefile.am
- Install help/faq.txt on all platforms in CMakeLists.txt
- Add BUILD_corbaidl2wrs, BUILD_dcerpcidl2wrs, and BUILD_xxx2deb
options to CMake and use them to adjust the corresponding parts
of the build.
- Pull the DCERPC idl2wrs build steps into the top-level
CMakeLists.txt.
This change doesn't sync everything. Some installed content still
diverges, including the following:
- CMake installs a bunch of modules into lib/wireshark:
FindGLIB2.cmake
FindWireshark.cmake
FindWSWinLibs.cmake
LocatePythonModule.cmake
UseAsn2Wrs.cmake
UseMakeDissectorReg.cmake
WiresharkConfig.cmake
WiresharkConfigVersion.cmake
Do we need any or all of these? If so, should the Autotools behavior
be synced accordingly?
- Autotools installs libtool .la files. It also installs
wireshark-gtk.desktop unconditionally.
Change-Id: I7846efe08f7139c31b6ceca6f08a1fa5168b3e22
Reviewed-on: https://code.wireshark.org/review/23041
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove grep output of explict count of heuristic protocols because
it changes too often to bother updating.
Change-Id: I69b0dfbae32f9eb9ffef6c3200238819ddf522e6
Reviewed-on: https://code.wireshark.org/review/22793
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Missing newline after '}'" suggests either that the "}" is the line
character in the file or that it's followed by a character other than a
newline. What it actually appears to mean is "you didn't put a blank
line between one author entry and the next author entry".
Change-Id: Ic0e4dd02f04680ab84fbfcf1183c911d049ee2d2
Reviewed-on: https://code.wireshark.org/review/22746
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes the following warning in Perl 5.26:
Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.30), passed through in regex; marked by <-- HERE in m/(.*){ <-- HERE / at doc/make-authors-short.pl line 36.
While at it, fix formatting of the AUTHORS-SHORT file, a newline must be
present after "}" or the file will be mis-parsed.
Change-Id: I76bc1a30714dafd703342d2d430dc1c90cf2bf82
Reviewed-on: https://code.wireshark.org/review/22637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
On UN*X, you can get C99-or-later compilers, and we request that in the
autoconf script, so it's really a requirement.
At least as I read
https://msdn.microsoft.com/en-us/library/34h23df8%28v=vs.100%29.aspx
Visual Studio 2010 (and earlier, going back to VS .NET 2003) supports
the "Use of block-scope variables initialized with nonconstant
expressions", with an example of an aggregate (array) initialization
involving function calls, so it sounds as if it's available on Windows
with any version of VS that we support.
(If I've missed something, it'll presumably show up when something is
built with MSVC, and we can update this at that point.)
So the only thing to avoid is initializing global or static variables
with a value that has to be evaluated at run time (the ability to do
that is probably present in most environments, as I think C++
constructors for variables with static storage duration might have to be
evaluated before main() is called, but I guess few C compilers bother to
use it).
Expand the example in the hopes of avoiding confusion between "static
storage duration" (which something declared "static" has, but which
anything declared with file scope, whether declared "static" or not,
also has) and "static storage duration and internal linkage", which is
what the "static" keyword specifies.
Change-Id: I338eb0892e656c2ab59519e4bf76e1dfbec2fa7d
Reviewed-on: https://code.wireshark.org/review/22434
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It only applies to variables with static storage duration, i.e. global
and static variables. Expand the example of how to do it, to make it a
bit clearer.
Change-Id: Ie0c473a35a77351dd10d6c9df2c34a39f077fca4
Reviewed-on: https://code.wireshark.org/review/22430
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed. This initial commit only
adds such support for the standard text output format. A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).
Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Automatically resets intarnal epan session after reaching to
specified number of packets, for example
-M 1000
will reset the session every 1000 packets.
this is more like a proposal since the usage is very specific
it is useful for 24/7 live capture with dissection and sending
data directly to another application.
example:
tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid
Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04
Reviewed-on: https://code.wireshark.org/review/21312
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Select one of the capturing interfaces when start capture
- Only send user changed control values when start capture
- Don't show hidden interfaces
- Allow a toolbar with no interfaces
- Renamed button role "reset" to "restore"
- Improved control number validation
- Updated documentation
Change-Id: Icc8d04043c95c1f3ef8d7cdc3b251be4471cba0a
Reviewed-on: https://code.wireshark.org/review/21445
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
An extcap utility can provide configuration for controls to use in a
GUI interface toolbar. This controls are bidirectional and can be
used to control the extcap utility while capturing.
This is useful in scenarios where configuration can be done based on
findings in the capture process, setting temporary values or give other
inputs without restarting current capture.
Todo:
- Add support for Windows
Change-Id: Ie15fa67f92eb27d8b73df6bb36f66b9a7d81932d
Reviewed-on: https://code.wireshark.org/review/19982
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is a breaking change.
prefs_register_filename_preference hasn't been differentiating
between files to be saved and ones to be opened.
On GTK, a neutral dialog is used, so no problems there.
On Qt, a save dialog has been always used, even in dissectors that
were reading configuration files without modification.
prefs_register_filename_preference now takes an argument to indicate
whether UI could be a save dialog with a warning on overwriting
a file, or whether it's a general purpose open file dialog.
Qt now does this. Previously no warning was shown on overwriting a file,
so it may be used for opening files too without irritating the user.
This has been changed, as non-destructive reads should now use
the open dialog.
Dissectors were changed accordingly.
Change-Id: I9087fefa5ee7ca58de0775d4fe2c0fdcfa3a3018
Reviewed-on: https://code.wireshark.org/review/21086
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
List all of --enable-protocol, --disable-protocol, --enable-heuristic,
and --disable-heuristic in the SYNOPSIS section of the man pages.
Undent after the list of taps for the -z option, so the following
options are at the same indentation as other options.
List --enable-protocol in the DESCRIPTION, above --disable-protocol.
Include --enable-protocol in the help message.
Change-Id: I680a54430789f3543b2d539fbded22b0b57f7f76
Reviewed-on: https://code.wireshark.org/review/21159
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch adds a capinfos -K option to suppess printing of capture
comments. This patch also changes when capture comments are printed
relative to the other enabled infos. Because capture comments are
freeform we will now defer their printing until all but the interface
detail infos are printed.
Change-Id: Ibb3df040c09e4c67d714c561869c00e08b83d6ed
Reviewed-on: https://code.wireshark.org/review/20643
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
found by lintian
Change-Id: I5ce951fca2213d3d18807cde061dea201a36999f
Reviewed-on: https://code.wireshark.org/review/20628
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It has been unsupported for some years and when talking about removing it
in the past I received some positive and no negative feedback.
There is one instance of echld left:
capchild/capture_sync.c: * echld might have already reaped the child.
Can that case be removed or should be comment be updated to something more
accurate? (left for a separate patch)
Change-Id: Idac397158dd86fd0728eb95379449ee4a463fc28
Reviewed-on: https://code.wireshark.org/review/20619
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch augments tshark's -T report with a "tabs" option.
When the -T tabs option is enabled an ASCII horizontal tab character
is inserted between each column of the human-readable one-line
packet summary record.
Change-Id: Id10a6e21e231eb2e52b6342ed05399db1a5fcfdf
Reviewed-on: https://code.wireshark.org/review/20537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 11228
Change-Id: Id8bcc51ff694ef9f2019bc7509e440021d049d22
Reviewed-on: https://code.wireshark.org/review/19735
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Since v2.1.0rc0-184-gb0b53fa593, $XDG_CONFIG_HOME/wireshark (instead of
$HOME/.wireshark) is used, clarify this in the WSUG and manuals.
Change-Id: I74a6f9b86bd8d54ee326ca83d7536e091d6da08a
Reviewed-on: https://code.wireshark.org/review/20364
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
get enabled if the user had selected a file (and mustexist=true wasn't specified).
This commit also contains minor fixes to doc/README.extcap, it's now more aligned to the
actual implementation.
Added example usage of fileselect, radio and multiselect to doc/extcap_example.py.
Change-Id: Ibfe40a35a26f49322fbe64c0594506a2163f7e20
Reviewed-on: https://code.wireshark.org/review/20274
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)
The modification in tshark -T json -x and new tshark -T jsonraw output
add into hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.
Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the documentation for the new toolbar interface
to the README file
Change-Id: I9dd37dc4f31760ccd1c9a3e6ae379cd6f9ca1db9
Reviewed-on: https://code.wireshark.org/review/20261
Reviewed-by: Roland Knall <rknall@gmail.com>
The MSDN documentation for _read says
"If fd is invalid, the file is not open for reading, or the file is
locked, the invalid parameter handler is invoked, as described in
Parameter Validation."
This means that on Windows, if our parent has closed stdin when we call
_read we'll crash. Add a check to bail out early if that's happened.
Fix a sign cast while we're here.
Change-Id: I8afb75f6e56c6a6c2b62103ba7e2fb635dc85702
Reviewed-on: https://code.wireshark.org/review/20153
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
With option -I one can ignore the first number of bytes from the frame
while doing duplicate frame removal. This doesn't handle shorter frames
correctly. Add safeguards for this, and update the help text.
Bug: 13378
Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211
Reviewed-on: https://code.wireshark.org/review/20004
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add an option to rawshark that lets the user set a maximum memory limit.
Change-Id: Ie102ee5f6ba5aec90a35bd63297184c7dc37662c
Reviewed-on: https://code.wireshark.org/review/19911
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Added a parameter to set placeholder text in textBox.
Change-Id: Iccf92fe60abc78be8f0fa112c0c9eb78890674b5
Reviewed-on: https://code.wireshark.org/review/12463
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The tilde (~) operator was missing as an alternative for matches.
Bug: 13320
Change-Id: Idb96c802145dcdd0d9ffc196b32370cadd8735b3
Reviewed-on: https://code.wireshark.org/review/19723
Reviewed-by: Michael Mann <mmann78@netscape.net>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a new tshark feature to generate a folders report. The folders report
is essentially the information presented by Wireshark's About / Folders page
in a TAB delimited format.
Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6
Reviewed-on: https://code.wireshark.org/review/19002
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A new "--export-object <protocol>,<destdir>" option is added to tshark.
This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)
Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The feature activates/deactivates fullscreen mode of Qt UI.
A new menu item has been added as well as a shortcut (F11 or Ctrl+Cmd+F)
according to browsers common shortcut.
Change-Id: I01906b494d0a13ce70d27c00ebbe03e6ec87cbd7
Reviewed-on: https://code.wireshark.org/review/18332
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Bug: 13032
Change-Id: I6bf2cc2c43a6262d899a304df6576d9831115966
Reviewed-on: https://code.wireshark.org/review/18350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"add_custom_command" outputs are only available as dependency in the
same directory, so create a new target such it can be used from the main
directory.
This fixes the OS X build with no parallelism (-j1).
Change-Id: I66aa5ae307be38ee715456a05fd55f55e4fa76e9
Reviewed-on: https://code.wireshark.org/review/18299
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Since v2.3.0rc0-1002-g1cd2255, Qt 4.8 became mandatory, reflect this in
the version requirements. This will not affect a lot of distributions
(RHEL and SLES only had Qt 4.6).
For a more complete list of supported platforms, see
https://wiki.wireshark.org/Development/Support_library_version_tracking
While at it, correct some other minimum versions in documentation.
Change-Id: I11f2dfba72c75429f6838404a81ed3b3dc302d5f
Reviewed-on: https://code.wireshark.org/review/18314
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Minor changes in androiddump implies minor changes in help file.
Change-Id: Ifbf4dbdca427e8b19272c2b4f28e06fd6a548834
Reviewed-on: https://code.wireshark.org/review/18316
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the metatables for classes were the same for the class and
its instances. This results in issues like calling __gc on the class
table on exit.
Make it possible to declare separate class methods (functions) and
instance methods. Observe that all attributes apply to the instances
only, so make these just available on the instance.
The attribute/methods lookup method (via __index/__newindex) have been
rewritten to use upvalues, removing the technical need for the
properties __getters/__setters/__methods. The "lua globals" test still
checks for these, but it could be removed in the future.
To fix bug 12968, the __gc method is removed from the class method.
Future patches should remove the WSLUA_REGISTER_CLASS,
WSLUA_REGISTER_META and WSLUA_REGISTER_ATTRIBUTES macros completely and
create split class functions/methods (such that __call for an instance
cannot accidentally be invoked on the class).
Removed duplicate "fragmented" property from Pinfo (which triggered an
error) and replaced exit() by g_error() for debugger friendliness.
Remove lua_shiftstring since checkstring always returns non-NULL.
Bug: 12968
Change-Id: I57f8a93d08bb84c79b0e94cf2c82d8402fc16646
Reviewed-on: https://code.wireshark.org/review/18026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
I guess that when SIGINT is intercepted, then the writes are restarted
and the doExit condition is never checked. Remove this racy check in
favor of catching the KeyboardInterrupt exception.
Test: tshark -i example1; kill tshark; check process list for python.
Bug: 11657
Change-Id: Ia8b1ee560b9dcd31dd91df27fbfb8e91237581c9
Reviewed-on: https://code.wireshark.org/review/18218
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes trivial syntax error in try/except, ensure that the message are
bytes instead of a string and remove unnecessary use of an append_bytes
function.
Did not try to fix the other Python issues, at least it runs now.
Change-Id: Ib24f6116bc9d3cf177bc940da9f89aff90695a93
Reviewed-on: https://code.wireshark.org/review/18212
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The -m (monospace font) flag was deprecated in 2.2. Go ahead and remove
it in 2.3 / 2.4.
Change-Id: I6b4911174675cedec979621c2776353314e73eb1
Reviewed-on: https://code.wireshark.org/review/18193
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current Wireshark.app bundle on OS X doesn't include man pages.
This is the second try after commit 7da23ca1a5bba4af5e1104f4d3d3d44e918552b0
has been reverted. Now cmake gets the information that the man files
are generated.
Bug: 12746
Change-Id: I34dfec65bd57587ee048d7e1e2557fc9ab2b32eb
Reviewed-on: https://code.wireshark.org/review/18170
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Current Wireshark.app bundle on OS X doesn't include man pages.
Change-Id: I4123105ae805c3f127dbfd74768b88d4da546c56
Ping-Bug: 12746
Reviewed-on: https://code.wireshark.org/review/17902
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This new option adds the chance to use a custom capture command.
It must produce a PCAP stream that will be read by Wireshark,
written to STDOUT.
Change-Id: I34a72465eb369194f24ecf0594df143b8ad6555f
Reviewed-on: https://code.wireshark.org/review/18037
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This removes the option to specify a custom capture binary due to
incompatibilities between different binaries options. A following
change will add the chance to use a custom capture command that
will cover all the cases that the default doesn't.
Bug: 12952
Change-Id: Idbde3e27f34c28f4ce622c3a860994e25ce5f92f
Reviewed-on: https://code.wireshark.org/review/18040
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Text is partially copied from the tshark manual page.
Change-Id: I120e327f15394fc48fce6e4a122e7eab83e91c82
Reviewed-on: https://code.wireshark.org/review/17904
Reviewed-by: Michael Mann <mmann78@netscape.net>