The attached patch makes the Statistics -> RTP -> Show All Streams feature of
wireshark accessible via tshark.
I found it helpful in dealing with tons of RTP captures.
svn path=/trunk/; revision=24252
tcpdump (in the tcpdump package) into its own manpage
(pcap-filter) in the libpcap package in the CVS HEAD
branch. Reference the new and the old location for that
information.
svn path=/trunk/; revision=24020
- The "showHex" name cannot be the name paramter. Changing it to "show_hex" should be fine.
- There is also a missing ';' at the end of a line in the example.
This fixes bug 2092.
svn path=/trunk/; revision=23840
Fixed two typos in ReadMe.Developer documentation:
In the example code given, a comment is not properly closed and a semicolon was
missing in variable definition.
This fixes bug 2085.
svn path=/trunk/; revision=23824
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
http://library.gnome.org/devel/glib/unstable/glib-Miscellaneous-Macros.html#id2571572
G_INLINE_FUNC
#define G_INLINE_FUNC
This macro is used to export function prototypes so they can be linked with an external version when no inlining is performed. The file which implements the functions should define G_IMPLEMENTS_INLINES before including the headers which contain G_INLINE_FUNC declarations. Since inlining is very compiler-dependent using these macros correctly is very difficult. Their use is strongly discouraged.
This macro is often mistaken for a replacement for the inline keyword; inline is already declared in a portable manner in the glib headers and can be used normally.
svn path=/trunk/; revision=22980
case N ... M:
as that's not supported by all compilers.
Say so in the Portability section of README.developer, in the hopes of
discouraging others from using that GCCism.
svn path=/trunk/; revision=22976
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
references to h223 in README.plugins with agentx since it's small and
no one seems to be in a hurry to move it to epan/dissectors.
svn path=/trunk/; revision=22641
this in the GUI rather than calling pcap_stats() directly. This gets rid
of the last pcap_open_live() call in the GUI code. Update
README.packaging.
svn path=/trunk/; revision=22443
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
* ptvcursor_push_subtree(), ptvcursor_pop_subtree() for pushing/popping
subtrees. Multiple levels of subtrees (256 max.), allocation per 8 levels.
* Two new functions creating an item in the tree and pushing a subtree at the
same time. These two functions accept an undefined length
(SUBTREE_UNDEFINED_LENGTH). The length of the item is set at the next pop.
1) ptvcursor_add_with_subtree
2) ptvcursor_add_text_with_subtree
- get rid of potential memory leaks with g_new in ptvcursor_new().
- Documentation of the new ptvcursor functions in README.developer
svn path=/trunk/; revision=21276
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
I have changed the patch according to your suggestions and also changed
the doc[book] files accordingly. I tested the patch and it does seem to
work fine on my test-system.
ULFL: In addition, I've added the en-/disabling to the other (already existing) Copy menu items - some just did nothing, some crashed if nothing was selected.
I've also sligthly changed the menu seperators and made both context menus look a bit more identical.
svn path=/trunk/; revision=21005
I've had a good look at the code in packet-tcp.c, and whilst it's
somewhat impenetrable, I've come to the conclusion that it just doesn't
support multiple pdus as described.
That's not entirely unreasonable in itself; my objection is solely to
the fact that README.developer is completely misleading. In fact, even
the example dissect_cstr won't work on the tcp dissector, because if you
set desegment_len=1 the tcp dissector believes that you know what you
are doing and doesn't let you change your mind later.
Furthermore, 2.7.2 says that you can set desegment_len=-1; that doesn't
work either, because the tcp dissector expects
DESEGMENT_ONE_MORE_SEGMENT, which is 0x0fffffff, which is nowhere near -1.
In short, I think the relevant section of README.developer needs a
rewrite. I attach a patch - comments welcome.
svn path=/trunk/; revision=20974
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
In the Developers Guide, Section 9.3, Example 9.17. Decompressing data
packets for dissection
The code calls tvb_set_free_cb() for the newly created next_tvb. This
is unnecessary as the call to tvb_set_child_real_data() adds next_tvb to
the chained list of tvb, thus ensuring that next_tvb is correctly
deleted. In fact when I had the call in, Visual Studio kept breaking
deep down in ntdll.dll, probably because of a double free every time the
main tvb was deleted.
In README.developer, para 2..2.7 The example conversation code doesn't
assign the result of conversation_new() back into the conversation variable.
svn path=/trunk/; revision=20569
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
tcp_dissect_pdus(), pinfo->desegment_len indicates whether your
dissector needs more data from TCP or not - the return value doesn't
indicate that.
Fix typo.
It appears that the Id keyword is one of the case-insensitive ones in
the svn:keywords property, so if you set it to "ID" it still expands
"$Id$"; it also appears not to expand "$ID$". We use Revision, Date,
and Author in the document to indicate the revision, and don't expand
Id, so that references to "$Id$" get left alone.
Rewrap paragraphs.
svn path=/trunk/; revision=19950
config.nmake contains the target INSTALL1_DIR and INSTALL2_DIR. I guess you can retain the previous behaviour by using . for both DIRs, though I never tested this...
svn path=/trunk/; revision=19302
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
Look for a string that starts with "rdp". This should take care of
cases where a default capture filter is set needlessly.
Update the docs accordingly.
svn path=/trunk/; revision=19236
"I ran doc/README.developer through a spell checker and conservatively
changed misspelled words. Attached is a compressed patch with the
corrections."
svn path=/trunk/; revision=19070
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
only list the files in one place, Makefile.common; make-dissector-reg
will generate the init routines and other boilerplate for you).
svn path=/trunk/; revision=17920
* Written almost 6 years ago, some of the information is outdated.
* The referenced images are missing, so the presentation won't run.
The author agrees to remove it
svn path=/trunk/; revision=17454
Attached a small patch to top level Makefile.am to include the recently
added diamter data files chargecontrol.xml and TGPPSh.xml
From jaaap Keuter:
I've polished up the README.malloc describing ememified memory management. It's basically the same information, but made a bit more accessable. All this in response to bug 511
svn path=/trunk/; revision=16845
new: -D to list interfaces
changed: -i will also accept indices (rather than complete names only)
text copied from the tethereal.pod file
svn path=/trunk/; revision=16793
that if you want to send text to a file, just redirect the standard
output. I've seen at least one message on the Ethereal lists from
somebody who didn't realize that, and I think I've seen more.
svn path=/trunk/; revision=16737
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691