in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..."
should be increased from milliseconds to microseconds (from 3 to 6 decimal
places) in order to be consistent with -z relative time-related options such as
"-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places.
[Please note that separate enhancement requests for 6 decimal of precision in
Wireshark will be submitted shortly.)
2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames
and bytes should each have 15 spaces like all the other column types.
3.) The types "FRAMES" and "BYTES" should be added to allow users to display
these values separately and allow for filters to be specified.
4.) The 'SUM' option should allow for relative time values such as SRTs to be
summed. This would be useful for the calculation of such things as
request concurrency (total_SRT_time / duration).
5.) The tshark man page needs some corrections and readability improvements
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915
svn path=/trunk/; revision=37555
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
if an error occurred while processing.
E.G.,: For the default (no -C option):
'capinfos invalid.xxx' or 'capinfos a.pcap invalid.xxx c.pcap'
should exit with an error status
(after processing all the input args) if there is an error for invalid.xxx.
With this fix, I expect fuzz-test.sh (and list_protos_in_cap.sh
and presumably other scripts) will work a bit more as as expected.
svn path=/trunk/; revision=36487
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointer to a NULL-terminated string in the TVB. It is no safer than dissectors
which call tvb_get_strsize() and then tvb_get_ptr() but it makes it clear that
this usage of tvb_get_ptr() is safe.
This function is slightly more efficient than tvb_get_ephemeral_stringz()--but
only as long as we're not using composite TVBs.
svn path=/trunk/; revision=35493
tvb_get_ephemeral_fake_unicode() functions have been superceded by
tvb_get_unicode_string() and tvb_get_ephemeral_unicode_string() respectivey.
svn path=/trunk/; revision=35349
is a unicode (UTF-16) version of tvb_get_ephemeral_stringz(). It scans
a tvbuff for a UTF-16 string and converts it to UTF-8 upon return.
svn path=/trunk/; revision=35253
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
rawshark but broke the ability to feed it live packets with a
pcap_pkthdr prefix on some 64-bit architectures.
Add a "-p" flag which lets us explicitly handle file-based or
memory-based packet record headers.
svn path=/trunk/; revision=34522
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
LoadLibrary and g_module_open only for the program directory and system
directory on Windows. Use them to replace a bunch of LoadLibrary and
g_module_open calls. Use the extension ".dll" for all the DLLs that we
load. Add comments about DLL loading in Python.
svn path=/trunk/; revision=33924
for (guint8 = 0; guint8 < guint; guint8++)
(one of which recently caused an infinite loop with a fuzzed packet in
the buildbot).
svn path=/trunk/; revision=33639
dftest and randpkt are installed during make install, but they are not
documented in any man page.
This is a start. It's more or less a compilation of information found elsewhere.
svn path=/trunk/; revision=33504
The attached patch simply documents a long supported but hidden tshark -G
option.
Tshark's print_usage() has been augmented as well as the tshark man page.
svn path=/trunk/; revision=33253
From reading the rawshark(1) manpage my assumption was that rawshark
could be used like
$ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ...
However rawshark either expects the -r argument to be -
(read from stdin) or a pipe which results in the following error
message:
rawshark: ".../test.pcap" is neither an interface nor a pipe
The proposed rawshark.pod patch updates the -r description to
the implemented rawshark functionality.
The patch also applies to the current SVN version.
svn path=/trunk/; revision=33063
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
1. Include stdio.h, stdlib.h and string.h only if needed;
2. Add dissector source filename to epan/CMakeLists.txt as well as
epan/Makefile.common.
svn path=/trunk/; revision=32495
indication, not necessarily a base (the base is "how to display" some
numeric fields, but it's not how to display some other fields).
Note that FIELDDISPLAY is the number of bits in the field containing an
FT_BOOLEAN bitfield.
svn path=/trunk/; revision=32480
tap-diameter-avp.patch:
- make diameter.cmd_code configurable rather than hard coded in
- more fields in the output
- documetation/man pages + usage examples
- switch option parser from stdlib to glib to avoid troubles with M$ c++
diameter-dict.patch
remove strage spaces in the AVP names.
svn path=/trunk/; revision=32294
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
makes time-shifting using editcap easier. Sort the flags in the capinfos
man page alphabetically to match the other man pages. Add a
time-shifting example to the mergecap man page.
svn path=/trunk/; revision=31905
Added se_tree_lookup32_array_le to emem.[ch]. This function is similar to
se_tree_lookup32_le already defined.
Updated README.binarytrees to reflect this added function and corrected minor
spelling issues.
svn path=/trunk/; revision=31812
bit, so as not to imply that there's some form of global "mode"
Wireshark is in when it passes a null or non-null pointer (there isn't),
and to explicitly note that there is *no* guarantee about the value of
"tree" on the first call to the dissector. (I.e., please do not build a
mental model of how Wireshark works in that regard, and write your
dissector based on that mental model - you *will* be wrong.)
svn path=/trunk/; revision=31560
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
itself a valid value for that field - it should be ORed with a value.
Indicate that it will never be possible to record in a header_field_info
a byte order for all fields, as some protocols do not specify the
endianness of fields (for example, DCE RPC uses "receiver makes it
right", with the sender sending data in its byte order, with an
indication in the packet of what that byte order is).
svn path=/trunk/; revision=31248
The ability to continue processing additional files if and when
wtap_open_offline() should fail. A new -C option reverts to capinfos'
original behavior which is to cancel any further file processing at
first file open failure.
Change the behavior of how the default display of all infos is initiated.
This gets rid of a special post getopt() argument count test.
Add new table output format (with related options). This feature allows
outputting the various infos into a tab delimited text file, or to a comma
separated variables file (*.csv) instead of the original "long" format.
svn path=/trunk/; revision=30956
level) way to handle passing the result of strlen() to a routine
expecting a int-sized value, mark it as "OK", not "Compiler warning".
svn path=/trunk/; revision=30747
Put the description of the default time format after the description of
all the time formats, i.e. say "the default is relative" after we say
what "relative" is.
svn path=/trunk/; revision=29089
Stig Bjørlykke