thing as the display filter (-Y) in that case except with more confusing
semantics.
This also lets us fix -c in the single-pass case to unconditionally count
packets. This isn't the old behaviour (which counted them only if they passed
the read filter) but is more consistent with two-pass mode where they are
counted even if they pass the display filter, since they are counted on the
first pass and the display filter is applied on the second pass.
Anyone who wants to use -c to limit packet count conditionally on them passing a
filter should use it in tandem with -2 and -R: the read filter is applied on the
first pass before the count.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9048
svn path=/trunk/; revision=51556
The limits are enforced during the first pass, and frames that get dropped from
the first pass for this reason aren't available to the second pass at all, so
checking again is redundant.
svn path=/trunk/; revision=51460
Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases
causing problems for wmem_leave_file_scope() - remove that XXX comment and add
back the assertion.
Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense
there. init_dissection is only called from epan_new, so cleanup_dissection
should only be called from epan_free.
Add one missing epan_free call to tshark revealed by the above changes.
svn path=/trunk/; revision=51342
packet information to a terminal (which we assume is the same terminal
as the one to which the packet counts are being printed), as they get in
the way of each other.
Don't print it if we're sending the standard error to a terminal, or if
-q is specified, either.
Put all the setting of print_packet_counts together; it looks as if the
default value of print_packet_counts may have been changed to TRUE and
the code to handle -q wasn't changed to set it to FALSE if -q was
specified rather than setting it to TRUE if it wasn't specified.
svn path=/trunk/; revision=51227
as long options, and thus identified with numbers rather than option
letters as the return value of getopt_long(), we now have to include
capture_opts.h even if we're *not* building with libpcap, to provide
#defines for those numbers.
svn path=/trunk/; revision=51115
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
... as per the XXX comment removed from tshark.c this was a mess to keep the linker
happy... I couldn't!
I did this without even understanding whether calling main_window_update was realy
necessary in most cases. I guess nothing or more specific update cbs would be best.
svn path=/trunk/; revision=50188
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
If we're not doing dissection (in 2-pass mode) then don't try to mark frames
as depended upon: in that case epan has not been initialized so we shouldn't
be looking in the edt (and anyway without dissection there won't be any
dependent frames).
(I'm not convinced there's any reason to run 2-pass mode without dissection,
however...)
svn path=/trunk/; revision=49554
capture_sync.c, not from capture.c, so they should be declared in
capture_sync.h, so callers that use the capture_sync.c stuff but not the
capture.c stuff - such as TShark - get the declarations and get their
implementations compared with the signatures that they should have.
Doing so points out that some of them in TShark *don't*, so fix that.
svn path=/trunk/; revision=49517
it into a separate capture_session structure. capture_opts should
contain only user-specified option information (and stuff directly
derived from it, such as the "capturing from a pipe" flag).
svn path=/trunk/; revision=49493
than the standard error.
In Wireshark on Windows, create a console before doing so and destroy it
before exiting. Don't do that in TShark or dumpcap, as those are
console-mode programs on Windows.
This should fix bug 8609 and still allow "wireshark -D" and "wireshark
-L" to work when the standard output isn't redirected.
svn path=/trunk/; revision=49025
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7530
The frame_data_cleanup function was ambiguous; it was being used for two
different purposes, and did neither of them quite properly. Split it instead
into frame_data_reset and frame_data_destroy, and call the correct one depending
on why we were originally calling frame_data_cleanup.
svn path=/trunk/; revision=48324
When doing second pass tshark, packet data is read to cf->pd (and not already freed cf->wth buffer).
Writting files with two pass analysis never worked, buggy since introducing two pass analysis in r30076.
svn path=/trunk/; revision=47851
is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.
svn path=/trunk/; revision=47758
information to crash dumps and the like. (Currently, we only handle OS
X's CrashReporter, but we should do this on other platforms where this
information can be added and would be helpful.)
White space tweaks.
svn path=/trunk/; revision=47104