Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
Add TCP/UDP/SSL Follow feature to QtShark
Known issue :
* Duplicate code with GTK (function need follow_info_t struct but in GTK there is some GWidget variable in struct)
* Sometimes TCP Follow fail...
svn path=/trunk/; revision=51883
the same ByteArray twice (and thus calling the GC twice).
This should fix bug 4461.
Changed ByteArray concat to create a new array to be returned.
svn path=/trunk/; revision=51872
registered port numbers in PROTO.prefs_changed.
Now we only need this code in Lua plugins having port numbers prefs:
PROTO.prefs.ports = Pref.range ("Ports", 0, "Port numbers", 65535)
PROTO.prefs_changed()
local udp_table = DissectorTable.get ("udp.port")
udp_table:set (PROTO.prefs.ports, PROTO)
end
svn path=/trunk/; revision=51860
Rename some methods. Add the ability to toggle time and sequence number
origins. Add more keyboard shortcuts. Comment out abs_secs abs_usecs in
the segment struct since it looks like we aren't using them. Make sure
we stay in the same TCP stream.
svn path=/trunk/; revision=51856
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
For those with dissectors outside the source tree, please see tools/convert_expert_add_info_format.pl for help with the conversion. Please do not use expert_add_info_format_internal, as it's support time will be very short lived.
svn path=/trunk/; revision=51844
Also removed the commented out calls to expert_add_info_format to avoid confusion, but left the comments noting the reason it's absent.
svn path=/trunk/; revision=51842
NOTE: Some of the expert group values may need to be checked, PI_UNDECODED doesn't always seem like the right choice. I thought PI_PROTOCOL should be used more.
This concludes the conversion expert_add_info_format for all dissectors (where the function isn't commented or #defined out). Onto the "internal" (epan/lua) uses of the call.
svn path=/trunk/; revision=51841
Jörg Mayer