1) The tvb + name (aka. data_source) is only used when the protocol tree is visible
The current implementation of add_new_data_source() doesn't take this into account and simply allocates a data_source regardless. This is what packet_add_new_data_source() tries to rectify.
A couple of dissectors have already been switched over to the new packet_add_new_data_source(). Many are still missing. Help appreciated!
svn path=/trunk/; revision=29427
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.
svn path=/trunk/; revision=29066
- Enabled "Copy Description" in the main menu and gave it
accelerator key CTRL+SHIFT+D
- Added "Copy Fieldname" to copy the fieldname of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+F)
- Added "Copy Value" to copy the value of the selected
field in the detail view (Acc.Key: CTRL+SHIFT+V)
- Updated documentation to reflect the changes
svn path=/trunk/; revision=28006
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
proto_can_match_selected() routines, to more clearly separate the two
functions - but have them both call the same underlying routine, so
they both make the same decisions as to whether a match-selected string
can be constructed or not.
svn path=/trunk/; revision=19976
proto_construct_match_selected_string() to indicate what it does - and
have it return a Boolean indication of whether the string could be
built, returning the string through a pointer, and, if that pointer is
null, have it just return the Boolean and not construct the string.
Get rid of proto_can_match_selected() -
proto_construct_match_selected_string() can be used for that, which
means we have only one piece of code that knows whether a "match
selected" string can be constructed or not.
Have proto_construct_match_selected_string() support matching
zero-length FT_NONE (and FT_PCRE, but that shouldn't happen) fields even
if there's no epan_dissect_t, as such a match just checks whether the
field is present.
svn path=/trunk/; revision=19967
was really a problem with bytes_repr_len() and zero-length FT_BYTES
fields, and it's not clear what to do about fields that have zero
length. (Put in a comment about that.)
Clean up indentation a bit.
svn path=/trunk/; revision=19864
a field an empty string if the field is zero-length; for some reason,
the existing code doesn't handle that correctly.
Also, the NetPDL Visualization Extension:
http://www.nbee.org/Docs/NetPDL/NetPDLVisualization.htm
seems to imply that "value" has to be present, so display it even if the
field is zero-length.
svn path=/trunk/; revision=19862
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
object code for libethereal.dll isn't generated by the
makefile in /trunk.
Having no code in /trunk linked into libethereal.dll
anymore, the definition of the macro _NEED_VAR_IMPORT_
can be moved from various source files in /trunk to /trunk/Makefile.nmake .
So do that, too.
svn path=/trunk/; revision=13389
don't use the print mechanism for that - do the writing directly in the
"follow stream" code.
Use "size_t" for character counts.
Make the "hexchars" array static and const, as it's not written to, and
there's probably no point in copying it to the stack (unless that
improves cache locality).
There's no need to explain why we're subtracting the number of bytes
actually read, rather than the number of bytes asked for, from the data
length.
Note an issue with printing lines.
svn path=/trunk/; revision=13240
add radiobutton to allow saving raw tcpstreams
these radiobuttons should, by someone that uses, this feature be changed into
a menu instead.
svn path=/trunk/; revision=13236
array of "const char *" rather than to an array of "char *", and make
the second argument of "col_set_str()" a "const char *" - there's no
guarantee that "col_data" points to something you're allowed to modify.
svn path=/trunk/; revision=12875
really more of an Ethereal/Tethereal component than a libethereal
component (nothing else in libethereal knows about capture files); move
it back out of libethereal. (The range stuff doesn't; we leave it in
libethereal.)
svn path=/trunk/; revision=11898
they should ultimately be split into files with routines that handle
ranges, which are just subsets of [0,2^32), and packet ranges, which are
subsets of the packet list, possibly specified by a range.
Move them into epan, so they can be used by, for example, utilities that
handle ranges, such editcap.
svn path=/trunk/; revision=11890
a structure containing a pointer to print operations for that object and
a pointer to the private subclass-dependent data for that object, with
subclasses for text and PostScript, and use those rather than the old
scheme where a print format was passed as an argument - or where (as in
the case of printing summary information in Tethereal) we just printed
as text even if "-T ps" was selected.
Check whether those routines succeed or get an I/O error writing output.
Clean up indentation.
svn path=/trunk/; revision=11514
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
the "text vs. PostScript" choice. The "text vs. PostScript" choice
should probably ultimately be done with a generic set of print methods,
to handle various platform-native print mechanisms more cleanly (and
perhaps the dialog box code for "export as {PDML,PSML}" should be
separate from the "export as text"/"print" dialog).
svn path=/trunk/; revision=11342
-ps: added formatting hints for ghostscript, so pdf conversion will be much better
-ps: print a thin line at the top and bottom of each page
-ps/text: add an option to start a new page for every packet (formfeed)
svn path=/trunk/; revision=10660
"capture_file" structure. Keep it locally, instead.
Check for errors when printing packets.
Report failure to open a print destination and failure to write to a
print destination differently.
Don't have the "print preamble" and "print final" routines return
success/failure indications - revert to the old scheme where they
didn't, and have the callers use "ferror()" to check for errors.
Report write errors when printing dissections in Tethereal.
Report print errors as errors, not warnings.
svn path=/trunk/; revision=9828
"file_close_error_message()" - but just use "file_write_error_message()"
for UNIX-style errors, under the assumption that a close will only fail
because a buffer-flushing write fails or because "close()" itself fails
when, for example, pushing unsynced NFS client-side writes out over the
wire.
Make several routines in "print.c" return success/failure indications.
Check for write errors when printing "Follow TCP Stream" stuff or saving
it to a file.
svn path=/trunk/; revision=9825
at 0 instead of 1. This works better for Ethereal, as our offsets start
at 0. Change the "geninfo" pseudo-protocol to use pos="0" instead of
pos="1".
svn path=/trunk/; revision=9238
protocol tree fields that don't have values and that are zero-length.
Combine the "if (fi->hfinfo->type != FT_PROTOCOL && fi->length > 0)"
stuff to show the raw value into the previous "if".
svn path=/trunk/; revision=9210
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
pointers to the first *and* last child, in the "proto_node" structure
itself. That saves us one level of indirection and memory allocation,
and lets us append to a tree by appending to the last child directly,
rather than having to scan through the list of siblings of the first
child to find the end of that list.
svn path=/trunk/; revision=9171
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
padding when printing text and use "putline" when printing PostScript.
Eliminate "hexdump", as it's just a special case of "putline".
Have "proto_tree_print_node()" just call "print_line()".
Get rid of "print_ps_hex()" - the font used for the hex dump and the
protocol tree are the same, so there's no need to switch fonts.
svn path=/trunk/; revision=5798
routines; instead, rename "print_hex_data_common()" to
"print_hex_data_buffer()" as it prints a buffer in hex and ASCII (or
EBCDIC), and have it take the print format as an argument.
Have it use "print_line()" to print lines, and fix "print_line()" so
that it prints a buffer *without* a newline at the end, printing the
newline itself.
svn path=/trunk/; revision=5729
common code, rather than in print-format-specific code, and have
"print_hex_data_common()" put out the blank line before the dump itself
rather than relying on the print-format-specific "start printing the hex
dump" code to do it.
svn path=/trunk/; revision=5728
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
static, and add a new "packet-data.h" to declare "proto_data".
Display escape sequences in octal in the IAPP dissector, as is now done
in the RADIUS dissector.
svn path=/trunk/; revision=5441
ETT_NONE entry.
Initialize the "tree_type" field of a "field_info" structure to -1,
meaning "this has not been given a subtree". Add checks before using
that field that it's in range. That way, you have to create a subtree
before putting protocol tree items under another item.
We allocate the "tree_is_expanded" array when we've registered all
dissectors; there's no need to allocate it while we're registering
dissectors and, in fact, doing so means we leak memory (the memory for
the version we allocated while registering dissectors).
svn path=/trunk/; revision=5068
be eliminated (because the function is called through a pointer, and
other functions called through the same pointer *do* use the argument)
as unused.
svn path=/trunk/; revision=5050
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586