In the Developers Guide, Section 9.3, Example 9.17. Decompressing data
packets for dissection
The code calls tvb_set_free_cb() for the newly created next_tvb. This
is unnecessary as the call to tvb_set_child_real_data() adds next_tvb to
the chained list of tvb, thus ensuring that next_tvb is correctly
deleted. In fact when I had the call in, Visual Studio kept breaking
deep down in ntdll.dll, probably because of a double free every time the
main tvb was deleted.
In README.developer, para 2..2.7 The example conversation code doesn't
assign the result of conversation_new() back into the conversation variable.
svn path=/trunk/; revision=20569
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
tcp_dissect_pdus(), pinfo->desegment_len indicates whether your
dissector needs more data from TCP or not - the return value doesn't
indicate that.
Fix typo.
It appears that the Id keyword is one of the case-insensitive ones in
the svn:keywords property, so if you set it to "ID" it still expands
"$Id$"; it also appears not to expand "$ID$". We use Revision, Date,
and Author in the document to indicate the revision, and don't expand
Id, so that references to "$Id$" get left alone.
Rewrap paragraphs.
svn path=/trunk/; revision=19950
config.nmake contains the target INSTALL1_DIR and INSTALL2_DIR. I guess you can retain the previous behaviour by using . for both DIRs, though I never tested this...
svn path=/trunk/; revision=19302
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
Look for a string that starts with "rdp". This should take care of
cases where a default capture filter is set needlessly.
Update the docs accordingly.
svn path=/trunk/; revision=19236
"I ran doc/README.developer through a spell checker and conservatively
changed misspelled words. Attached is a compressed patch with the
corrections."
svn path=/trunk/; revision=19070
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
only list the files in one place, Makefile.common; make-dissector-reg
will generate the init routines and other boilerplate for you).
svn path=/trunk/; revision=17920
* Written almost 6 years ago, some of the information is outdated.
* The referenced images are missing, so the presentation won't run.
The author agrees to remove it
svn path=/trunk/; revision=17454
Attached a small patch to top level Makefile.am to include the recently
added diamter data files chargecontrol.xml and TGPPSh.xml
From jaaap Keuter:
I've polished up the README.malloc describing ememified memory management. It's basically the same information, but made a bit more accessable. All this in response to bug 511
svn path=/trunk/; revision=16845
new: -D to list interfaces
changed: -i will also accept indices (rather than complete names only)
text copied from the tethereal.pod file
svn path=/trunk/; revision=16793
that if you want to send text to a file, just redirect the standard
output. I've seen at least one message on the Ethereal lists from
somebody who didn't realize that, and I think I've seen more.
svn path=/trunk/; revision=16737
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
I've edited this a bit, without the real knowledge :-(, to make it:
a. look better
b. make more sense (at least to me)
svn path=/trunk/; revision=16325
remove Byte(s) from the dropdown list of filesizes, this doesn't make sense
replace 1000 with 1024, as all (modern?) file managers are based on 1024 bytes for a kilobyte (the old KB vs. KiB controversy)
svn path=/trunk/; revision=16149
IPv6 addresses. Use "tvb_get_ipv4()" in the WINS Replication dissector,
so that it gets the right answer on little-endian *AND* big-endian
machines.
svn path=/trunk/; revision=15753
Makefile.nmake instead of doing our own XCOPYing. Use the "clean-deps"
target when we're done instead of leaving DLLs lying around.
Normalize the use of underscores vs hyphens in the "clean-deps" target.
svn path=/trunk/; revision=15704
returned quite a list of files. Add them to MAINTAINERCLEANFILES.
Whitespace changes (replace multiple spaces by TABs, in a few cases this
needed to be done at the beginning of Makefile lines.
svn path=/trunk/; revision=14891
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
in the plugins subdirectory. This target will copy all plugins to plugins/$(VERSION), thus (t)ethereal will
find and load the plugins when called from within the source tree.
call this target from the main nmake makefile after
installing other dependencies. call it from the nmake makefile
in the doc subdirectory before calling "tethereal -G".
This way "tethereal -G" will recognize the filterable
fields from the plugins, too.
svn path=/trunk/; revision=14284
This target will copy all files, mainly dlls, which
are necessary to run (t)ethereal to the source tree.
After copying all necessary dlls to the source tree,
you can run (t)ethereal directly from the source tree.
svn path=/trunk/; revision=14259
Boolean value that's true if any of the bits in question are set and
false if none of them are, not to an integer or slice value with the
only the bits set in both values set.
svn path=/trunk/; revision=14033
not the result of dissecting that data.
Note that "-F" applies to the output of "-w", that "-S" says "dissect
and print even if you're doing '-w'", and that "-T" applies to the
dissected output, not the "-w" output.
svn path=/trunk/; revision=13975
it serves the same purpose as the register routine in a built-in
dissector, and don't require all dissectors to have one, as they might
just be taps.
Get rid of the stats tree's init routine, as it's just a tap, and as it
doesn't do anything.
Update the idl2eth Python script to generate plugins with register routines.
svn path=/trunk/; revision=13644
Introduce a new init routine for plugins,
which does not take the plugin api table as an
argument and allows etheral to distinguish
between plugins using the old and the new api.
Update README.plugins accordingly
Change all g_warnings() in epan/plugins.c to report_failue().
On windows we do not have a log console open while
loading the plugins, because a log console cannot be opened before the prefs have been read. Thus g_warnings()
does not work for reporting problems with plugins.
svn path=/trunk/; revision=13596
(it's now in an "ethereal" directory, so there's no need for it to have
a name that distinguishes it from files for other programs) - if it's
not found as "preferences", try "ethereal.conf" for compatibility - and
update the man pages appropriately.
Fix a typo in the section color filters (the file name is "colorfilters",
not "color filters").
svn path=/trunk/; revision=13559
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
section, as is done for other files. Just refer to those files in the
section for the "Save" button for the capture and display filter dialog
boxes.
svn path=/trunk/; revision=12398
the platform for which we're building (and that both should be avoided
if possible, i.e. write your code so that it works on all platforms).
svn path=/trunk/; revision=11973
particularly, should disregard all the renaming they did of some
routines, as the old names work Just Fine in 2.x but the new names don't
work in 1.2[.x]).
svn path=/trunk/; revision=11936
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
the specified filter.
Note in the manual that you can't use capture filters when reading a
capture file, and that read filters might require too much CPU when
doing a live capture.
svn path=/trunk/; revision=11594
before using its value, or must check for a null return value and handle
it specially, otherwise you put Ethereal at risk of crashing with bad
packet data.
svn path=/trunk/; revision=11475
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
interval, not over the entire capture (a sum over the entire capture
would yield only one value, which isn't very interesting to plot).
svn path=/trunk/; revision=11359
have to", indicating that if it's too much work to explicitly test for a
null protocol tree, you might want to avoid those tests and rely on the
protocol tree routines not to do much work if passed a null protocol
tree pointer.
svn path=/trunk/; revision=11346
"-T" option.
Talk about packet details rather than the protocol tree, just as we do in
the Ethereal manual page.
Clean up the descriptions of some of the "-z" options.
Fix some typos.
svn path=/trunk/; revision=11344
use to format 64-bit integers.
Fix the RSVP dissector to use that rather than hardcoding "%ll" in.
Remove the "only if G_HAVE_GINT64 is defined" bit from the discussion of
64-bit integers - we're too dependent on having them to support
compilers that don't have a 64-bit integral data type. Do, however,
note that neither "long" nor "long long" are acceptable, and also note
that you shouldn't assume "%ll" does the trick for printing them.
svn path=/trunk/; revision=11182
and not writing to another capture file, for use with "-z" options.
Note that "-z proto" *doesn't* print statistics at the end - it modifies
the packet summary output.
Note that on at least some BSDs the "status" character is set to "off"
by default, so you have to set it explicitly in order to be able to ^T
an application such as Tethereal.
svn path=/trunk/; revision=11038
convenient to put into a command line (no capital letters, no spaces to
require quotes), and one that's a detailed description for use in the
UI. Allow either of them in the preferences file or "-o" option; use
the detailed description in the UI, and also use it when writing the
preferences out, so that the preference will be readable by older
versions of Ethereal (assuming the preference existed in that version).
Update "README.developer" to give more detail about an enum_val_t (and
to put the _t in), and to give a more detailed description of the
"radio_buttons" argument to "prefs_register_enum_preference()".
svn path=/trunk/; revision=10982
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
calls the middle pane the "Packet Details" pane, which is perhaps less
geeky than "Protocol Tree". Update the man page to call it the "packet
details".
Update the description of the menu items to more closely reflect current
reality.
svn path=/trunk/; revision=10781
will not swallow the '\r\n' line end sequence when invoking chomp(), but
instead the '\r' character will remain. For this reason, chomp() cannot
be used and global removal of '\r' and '\n' characters must be used
instead, like in: $_ =~ s/[\r\n]//g;
svn path=/trunk/; revision=10719
line to every Makefile.am file for a given plugin XXX:
XXX_la_LIBADD = -L../../epan -lethereal @GLIB_LIBS@
This way symbols defined in libethereal and GLib are resolved when linking
the plugin dissector modules.
svn path=/trunk/; revision=10601
own modified Per-VLAN STP, so there's some extra stuff at the end of the
packet that needs to be decoded).
Indicate in a comment in packet-cisco-oui.c what PVSTP is.
svn path=/trunk/; revision=10589
Update README.plugins to use ENABLE_STATIC instead of __ETHEREAL_STATIC__
Update some plugins, that were created after my changes according to the
outdated docs.
Changed occurrences of
G_MODULE_EXPORT void plugin_reg_handoff(void)
into
G_MODULE_EXPORT void
plugin_reg_handoff(void)
as the one line Python version doesn't work with the Python of Suse 9.0
svn path=/trunk/; revision=10281
"tvb_get_ptr()".
Add a section on roubustness, giving a number of potential problems that
aren't just portability problems.
Document "tvb_get_string()" and "tvb_get_stringz()", better document
"tvb_memcpy()" and "tvb_memdup()".
Fix a typo.
svn path=/trunk/; revision=10239
date/time IE, so support IE lengths of 5 (no seconds) or 6 (includes
seconds).
Merge the two AUTHORS and man page entries for him.
svn path=/trunk/; revision=10089
"congestion" bit for ECN. Show it as a reserved bit.
Put semicolons, not commas, at the end of the calls to put flags field
bits into the protocol tree.
svn path=/trunk/; revision=10087
* Added decoding of Transport type/trigger
* Updated service code's text to match specification
* Added new vendor IDs from ODVA
* Added service etc to info column, formatted info column for
easier overview
* Added actual time out calculation for Forward close,
Unconnected send
* Fixed bug, port not shown for extended addresses
* Added Network Segment to EPATH decode
* NOP packets not decoded as they contain Common data Format
svn path=/trunk/; revision=9979
dissectors for protocols that put non-802.3 packets inside 802.3 frames
can intercept 802.3/Ethernet frames before they're dissected as
802.3/Ethernet packets.
svn path=/trunk/; revision=9976
into "lapd_sapi.h". Use that to register the Q.931 dissector atop LAPD.
From Rolf Fiedler: ISDN TEI management frame support.
svn path=/trunk/; revision=9864
Support for dissection of concatenated SMPP PDUs.
Also:
Add more information to the protocol tree summary.
Clean up the white space so it's in-line with the conventions
of the original author (8-space tabs, 4-space indentations).
svn path=/trunk/; revision=9696
add 3 new vendors;
add 3 non-encapsulated Merit vendor-specific attributes;
display the authenticator in the protocol tree.
svn path=/trunk/; revision=9651
to export to other dissectors.
Describe the "if (tree)" construct and its sense by introducing 2 operation
modes of Ethereal:
(a) operational dissection (tree == NULL)
and
(b) detailed dissection (tree != NULL).
Fix some typos.
svn path=/trunk/; revision=9495
except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.
svn path=/trunk/; revision=9342
From Anders Broman: patches to various makefiles and configure scripts
to build the V5UA dissector, and patches to make it compile.
From me: .cvsignore file, and NSIS patches.
svn path=/trunk/; revision=9311
we've gone through the trouble of finding the path, we should use it,
and if the user explicitly said where it is, we should *definitely* use
it), and add the output of "$NETSNMPCONFIG --cflags" to CFLAGS and
CPPFLAGS before searching for Net-SNMP headers, so we check the
appropriate directory for them.
svn path=/trunk/; revision=9303
Eventually, -Tps will not force -V, and will print summaries when -V is
not selected. However, work still has to be done there.
svn path=/trunk/; revision=9218
Always capitalize the names "Ethereal" and "Tethereal" (we don't
capitalize the command names, however, as they're all-lower-case).
Note that you can find out from the GUI whether Ethereal was built with
the PCRE library or not.
Fix a typo.
svn path=/trunk/; revision=9211
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
From Michael Lum:
Modified for better TCAP separation, fixed EOC handling (a la
TCAP).
Added parameter parsing (although not dissection or naming).
svn path=/trunk/; revision=9160
This makes the CulmulativeBytes field make more sense since if we want
something to be a TimeReference frame it is likely that we also want to
measure BOTH time and number of bytes (==culmulative bytes) until the event we are looking at.
svn path=/trunk/; revision=8956
correct and enhance support for RSVP FAST_REROUTE and DETOUR
objects (source: draft-ietf-mpls-rsvp-lsp-fastreroute-03.txt);
support an RSVP SESSION_OBJECT object with ctype = 1. This
object contains resource affinities (source: RFC 3209).
svn path=/trunk/; revision=8913
Note that you have to modify plugins/Makefile.nmake.
Fix "plugin/" to "plugins/".
Update the sample Makefile.am and Makefile.nmake to match the current
state of affairs.
svn path=/trunk/; revision=8899
any string pointed to by the preference variable - as the value we set
it to is allocated, we should free it after registering the preference.
The register routine is called only once - don't worry about whether
"gbl_diameterDictionary" is null or not.
Get rid of a duplicate credit entry in the man page.
svn path=/trunk/; revision=8813
pointer arguments to "proto_tree_add_XXX" functions are copied - if you
allocated a buffer for one of them (e.g., a string), and you don't free
that buffer when you're done with it, you'll leak memory.
svn path=/trunk/; revision=8796
See manpage (hopefully manpage does not reformat my nice ascii graph)
While Service Response Times and the MIN/MAX/AVG thing in io-stat are measurements on the server load. The new measurement type LOAD is a measurement of Client LOAD.
Or rather, it is an attempt to measure client LOAD by measuring how much concurrency in its requests the client generates. It the client is slow in starting new i/o when a previous i/o has completed, this willb e indicated by the concurrency being lowered.
it is an experiment. i am not aware of any other attempts in deducing client workload from looking at captures.
svn path=/trunk/; revision=8706
Add a preference to control whether the "File > Open" dialog box
should start out in the last directory in which it looked - and
save that in the preferences file across invocations - or should
always start out in a user-specified directory, and add another
preference to specify that directory.
Write out section name comments into the preferences file.
Clean up white space a bit.
svn path=/trunk/; revision=8699
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
svn path=/trunk/; revision=8459
support for user-supplied interface descriptions;
support for hiding interfaces in drop-down list in capture
dialog.
Clean up comments written to preferences file.
svn path=/trunk/; revision=8419
Rename it from Endpoint Talkers to : Conversation List
Change command line arguments to both tethereal and ethereal
to be -z conv,<type>
to reflect the new name Conversations
This is the last time the tethereal cmd line arg is changed. But now it has a
proper intuitive name at least.
io,users was weird
talkers was too close to names used in other tools
svn path=/trunk/; revision=8379
Service-over-Frame-Relay support, including preference for Frame Relay
to select FRF 3.2/Cisco HDLC encapsulation or encapsulation of GPRS NS
PDUs.
svn path=/trunk/; revision=8362
packets that passed the current display filter, as well as about the
entire capture.
Document the Tools:Summary item in the man page.
Update Gerald's e-mail address.
svn path=/trunk/; revision=8344
use Export and Import for the buttons in GTK+ 2.x as well;
get rid of a duplicate fclose;
other fixes.
Update the description of color filters in the Ethereal man page to
reflect the change, clean up the formatting (use =item), and add the
global and personal color filters files to the FILES section; refer to
them as "color filters" files rather than "colorfilters" files, as the
FILES section gives the "colorfilters" file name so you don't have to
use that as the name.
Clean up white space.
svn path=/trunk/; revision=8285
Extract the FCS decoding section of the PPP_HDLC dissector to
allow the CHDLC dissector to use the same routine.
The ppp_options used for preferences has been renamed to
fcs_options and exported via packet-ppp.h so CHDLC gets a
separate (but identical) FCS preference.
This means prefs.h has to be included before packet-ppp.h so a
couple of ppp related files (packet-{gtp,null,raw,vj}.c) had
their includes slightly re-arranged.
From me: make the PPP/CHDLC FCS code use "crc32()" to check the 32-bit
FCS.
svn path=/trunk/; revision=8271
windows can also be invoked from the Ethereal command line using the -z
talkers argument" (as pod2man suggests be done).
svn path=/trunk/; revision=8244
Update the talkers tap for tethereal (iousers) and change the command line to invoke the tethereal version from -z io,users, to -z talkers, to be the same
as for ethereal.
Sorry if it breaks some scripts but io,users was a very nonintuitive name for this option.
talkers is not much better but at least a little bit more descriptive/intuitive. Anyone with a better name for this are welcome to provide a patch.
The tethereal version is now agnostic to wether v4 or v6 are transporting UDP/TCP
svn path=/trunk/; revision=8236
A scrollable GtkCList is used now for both GTK1 and GTK2.
Removed "overall" line from statistics table. It is not useful.
"Response Time Delay" was renamed into "Service Response Time".
Menu Item moved to "Service Response Time" folder.
As Ronnie suggested, the active display filter is now used as
default statistics filter.
svn path=/trunk/; revision=8205
draft-ietf-dhc-dhcpv6-28,
draft-ietf-dhc-dhcpv6-opt-prefix-delegation-04, and
draft-ietf-dhc-dhcpv6-opt-dnsconfig-03, and addition of NIS and time
configuration option drafts draft-ietf-dhc-dhcpv6-opt-nisconfig-02 and
draft-ietf-dhc-dhcpv6-opt-timeconfig-02.
svn path=/trunk/; revision=8182