* ptvcursor_push_subtree(), ptvcursor_pop_subtree() for pushing/popping
subtrees. Multiple levels of subtrees (256 max.), allocation per 8 levels.
* Two new functions creating an item in the tree and pushing a subtree at the
same time. These two functions accept an undefined length
(SUBTREE_UNDEFINED_LENGTH). The length of the item is set at the next pop.
1) ptvcursor_add_with_subtree
2) ptvcursor_add_text_with_subtree
- get rid of potential memory leaks with g_new in ptvcursor_new().
- Documentation of the new ptvcursor functions in README.developer
svn path=/trunk/; revision=21276
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
I have changed the patch according to your suggestions and also changed
the doc[book] files accordingly. I tested the patch and it does seem to
work fine on my test-system.
ULFL: In addition, I've added the en-/disabling to the other (already existing) Copy menu items - some just did nothing, some crashed if nothing was selected.
I've also sligthly changed the menu seperators and made both context menus look a bit more identical.
svn path=/trunk/; revision=21005
I've had a good look at the code in packet-tcp.c, and whilst it's
somewhat impenetrable, I've come to the conclusion that it just doesn't
support multiple pdus as described.
That's not entirely unreasonable in itself; my objection is solely to
the fact that README.developer is completely misleading. In fact, even
the example dissect_cstr won't work on the tcp dissector, because if you
set desegment_len=1 the tcp dissector believes that you know what you
are doing and doesn't let you change your mind later.
Furthermore, 2.7.2 says that you can set desegment_len=-1; that doesn't
work either, because the tcp dissector expects
DESEGMENT_ONE_MORE_SEGMENT, which is 0x0fffffff, which is nowhere near -1.
In short, I think the relevant section of README.developer needs a
rewrite. I attach a patch - comments welcome.
svn path=/trunk/; revision=20974
Here is an updated patch for proto_tree_add_item and the
range_string structure. The new macro RVALS() can be used as the macro
VALS() in the declaration of your hf_register_info with another
structure (range_string). Be aware that you *have to* ORed the value of
the field display with BASE_RANGE_STRING constant and it can 'only' be
used with FT_(U)INT* types in a header_field_info.
svn path=/trunk/; revision=20805
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
In the Developers Guide, Section 9.3, Example 9.17. Decompressing data
packets for dissection
The code calls tvb_set_free_cb() for the newly created next_tvb. This
is unnecessary as the call to tvb_set_child_real_data() adds next_tvb to
the chained list of tvb, thus ensuring that next_tvb is correctly
deleted. In fact when I had the call in, Visual Studio kept breaking
deep down in ntdll.dll, probably because of a double free every time the
main tvb was deleted.
In README.developer, para 2..2.7 The example conversation code doesn't
assign the result of conversation_new() back into the conversation variable.
svn path=/trunk/; revision=20569
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
tcp_dissect_pdus(), pinfo->desegment_len indicates whether your
dissector needs more data from TCP or not - the return value doesn't
indicate that.
Fix typo.
It appears that the Id keyword is one of the case-insensitive ones in
the svn:keywords property, so if you set it to "ID" it still expands
"$Id$"; it also appears not to expand "$ID$". We use Revision, Date,
and Author in the document to indicate the revision, and don't expand
Id, so that references to "$Id$" get left alone.
Rewrap paragraphs.
svn path=/trunk/; revision=19950
config.nmake contains the target INSTALL1_DIR and INSTALL2_DIR. I guess you can retain the previous behaviour by using . for both DIRs, though I never tested this...
svn path=/trunk/; revision=19302
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
Look for a string that starts with "rdp". This should take care of
cases where a default capture filter is set needlessly.
Update the docs accordingly.
svn path=/trunk/; revision=19236
"I ran doc/README.developer through a spell checker and conservatively
changed misspelled words. Attached is a compressed patch with the
corrections."
svn path=/trunk/; revision=19070
Jeff Morriss