Add the option to enter a filter with an absolute time
value in UTC. Otherwise the value is interpreted in
local time.
The syntax used is an "UTC" suffix, for example:
frame.time == "Dec 31, 2002 13:55:31.3 UTC"
This also changes the behavior of "Apply Selected as filter".
Fields using a local time display type will use local time
and fields using UTC display type will be applied using UTC.
Fixes#13268.
Refactor the common code in abs_time_to_str() and
abs_time_secs_to_str() into separate functions, to
avoid code duplication and improve maintainability.
This makes it easier to understand the code, avoids conflicts
and ugly and unnecessary casts.
The field display enum has evolved over time from integer types
to a type generic parameter.
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
Mostly straightforward. The only complication was
proto_tree_add_split_bits_crumb which needed some manipulation to
guarantee a non-null tree so we could use its memory scope.
This is one of the last non-dissector uses of wmem_packet_scope!
Implement little endian support for tvb_get_bits family of functions.
The big/little endian refers to bit numbering within an octet. In big
endian, the most significant bit is considered bit 0, while in little
endian the least significant bit is considered bit 0.
Add encoding parameters to proto tree bits format family functions.
Specify ENC_BIG_ENDIAN in all dissectors using these functions except in
USB HID that requires ENC_LITTLE_ENDIAN to work correctly.
When formatting bits values, always display most significant bit on the
leftmost position regardless of the encoding. This results in no gaps
between octets and makes the displayed value comprehensible.
Close#4478Fix#17014
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Make display_signed_time() take a 64-bit signed number of seconds, and,
in calls to it, cast the argument to gint64, not gint32.
Addresses issue #16909.
Now that we're setting the C-language locale to use the UTF-8 code page,
they're already *in* UTF-8; g_locale_to_utf8() doesn't treat the
C-language locale's code page as the "locale" code page, it uses the
system code page, so it reads a UTF-8 string as being in some local code
page's encoding and proceeds to mangle it in the process of converting
it to UTF-8.
Closes#16811 (closed)
Make it more obvious that the time value is Zero.
Change-Id: Idca96185d869f10cf0d2b8ab6aaccb879dfc1ec2
Reviewed-on: https://code.wireshark.org/review/38135
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We want things like aes-256 keys to be displayed completely.
Change-Id: I746f3282440c036cfb60263be40e3b3a6ed859c2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A few dissectors need the functionality of adding a time field to a proto_tree
while also needing the "time to string" value (typically to show on a tree above).
The functionality to do "get value from tvb and convert to string" was being done
in packet-ntp.c.
Instead proto_tree_add_item_ret_time_string can be used with various encoding to
get the necessary functionality with less code duplication.
ENC_TIME_MIP6 was added as a result of the refactoring.
ABSOLUTE_TIME_NTP_UTC was added as another potential "base" type for time fields.
Change-Id: Ie460c33370b0af59ef60bdab893ce9d6eb23b94f
Reviewed-on: https://code.wireshark.org/review/34390
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Issue revealed by commit 281dd22da9.
The commit that revealed the issue allowed bytestring_to_str to be
called when len was 0 and *ad was NULL causing a dissector bug to be reported.
Change-Id: I01c2c04154e0514dc2702b5c1c43ed5074d0ac11
Reviewed-on: https://code.wireshark.org/review/30421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use UTF8_HORIZONTAL_ELLIPSIS to indicate string truncation in
bytestring_to_str() and bytes_to_str().
We also use UTF8_HORIZONTAL_ELLIPSIS in the Packet List.
Change-Id: Iaf5c2de97fa71369a8f29ac65fa81f71ed814752
Reviewed-on: https://code.wireshark.org/review/29291
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: Id5857a58513c38dd0ab5b30b61113bcc14e1ecee
Reviewed-on: https://code.wireshark.org/review/24258
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iab03ebbfc982bf7182851f63c17fa59bc71d7709
Reviewed-on: https://code.wireshark.org/review/24219
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add endpoint information to the packet_info structure for dissectors
to potentially use as their data to create conversations.
This patch includes a simple "example" of using conversation_create_endpoint
with TDMoP. The assignment of the PT_TDMOP "port type" has been replaced by
setting ENDPOINT_TDMOP within the endpoint structure. Then when subdissectors
of TDMoP call find_or_create_conversation(), it implicitly picks up the
conversation information set by TDMoP
Change-Id: I11dc29989cccd3b0f0349ee901babb455ca02d19
Reviewed-on: https://code.wireshark.org/review/24190
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Andrew Chernyh <andrew.chernyh@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
NCP and SBCCS values used for conversation (endpoints) and not
to pass "type" to subdissectors.
Change-Id: I56a13d2bb7d718b340e9b5a102c43f6e0012bfb9
Reviewed-on: https://code.wireshark.org/review/24174
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We have WS_INET_ADDRSTRLEN and WS_INET6_ADDRSTRLEN; use them.
Change-Id: Idade0da9fae70d891901acd787b06d21e2ddbc5f
Reviewed-on: https://code.wireshark.org/review/24156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Left over from some stuff I was fiddling with.
Bug: 11785
Change-Id: Ifb06e8b65db65037b336c46e5e180012ae5b7a59
Reviewed-on: https://code.wireshark.org/review/19487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We *have* to use the Windows code on Windows for the reasons given in
the comment. However, some versions of Visual Studio have a time.h that
CMake thinks defines tzname[] (which the header will do under some
circumstances), so HAVE_TZNAME gets defined on Windows. We check for
Windows *before* checking for HAVE_TZNAME - or HAVE_STRUCT_TM_TM_ZONE.
Bug: 11785
Change-Id: I61360daf08203dbd9d109a87c05727b4dbecea66
Reviewed-on: https://code.wireshark.org/review/19483
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also make it use ws_inet_ntop6() (rather than implementing the string
conversion ourselves).
Remove ip6_to_str_buf_len().
Change-Id: I1eff3a8941e00987c2ff0c4dcfda13476af86191
Reviewed-on: https://code.wireshark.org/review/15692
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Indicate whether they take a signed time delta or an unsigned time
delta.
Export unsigned_time_secs_to_str() while we're at it.
Change-Id: I0fbe87f1825efa886364caa61a3358b79d285947
Reviewed-on: https://code.wireshark.org/review/15324
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Its absolute value *is* expressible as an unsigned 32-bit value, so have
time_secs_to_str_buf(), for negative values, just put a - at the front
of the string and then pass the absolute value to
time_secs_to_str_buf_unsigned().
Change-Id: I87252fe541d9aac4902f81493c9f032ec3ed1500
Reviewed-on: https://code.wireshark.org/review/15323
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the routines that handle absolute time ("relative to the Epoch")
together and the routines that handle relative time together.
Change-Id: I15256921091ab67a1d92026385bf1b27aa52b404
Reviewed-on: https://code.wireshark.org/review/15316
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The scope that is passed in should only be used for the return value - other
temporary buffers we must alloc/free ourselves, since if the scope is NULL they
will not be managed automatically.
Bug: 11293
Change-Id: I27be856f1c5cdf47f78e766192a29523664a543e
Reviewed-on: https://code.wireshark.org/review/9007
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>