Add an option to text2pcap to specify the encapsulation type
via wiretap encapsulation type short names instead of pcap
link layer types, similar to editcap.
Update the documentation to reflect this.
In text2pcap and Import from Hex Dump, allow fake IP headers with
the appropriate versions when the Raw IP, Raw IPv4, and Raw IPv6
encapsulations are specified. In such cases, do not add a dummy
Ethernet header.
Continue to reject other encapsulations besides these, Ethernet,
and Wireshark Upper PDU when appropriate. Add some checks for the
encapsulation type in text_import as well, instead of just assuming
that the callers handle it correctly.
(Yes, the top-level page calls it the "User's Guide", but it has a
section called the "User's Guide", as well as an "Introduction" and
sections about development with Npcap and about the Npcap internals.)
It's not obvious that making a GitLab fork private will disassociate it
from the upstream repository, and it seems to have tripped up a couple
of people. Add a warning to the "Creating Merge Requests" section.
Support all possible file formats that wiretap writes, using the
same "-F" flag that other CLI tools like editcap, mergecap, and tshark
support. Default is still pcap for now; a future commit will switch
to pcapng and remove the "-n" option, to match other CLI tools.
Having some options use DISABLE_ and others ENABLE_ is inconsistent
and difficult to remember. Use ENABLE_ instead consistently.
Frame-larger-than remains an exception.
Add information about the different kind of comparisons with
multiple fields to the wireshark-filter man page.
Add some minimal information to the user guide. It would be
nice to have a section dedicated to this with some examples.
Add the option to enter a filter with an absolute time
value in UTC. Otherwise the value is interpreted in
local time.
The syntax used is an "UTC" suffix, for example:
frame.time == "Dec 31, 2002 13:55:31.3 UTC"
This also changes the behavior of "Apply Selected as filter".
Fields using a local time display type will use local time
and fields using UTC display type will be applied using UTC.
Fixes#13268.
Remove the '-d' option from text2pcap, and move the two levels
of debug messages in text2pcap and text_import to either
LOG_LEVEL_DEBUG or LOG_LEVEL_NOISY as appropriate.
The 32-bit Windows Installer / WiX / .msi packages make up a tiny
percentage of our downloads, and they take a non-trivial amount of time
to create. Stop building them. Ping #17779.
To complete the set of equality operators add an "all equal"
operator that matches a frame if all fields match the condition.
The symbol chosen for "all_eq" is "===".
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
Qt's documentation recommends using CMAKE_PREFIX_PATH to designate your
Qt installation prefix: https://doc.qt.io/qt-5/cmake-get-started.html.
Do so in GitLab's CI and update the Developer's Guide.
Update to reflect the transition from C99 to C11. Remove obsolete
comments and recommendations. Add a bit about transitioning to C
fixed width types.
Related to #17768.
Remove the update_tools_help target. Despite the comment, the weekly
update job doesn't use it, we don't have targets for our other update
scripts, and it currently causes issues if BUILD_tshark is disabled.
Fixes#17766.
Add an UAT for configuring fake headers according to the server port, stream
id and direction of the long-lived stream that we start capturing packets
after it is established. That helps to parsing the DATAs captured subsequently.
A testcase also added.
close#17691
For double quoted strings. This is consistent with single quote
character constants and the C standard. It also avoids common
mistakes where the superfluous backslash is silently suppressed.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
Gerald Combs