Not implemented for conversation relative and delta time yet, because this
will need a reload as they are set by the dissectors and does not exist in
the frame data.
svn path=/trunk/; revision=25452
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
- Use a fast path for the most common use of tvb_get_xxx functions:
offset is >= 0 and tvb->real_data is set (this one is always true).
- match_strval() is a linear search, put the most common protocols
TCP/UDP/RDP first.
- fix gtk1 g_strlcat declaration Use g_strlcat
svn path=/trunk/; revision=23285
Replace strncpy with g_strlcpy.
Add g_strlcat for GTK1 and don't use g_snprintf in GTK1 g_strlcpy
printf family is very slow.
svn path=/trunk/; revision=23273
- COL_REL_CONV_TIME which is used to display the time relative to the first frame that was seen in the conversation
- COL_DELTA_CONV_TIME which is used to display the delta time from the previous frame of the conversation
It also adds the function "col_set_time()" to "epan/column-utils.[ch]" which can be called from within a dissector to set either of these two columns to the appropiate time.
Last but not least, it lets the tcp-dissector make use of these two columns.
svn path=/trunk/; revision=23058
address_to_str_buf() does now take COL_MAX_LEN as a parameter.
Add support for AT_URI to col_expr for addresses in col_set_addr(). The field names are "uri.src" and "uri.dst".
svn path=/trunk/; revision=23017
different ways, add a set of common conversion routines. Add a
"Frequency/Channel" column and fill it in where we can. Fix RSSI column
printing in PPI.
Fix up whitespace along the way.
svn path=/trunk/; revision=22538
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
start introducing conversations to the usb dissector so that we can start tracking requests/responses
which we need to in order to dissect for example the data returned by a device to a GET DESCRIPTORS call
svn path=/trunk/; revision=19539
instead of calling the tcp analysis (and prepend colingo) eitehr after the subdissector returned normally or if an exception caused by a subdissector was rised.
this as a sideffect caused tcp analysis data to be overwritten if the subdissector caused any output to the info column. (and made tcp analysis suboptimal)
this change adds a new function col_prepend_fence_fstr() that will prepend
the info column with the string and also, if there was no fence already defined, create a fence and set it after the prepended col info text.
This way, even if the subdissectors generate and rewrite col info, the tcp analysis data will still be displayed on the info column.
svn path=/trunk/; revision=16116
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
This is extremely useful, to keep track of the corresponding request/response packets of a DCE/RPC call (which can be quite a lot packets if fragmentation is used).
svn path=/trunk/; revision=14826
changed the behaviour of get_addr_name:
- resolve to a name if the address supports it
- call address_to_str if it does not, but the address is valid
- return "NONE" if it is AT_NONE
svn path=/trunk/; revision=13463
array of "const char *" rather than to an array of "char *", and make
the second argument of "col_set_str()" a "const char *" - there's no
guarantee that "col_data" points to something you're allowed to modify.
svn path=/trunk/; revision=12875
to resolve it to a name.
Fix up some const-pointer-to-non-const-pointer, and
function-pointer-to-void-*, conversions.
Fix some comments.
svn path=/trunk/; revision=12863
rather than "col_buf", so that we correctly handle a column set with
"col_set_str()" (where we set "col_data" to point to the string, and
leave "col_buf" alone).
svn path=/trunk/; revision=11818
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615