https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
We fill out the COL_DSTIDX column by using 'pinfo->dst_idx'. This member is only set by the MDS Header dissector based on 'mdshdr.dstidx'. So remove COL_DSTIDX and migrate to 'mdshdr.dstidx' custom column.
svn path=/trunk/; revision=29795
We fill out the COL_SRCIDX column by using 'pinfo->src_idx'. This member is only set by the MDS Header dissector based on 'mdshdr.srcidx'. So remove COL_SRCIDX and migrate to 'mdshdr.srcidx' custom column.
svn path=/trunk/; revision=29794
We fill out the COL_RXID column by using 'pinfo->rxid'. This member is only set by the Fibre Channel dissector based on 'fc.rx_id'. So remove COL_RXID and migrate to 'fc.rx_id' custom column.
svn path=/trunk/; revision=29793
We fill out the COL_OXID column by using 'pinfo->oxid'. This member is only set by the Fibre Channel dissector based on 'fc.ox_id'. So remove COL_OXID and migrate to 'fc.ox_id' custom column.
svn path=/trunk/; revision=29792
This will eliminate some problems when not checking before calling the
functions, and makes the dissector code looks cleaner.
Cleaning up the dissectors is TBD.
svn path=/trunk/; revision=27806
Up till now every packet in the packet list got a copy of the pointer to the filter expressions for
the last packets' columns. Hence any 'Copy as Filter" on a column got the expression of the last
packet in the packet list. Instead every packet needs to get a pointer to the filter expressions
for its own columns. This requires making a copy of the filter expressions themselves.
Since this is a bug in 1.0 as well the GLIB1 code is provided for backporting, which can later be dropped from the development tree.
svn path=/trunk/; revision=27396
Not implemented for conversation relative and delta time yet, because this
will need a reload as they are set by the dissectors and does not exist in
the frame data.
svn path=/trunk/; revision=25452
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
- Use a fast path for the most common use of tvb_get_xxx functions:
offset is >= 0 and tvb->real_data is set (this one is always true).
- match_strval() is a linear search, put the most common protocols
TCP/UDP/RDP first.
- fix gtk1 g_strlcat declaration Use g_strlcat
svn path=/trunk/; revision=23285
Replace strncpy with g_strlcpy.
Add g_strlcat for GTK1 and don't use g_snprintf in GTK1 g_strlcpy
printf family is very slow.
svn path=/trunk/; revision=23273
- COL_REL_CONV_TIME which is used to display the time relative to the first frame that was seen in the conversation
- COL_DELTA_CONV_TIME which is used to display the delta time from the previous frame of the conversation
It also adds the function "col_set_time()" to "epan/column-utils.[ch]" which can be called from within a dissector to set either of these two columns to the appropiate time.
Last but not least, it lets the tcp-dissector make use of these two columns.
svn path=/trunk/; revision=23058
address_to_str_buf() does now take COL_MAX_LEN as a parameter.
Add support for AT_URI to col_expr for addresses in col_set_addr(). The field names are "uri.src" and "uri.dst".
svn path=/trunk/; revision=23017
different ways, add a set of common conversion routines. Add a
"Frequency/Channel" column and fill it in where we can. Fix RSSI column
printing in PPI.
Fix up whitespace along the way.
svn path=/trunk/; revision=22538
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
start introducing conversations to the usb dissector so that we can start tracking requests/responses
which we need to in order to dissect for example the data returned by a device to a GET DESCRIPTORS call
svn path=/trunk/; revision=19539
instead of calling the tcp analysis (and prepend colingo) eitehr after the subdissector returned normally or if an exception caused by a subdissector was rised.
this as a sideffect caused tcp analysis data to be overwritten if the subdissector caused any output to the info column. (and made tcp analysis suboptimal)
this change adds a new function col_prepend_fence_fstr() that will prepend
the info column with the string and also, if there was no fence already defined, create a fence and set it after the prepended col info text.
This way, even if the subdissectors generate and rewrite col info, the tcp analysis data will still be displayed on the info column.
svn path=/trunk/; revision=16116
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
This is extremely useful, to keep track of the corresponding request/response packets of a DCE/RPC call (which can be quite a lot packets if fragmentation is used).
svn path=/trunk/; revision=14826
changed the behaviour of get_addr_name:
- resolve to a name if the address supports it
- call address_to_str if it does not, but the address is valid
- return "NONE" if it is AT_NONE
svn path=/trunk/; revision=13463
array of "const char *" rather than to an array of "char *", and make
the second argument of "col_set_str()" a "const char *" - there's no
guarantee that "col_data" points to something you're allowed to modify.
svn path=/trunk/; revision=12875
to resolve it to a name.
Fix up some const-pointer-to-non-const-pointer, and
function-pointer-to-void-*, conversions.
Fix some comments.
svn path=/trunk/; revision=12863
rather than "col_buf", so that we correctly handle a column set with
"col_set_str()" (where we set "col_data" to point to the string, and
leave "col_buf" alone).
svn path=/trunk/; revision=11818
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
support the ISUP CIC as a circuit ID;
add a preference option to control whether to put the CIC into
the Info column or not.
svn path=/trunk/; revision=10265
menuitems under "View->Time Display Format".
renamed timestamp enum items e.g. from ABSOLUTE to TS_ABSOLUTE,
to prevent conflicting definitions with MSVC
svn path=/trunk/; revision=9729
captures, as it has to compute the width of an auto-resizing column in
every row. Just pick fixed widths for the columns (and tune the width
of the "Protocol" column so that it's not narrower than the column
title).
svn path=/trunk/; revision=9219
last columns, if any, with that format, and use that to speed up
processing of columns with a particular format and checking whether
we're displaying a column with a particular format.
svn path=/trunk/; revision=9147
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
svn path=/trunk/; revision=8459
Ethereal presents a column to display culmulative bytes into the capture.
A new column type is added : Culmulative Bytes.
While PacketLength column type specifies the number of bytes in the current packet,
Culmulative Bytes specifies the culmulative number of bytes from the start of the capture.
svn path=/trunk/; revision=8359
expression information if the address type is AT_NONE -
"address_to_str_buf()" panics if passed an AT_NONE address, as there's
nothing sensible one can do with them. (A null string wouldn't be
appropriate here, as a dissector might have set the address columns to a
string.)
svn path=/trunk/; revision=8269
which fills in a caller-supplied buffer.
Create "_buf()" versions of various "to_str" routines for various
address types, and create a routine to map SNA FIDs to strings, and use
them to finish up "address_to_str_buf()".
Get rid of the declaration of "sna_fid_type_4_addr_to_str()" in
"packet-sna.h", as that routine has been swallowed up in
"sna_fid_to_str()".
svn path=/trunk/; revision=8260
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
multi-byte integral quantities and blithely dereference them, lest thou
enrage those of us who work on machines that trap on unaligned
references.
svn path=/trunk/; revision=7021
- A new decoder called MDSHDR which decodes the internal header of the
Cisco MDS switch (this is different from the Boardwalk header).
- Support for some more new columns as part of FC support.
- Fixed the decoding of the Special Frame in FCIP.
- Fixed the decoding of credit management type field in FLOGI/PLOGI frame
in FC-ELS.
svn path=/trunk/; revision=6974
channel number, X.25 logical channel number).
Clean up white space and the like, and get rid of unnecessary arguments
to "col_set_port()".
svn path=/trunk/; revision=6772
item to look more-or-less like a PPP packet, just dissect it in place
and hand off to the appropriate subdissector using the PPP dissector's
handoff table (which we export, along with its value_string table for
protocol IDs, which we use to report the protocol ID symbolically).
This means there's no point in having a configurable option to control
whether to do that tweaking; make it an obsolete option.
Bring "col_get_writable()" back from the dead, and have the GTP
dissector save the current "writable" flag for columns, mark the columns
non-writable before calling the subdissector for the PPP configuration
protocol, and restore the state of the writable flag, rather than
putting the columns back after the PPP configuration protocol's
dissector is done.
Fix some more typos in comments.
Don't register the IP dissector in the "ppp.protocol" table in the GTP
dissector's handoff registration routine - it's already being done in
the IP dissector's handoff routine.
Fix the name for CHAP to match what RFC 1994 calls it (if the name
changed, it should be changed in all places, but, at least according to
this message, a while ago, from Bob Sutterfield, "since the RFC defines
the protocol, the RFC defines the name":
http://mail-index.netbsd.org/netbsd-help/1996/05/16/0011.html
and the RFC defines the name as "PPP Challenge Handshake Authentication
Protocol (CHAP)").
svn path=/trunk/; revision=6617
generating a filter expression to match the address, so it's parsed
correctly (as a hex number rather than a string) if there are
non-decimal digits (A through F).
svn path=/trunk/; revision=6481
"pinfo->srcport", and "pinfo->destport" appropriately in the IPX
dissector. Add support for PT_IPX port types in display columns.
Have an "spx.socket" dissector table, similar to the "ipx.socket"
dissector table, and have the SPX dissector use that, with the IPX
socket numbers from "pinfo->srcport" and "pinfo->destport", so that
dissectors for protocols that run atop SPX can register with particular
socket numbers. (Think of it as similar to what would have been the
case had the IP header had 16-bit source and destination port numbers,
and had TCP and UDP used those port numbers rather than having port
numbers in their headers.) Also, have the SPX dissector dissect
subprotocols regardless of whether we're building a protocol tree or not.
Use the dissector handle for the IPX message dissector for both IPX
socket numbers; there's no need to create separate handles for both
registrations.
Have NDPS register as a subdissector of the SPX dissector, using
"spx.socket", and get rid of the duplicate SPX dissection in the NDPS
dissector.
Make the NDPS dissector set the columns regardless of whether a protocol
tree is being built, and clean up the dissector (fixing some bugs).
Get rid of unneeded includes in "packet-ndps.c".
svn path=/trunk/; revision=6424