so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
orthogonal to the byte order.
This means that we can't just test for a non-zero encoding to determine
whether the format is big-endian or little-endian when we set the
field's endianness flag; instead, for the types where we accept any
non-zero value as meaning "litle-endian", map it to ENC_LITTLE_ENDIAN.
When we use ENC_TIME_NTP, OR in the byte order flag. While we're at it,
in the dissectors that used ENC_TIME_NTP, update all the other encoding
items in proto_tree_add_item() calls to use the appropriate ENC_ value.
svn path=/trunk/; revision=35841
an encoding of ENC_TIME_NTP.
This increases the number of decimal places shown for NTP times (from 6 to 9),
so round the value to the nearest microsecond. (I can't tell if NTP times are
ever more precise than a microsecond--this rounding is mainly to be closer to
the old behavior.)
Use proto_tree_add_item() for some NTP times.
svn path=/trunk/; revision=35840
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
We have some different fields using the same abbreviation (e.g "eth.dst"
used in both eth and tte), and this patch will fetch values from all fields.
When using occurrences the entries listed first is from the field registered
last when starting Wireshark, and not ordered from the occurrence in the
packet, but I don't see how we can easily fix this.
svn path=/trunk/; revision=34513
Limit the input field for occurrence to 4 characters to prevent an overflow.
Make sure "... as filter" does not result in an invalid filter string if all occurrences are displayed.
svn path=/trunk/; revision=34247
entry displaying a integer value. The resolved string can contain a space,
and our routines does not quote integer values, and A DEC_HEX/HEX_DEC
combination will never match.
svn path=/trunk/; revision=33315
va_start and va_end unless you're actually going to use the va_list"
(those bring the va_start and va_end closer to the use point, which
makes it a little more obvious that we're using <stdarg.h> correctly and
makes it a little harder to use it incorrectly).
svn path=/trunk/; revision=32963
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
argument indicating whether to include the time zone in the string. If
we're constructing a display filter, don't include the time zone,
otherwise do. Fixes bug 4756.
svn path=/trunk/; revision=32913
the base_display_e enum.
Fix a couple of dissectors that were still using FT_ABSOLUTE_TIME with
BASE_NONE. (The time format chosen is based only on an attempt to not change
the behavior. I don't know that it's right.) One of these is built by Pidl.
I'll send a patch upstream too.
When checking hfinfos, display the absolute_time_display_e values too.
Display "bit count: X" instead of "unknown" when the display value doesn't
match one of the enumerated values.
svn path=/trunk/; revision=32552
(hopefully useful) explanation of what's wrong with his/her hfinfo field
rather than just asserting out.
So now instead of just getting a message saying aborted(core dumped), you can
get, for example:
22:31:54 Err Field 'Message in frame' (sccp.assoc.msg) is an FT_FRAMENUM and is BASE_DEC instead of BASE_NONE
*and* an abort(core dumped) (for those who want it).
svn path=/trunk/; revision=32549
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
%#o instead of %o
This means that the value will be printed with a leading 0, which is the
standard way to denominate that a value is in base octal.
svn path=/trunk/; revision=32241
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
a mask to select the base_display_e value from a display field in a
header_field_info structure.
Never select that value by masking out the BASE_RANGE_STRING flag bit,
as that won't continue to work if more flag bits, or other bitfields,
are added. Instead, mask with BASE_DISPLAY_E_MASK.
Note that the base_display_e value and BASE_RANGE_STRING flag are only
for integral field types, and clarify what BASE_DISPLAY_E_MASK is.
Give at least one of the reasons why hiding protocol fields is not
considered a good idea.
svn path=/trunk/; revision=31249
indicating whether the time should be shown as local time or UTC. For
now, always pass FALSE, meaning "show as local time".
Clean up some stuff in the SNMP dissector, use abs_time_secs_to_str()
for times with one-second resolution, and update a comment in various
macros in the WSP dissector, while we're at it.
svn path=/trunk/; revision=31227
FT_NONE: Print nothing
FT_PROTOCOL: Print "Yes" if protocol exists in packet
FT_IPv6: Print address
The changes in r29551 made wireshark crash for this columns.
svn path=/trunk/; revision=31016
* Fix memleak (df->deprecated in dfilter_free())
* Free protocol hash tables on cleanup.
* Free protocols list on cleanup.
* Free memory allocated by fgetline() in parse_services_file()
From me:
* proto.c: set gmc_hfinfo to NULL after free
* proto.c: switch order of g_free() and g_list_remove() in proto_cleanup()
svn path=/trunk/; revision=29656
just commit this:
Change the checks for type FT_IPv6 to no longer require
a lenght of exaclty 16 bytes, but something between
0 and 16 bytes. That way, we can filter on prefixes
that do not provide the whole length of 16 bytes.
svn path=/trunk/; revision=29594
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
This patch optimizes proto_tree_prime_hfid() + friends and
plugs a memleak in the process.
From me:
Removed unused hfindex in proto_tree_new_item()
Fixed ref_count entry in struct header_field_info.
svn path=/trunk/; revision=29137
- dump_values: Handle range_strings (prevents crash);
- dump_fields:
a. Formats 2,3: If type==FT_BOOLEAN: output integer "parent bitfield width"
in Field 7 instead of "BASE_NONE", etc. to allow addt'l
field validation when using ftsanity.py.
b. Format 3: Output bitmask (Field 8) in hex (0x...) instead of decimal.
svn path=/trunk/; revision=28134
don't return -1, and also always NUL terminate the string.
We can clean sources by removing dead/unnecessary code.
From me: A few additional changes re use of g_snprintf.
svn path=/trunk/; revision=27818
With this combination we get tree items with only the string match and not
the value, and the filter is created with the string. This is usefull
when having generated items with wireshark internals as values.
Also rewrote some string constructions.
svn path=/trunk/; revision=27667
Simplify/generalize proto_tree_add_bits_ret_val(): ability to use other display types, ie., use
hfinfo_uint_format() or hfinfo_uint64_format() to get the proper format string.
svn path=/trunk/; revision=26674
Currently, if you call proto_tree_free on anything other than the root node of a tree
the tree will get left in an inconsistent state. This is because the parent is left pointing
to the newly freed child.
The traversal code is updated, the parent node update is currently disabled since
freeing is done for the complete tree only at this time, so there is no need to keep
the parent node consistent.
svn path=/trunk/; revision=26466
This patch implements a function for dissecting bitfields with better control
over the resulting representation than the existing proto_tree_add_bitmask()
routine. This function will be used by reworked IPMI/ATCA dissector (bug 2048).
The function is described in README.developer. In short, the differences are as
follows:
- The new function does not require a hf_XXX field for the whole bitmask. When
the bitmask includes several unrelated fields, such hf_XXX field does not make
sense.
- The new function allows better control over the way the sub-item descriptions
are added to the top-level item. For example, proto_tree_add_bitmask() function
does not add non-enumerated integers, does not use true_false_string to display
boolean.
- The new function allows to specify "fallback" text for the top-level item
which is used if no items were added to the top-level item.
svn path=/trunk/; revision=25920
Changed the tfstring to use integer variable instead of value variable. The
integer value has had its "irrelevant portions" masked out and has been bit-
shifted whereas value hasn't. This led to unpredictable results when using
a true false string for a single bit of a byte.
svn path=/trunk/; revision=25169
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
proto.[hc]
define new APIs to allow delayed registration of protocol fields,
so that dissectors with "flexible" fields like xml, radius, diameter,
snmp do not have to load their files at startup but can do so as late as possible.
gtk/dfilter_expr_dlg.c :
have the expression dialog registering all prefixes so that all fileds appear in the dialog
tshark.c
register all prefixes when called with -G
epan/radius_dict.l
epan/dissectors/packet-radius.c
epan/dissectors/packet-radius.h
refactor registration to delay dictionary loading as long as possible
svn path=/trunk/; revision=24762
Hexadecimal and octal are unsigned. Don't let dissectors register signed
fields (FT_INT*) to be displayed in hexadecimal (including HEX_DEC and DEC_HEX)
or octal. Fix dissectors that do that mostly by changing the fields to
unsigned though in PANA it appears the fields are meant to be signed so
change those fields to be displayed in decimal.
This fixes an assertion crash in hfinfo_numeric_format() if/when someone tries
to create a filter using one of these mixed signed/unsigned fields (because
that routine does not know how to present the user with a signed value in
hex).
Also add FT_*INT64 to the "make sure it's not BASE_NONE" check.
svn path=/trunk/; revision=24643
I can see this function is used in limited places.
I'm not sure if BASE_RANGE_STRING needs to masked out
of hfinfo->display in various other functions in proto.c.
svn path=/trunk/; revision=24598
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
- In proto_tree_set_uint and proto_tree_set_int use value adjusted for bitmask.
- Removed col_custom_set_fstr in proto_tree_set_boolean to get a correct
adjusted value in proto_tree_set_uint.
- Set a default column width shorter than COL_INFO.
svn path=/trunk/; revision=24417
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
The startup timeout on Win32 is reduced to 80% without assembler and to 50% with assembler usage (which is optional)
proto.c
- do not look up in filed tree and inserts in two steps but do it at once
- next few small speedups
- some often called elementary functions can be optionally implemented in assembler
- dispart some functions to see more exact result from profiling
packet-tpnc.c
- do not reallocate memory for each filed
svn path=/trunk/; revision=23643
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
(where the initial length isn't readily available when item is first added)
Note that this still won't work where an initial length of 0 is given for
the item that will later be extended using proto_item_set_len(), as the
pointer value part of the zero-length array will reamin NULL...
svn path=/trunk/; revision=23253
packets in the Packet Details View.
This "appendix" bytes are not copied with the Copy functions or in the
Export Selected Packet Bytes.
svn path=/trunk/; revision=22887
routines and routines using those routines. GLib might use different
modifiers for 64-bit quantities than the platform's C library does.
svn path=/trunk/; revision=21990
In all the places where a cast to "long long" or "unsigned long long"
was done, use G_GINT64_MODIFIER and get rid of the cast, as
1) there's no guarantee that "%ll" works
and
2) there's no guarantee that "long long" works
(the latter definitely does *NOT* work with MSVC++; the former doesn't
work with regular printf in MSVC++, but it might work with the GLib
printf-based functions).
svn path=/trunk/; revision=21978
Fix compilation failures when building wireshark-0.99.6-SVN-21916 on an
x86_64-unknown-linux-gnu target with gcc version 4.1.2 20070403 (Red Hat
4.1.2-8).
The failures fall into two categories:
(1) Casts between pointers and 32-bit integers without an intermediary cast
via 'long' or 'unsigned long'. This results in a compiler warning complaining
about casts between a pointer and an integer of a different size.
(2) Passing values to "%lld" or similar printf-style format options that the
compiler thinks are a different size. Such values need to be cast to 'long
long' or 'unsigned long long'.
svn path=/trunk/; revision=21975
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
proto_tree_add_bits_ret_val()
tvb_get_bits()
And modify
proto_tree_add_bits() not to return a value.
little endian is not yet implemented.
svn path=/trunk/; revision=21607
starting at the bit offset given for the number of bits indicated which wll also return
the value of the bits.
Experimental and for review, documentation to be updated.
svn path=/trunk/; revision=21556
* ptvcursor_push_subtree(), ptvcursor_pop_subtree() for pushing/popping
subtrees. Multiple levels of subtrees (256 max.), allocation per 8 levels.
* Two new functions creating an item in the tree and pushing a subtree at the
same time. These two functions accept an undefined length
(SUBTREE_UNDEFINED_LENGTH). The length of the item is set at the next pop.
1) ptvcursor_add_with_subtree
2) ptvcursor_add_text_with_subtree
- get rid of potential memory leaks with g_new in ptvcursor_new().
- Documentation of the new ptvcursor functions in README.developer
svn path=/trunk/; revision=21276
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
exception rather than aborting the program; using it means that
dissector bugs show up as such rather than as malformed packets.
svn path=/trunk/; revision=20532
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
This should mean that all fvalue_set() for FT_STRING[Z] are always with already_copied==FALSE
(funny that we never saw someone trying to g_free("[ Null ]") which might have happened before)
svn path=/trunk/; revision=20245
this primarily removes code and simplifies (==eliminates) the need to track the data that is allocated and should potentially be slightly faster than a slab allocator.
however these functions are called A LOT so there might be a performance hit when using emem with full debugging canary values and all the bells and whistles activated.
this change also makes any future attempt to parallellize dissection of frames easier if we just make the ep allocator allocate from a threads specific ep pool.
(something we would have to do anyway to make ep allocations multithreaded)
this works in all my tests so far but needs more test coverage.
svn path=/trunk/; revision=20194
Stig Bjørlykke