http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
exception rather than aborting the program; using it means that
dissector bugs show up as such rather than as malformed packets.
svn path=/trunk/; revision=20532
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
This should mean that all fvalue_set() for FT_STRING[Z] are always with already_copied==FALSE
(funny that we never saw someone trying to g_free("[ Null ]") which might have happened before)
svn path=/trunk/; revision=20245
this primarily removes code and simplifies (==eliminates) the need to track the data that is allocated and should potentially be slightly faster than a slab allocator.
however these functions are called A LOT so there might be a performance hit when using emem with full debugging canary values and all the bells and whistles activated.
this change also makes any future attempt to parallellize dissection of frames easier if we just make the ep allocator allocate from a threads specific ep pool.
(something we would have to do anyway to make ep allocations multithreaded)
this works in all my tests so far but needs more test coverage.
svn path=/trunk/; revision=20194
proto_can_match_selected() routines, to more clearly separate the two
functions - but have them both call the same underlying routine, so
they both make the same decisions as to whether a match-selected string
can be constructed or not.
svn path=/trunk/; revision=19976
proto_construct_match_selected_string() to indicate what it does - and
have it return a Boolean indication of whether the string could be
built, returning the string through a pointer, and, if that pointer is
null, have it just return the Boolean and not construct the string.
Get rid of proto_can_match_selected() -
proto_construct_match_selected_string() can be used for that, which
means we have only one piece of code that knows whether a "match
selected" string can be constructed or not.
Have proto_construct_match_selected_string() support matching
zero-length FT_NONE (and FT_PCRE, but that shouldn't happen) fields even
if there's no epan_dissect_t, as such a match just checks whether the
field is present.
svn path=/trunk/; revision=19967
checks that we do when we try to construct the filter expression for
"match selected" - this means we don't just assert that all FT_NONEs are
filterable, as they aren't.
svn path=/trunk/; revision=19961
proto_construct_dfilter_string() the default, so you add explicit cases
only when the type needs to be treated specially, so we don't end up
with types where we forget to have a case.
svn path=/trunk/; revision=19959
pseudo-field by looking at the ID for hf_text_only. Apparently
some fields really don't have 'name' fields, but we still want
their info to be dumped out.
svn path=/trunk/; revision=19763
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
- register H.225.0 over TLS (configurable port 1300)
- register SIP over TLS (fixed port 5061)
- new function proto_tree_get_root()
svn path=/trunk/; revision=19059
Hi,
This patch allows FT_NONE items to be built into filter expressions
(i.e. testing for their presence or absence rather than comparing with a
value) using the Apply|Prepare a Filter menus. What drove me to add
this was having to type in !tcp.analysis.out_of_order.
Does this seem reasonable?
Regards,
Martin
svn path=/trunk/; revision=18782
This way we ensure that errors are displayed during protocol registration.
Use g_error instead of g_warning, if not allowed characters are used in display filter names for protocols. Extend the error message in this case.
svn path=/trunk/; revision=17248
"proto_tree_add_XXX_format()" routines except that the format doesn't
have to include the field name - the field name, followed by ": ", are
put into the representation string, followed by the result of the
formatting, so you just format the value with the format string, not the
entire representation.
svn path=/trunk/; revision=17221
proto.c uses the wrong pointer in error msg.
Me:
Be more verbose in case of illegal characters when
registering filter names.
svn path=/trunk/; revision=16986
While looking into bug 239 I found a type mismatch in proto.c. Even
though tree_is_expanded is defined as a (gboolean *) the memory
allocation is carried out using sizeof (gint *). The attached patch
fixes this.
svn path=/trunk/; revision=16877
print register numbers as unsigned (they're guint32);
when printing a PUT_FVALUE instruction, show the value as well
as the type of the value.
That requires that a bunch of types get to_repr methods; add them for
PCRE (FTREPR_DFILTER-only - show the regular expression as text),
tvbuffs (FTREPR_DFILTER_only - show the data as a hex string), integral
types, string types other than FT_STRING, and FT_IPv6.
That means we can use fvalue_to_string_repr() for FT_IPXNET and FT_IPv6
in proto_construct_dfilter_string(), and that we don't need to handle
integer and floating types specially in MATE.
Fix some problems with the PCRE execution code for tvbuff types.
svn path=/trunk/; revision=16369
FT_UINT_BYTES and FT_UINT_STRING correctly when the tree argument is
null (which involves carving proto_tree_add_item() into bits and having
both ptvcursor_add() and proto_tree_add_item() call those bits).
svn path=/trunk/; revision=16287
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
will only process FT_PROTOCOL fields. As a result, proto_item_append_string()
calls may throw a dissector exception, as only a FT_STRING or FT_STRINGZ can be
appended to with this call.
In order to prevent these dissector assertions, silently return from the append
call if the field is a FT_PROTOCOL.
Note that when the tree is visible, the updates of the fields occur normally,
as expected.
svn path=/trunk/; revision=16035
Stephen Fisher