The 'null' placeholder has been used in such a fields. Otherwise
the json dumper would complain for the lack of a value, getting
confused by a double name add without values.
Bug: 15628
Change-Id: I016325790f8d4a02ed9288225e861ba2d23a82f9
Reviewed-on: https://code.wireshark.org/review/32532
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fix warning found with clang and -Wdocumentation CFLAG
Change-Id: I9fc122012161c5942c08cb90a9aeda1da6185180
Reviewed-on: https://code.wireshark.org/review/31808
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of using the current date (that can differ from packets)
take if from the current frame. That will put the frame in an index
related to its capture date instead of its loading date.
Small indentation fixes.
Change-Id: If9f9dad1399c2b1bf145e8bcc45a6936e4599cd7
Reviewed-on: https://code.wireshark.org/review/31204
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This fixes the following asserts
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=598, func=0x7ffff4e12e20 <__func__.18585> "proto_tree_write_node_pdml",
message=0x555555aaab70 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=983,
func=0x7ffff4e12e40 <__func__.18697> "write_json_proto_node_hex_dump", message=0x555555aac9d0 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4 0x00007ffff39a8f87 in write_json_proto_node_hex_dump (node=0x7fffdc86e550, data=0x7fffffffce60) at /home/vasko/sources/wireshark/epan/print.c:983
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e12010 "/home/vasko/sources/wireshark/epan/print.c", line=1299,
func=0x7ffff4e12ef0 <__func__.18804> "ek_write_hex", message=0x555555aac290 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4 0x00007ffff39a9a32 in ek_write_hex (fi=0x7fffdc86e4e0, pdata=0x7fffffffce90) at /home/vasko/sources/wireshark/epan/print.c:1299
Change-Id: I48a7e87863fb6708cd668582a240e5ba71d1b5a0
Reviewed-on: https://code.wireshark.org/review/28891
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tshark poorly handles printing when using -T options where a field
contains newline, carriage return, or other special characters such as tab.
Bug: 14907
Change-Id: I94a797bb98b94aac254bcd2e6911b37192e9c91f
Reviewed-on: https://code.wireshark.org/review/28442
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
For each occurrence, if there was already an occurrence in the array, we
were just removing it. not freeing what it pointed to.
While we're at it, expand comments. and always check the array size with
"!= 0", not "> 0" - the value is unsigned, so they're equivalent, but
this makes the code more self-consistent.
Change-Id: I538f46b296a7721a39ba4366c2f6269e7e097b0d
Reviewed-on: https://code.wireshark.org/review/26328
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some oddities with regard to file permissions have crept into
the repository. Reset execute rights on various files which do
not need them.
Change-Id: Ib05658072925d59fc682173673c5638d157a269a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25490
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5b2006a74e95759afce518aaadfe47c54978476a
Reviewed-on: https://code.wireshark.org/review/24215
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Collects multiple values of the same field into an array.
Empty protocols are now written as empty objects to not conflict
with the same protocols in other packets.
Remove _score since it has no effect.
Bug: 12958
Change-Id: Ibe8ea9bc1e3e63dea1fe4eaf522fa38cad88a17f
Reviewed-on: https://code.wireshark.org/review/24171
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When using the Elasticsearch output but only printing the packet
summary with -P a segfault will occur because the empty packet
tree is not properly handled in this case.
Change-Id: I0c91314ae013785ae6dceabd6af33db4b836d1b2
Reviewed-on: https://code.wireshark.org/review/24153
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Refactors the ES output to use hash tables and lists in preparation
of deduplicating fields. ES 5.x allows those, but will only store
the last instance and discard any other without warning.
ES 6.x altogether refuses to accept documents containing
duplicate fields.
This change should not change the output of Tshark in any way.
A subsequent change will introduce the actual deduplication.
Bug: 12958
Change-Id: I329ef0878e33b42d65a53bcac977429d87cde3ca
Reviewed-on: https://code.wireshark.org/review/23042
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's not available at the old URL any more.
Change-Id: Id8baba5e02cf0e3227365f53a11caa054ef2c40f
Reviewed-on: https://code.wireshark.org/review/23165
Reviewed-by: Guy Harris <guy@alum.mit.edu>
color_t is 16-bit per channel, the print string assumes the usual 8-bit.
Use 8-bit per channel as per older patches proposed for bug 6682 via
color_t_to_rgb().
Change-Id: I7d71bc04e52376c0ecb598aedafa066f982de840
Ping-Bug: 6682
Reviewed-on: https://code.wireshark.org/review/23154
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some hf_ variables were "cached" in print.c to break dependency on (frame)
dissectors. They are no longer used (and check*.pl scripts found them)
Change-Id: Ib46e5f5e58da54b6d7a3f85586581507f653c55a
Reviewed-on: https://code.wireshark.org/review/22078
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Packet ranges are used only in the UI; move the packet range stuff into
libui.
Don't pass a print_args_t structure to libwireshark packet-printing
routines, just pass the few parameters they need. Move the declaration
of print_args_t into file.h.
Change-Id: Icff5991eea7d7d56f33b4716105895263d275bcf
Reviewed-on: https://code.wireshark.org/review/21308
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)
The modification in tshark -T json -x and new tshark -T jsonraw output
add into hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.
Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Modified epan/print.c to use function print_indent
Change-Id: Iefcb1e3c7813919c6af70d57a4f8a6f921595360
Reviewed-on: https://code.wireshark.org/review/20060
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For fields that contain both a value and a subtree, print the value and
then create a new item with a _tree suffix for the subtree content
Bug: 13086
Change-Id: I5a3c96bf9895d87faff3925d439bb54b73769a3e
Reviewed-on: https://code.wireshark.org/review/18663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
- reinitialize the variable used to insert comma between packets when
performing a new export
- ensure that escaped ASCII characters are code on 4 digits characters
Change-Id: Ib557da4843f6b98f793b60e417260ebb27a38b99
Ping-Bug: 13073
Reviewed-on: https://code.wireshark.org/review/18598
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs