Specificaly:
For a field type FT_BOOLEAN:
- If the bitmask field is zero, then the 'display' field
must be 'BASE_NONE';
- If the bitmask field is non-zero, then the 'display' field
must be the field-width of the parent bit field.
svn path=/trunk/; revision=41379
1. Compile and link with (almost exactly) the same options as used
when building Windows Wireshark Gtk.
The options used allow debugging of the exe using Visual Studio exactly
as is done for Wireshark Gtk.
Essentially: configure the "release" version to compile and link with
symbols. (See ui\qt\QtShark for the details).
2. Update QtShark.pro to create a Makefile only for 1 version of Wireshark Qt
which is linked against the "release" Qt libraries.
(IOW: don't create a "debug" Makefile).
3. Remove unused variable assignments from config.pri.
(They can be added back if needed in the future).
svn path=/trunk/; revision=40768
letting Boring Old Make do it; I have that autotools+make working with a
--with-qt option, albeit in a not-yet-ready-for-prime-time state.
svn path=/trunk/; revision=40618
more hard-coded definitions from QtShark.pro. Quote an error message to
fix a Qt Creator complaint.
Add ui\qt\config.pri to the top-level "all" nmake target.
Update README.qt.
svn path=/trunk/; revision=40607
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
given link-layer type, e.g. 802.11, might have multiple header types
(802.11, 802.11 plus various radio headers, Ethernet), and multiple
link-layer types might have the same header type (802.11 interfaces
might supply Ethernet headers, and Linux loopback interfaces supply
Ethernet headers as well).
Point to tcpdump.org's page of link-layer header types, rather than to
the net/bpf.h header that 1) might not exist on your system and 2) might
not be up-to-date if it does exist.
svn path=/trunk/; revision=39529
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..."
should be increased from milliseconds to microseconds (from 3 to 6 decimal
places) in order to be consistent with -z relative time-related options such as
"-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places.
[Please note that separate enhancement requests for 6 decimal of precision in
Wireshark will be submitted shortly.)
2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames
and bytes should each have 15 spaces like all the other column types.
3.) The types "FRAMES" and "BYTES" should be added to allow users to display
these values separately and allow for filters to be specified.
4.) The 'SUM' option should allow for relative time values such as SRTs to be
summed. This would be useful for the calculation of such things as
request concurrency (total_SRT_time / duration).
5.) The tshark man page needs some corrections and readability improvements
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915
svn path=/trunk/; revision=37555
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
TODO: Add a Wireshark tap or look into possibly using the stats tree instead.
Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so
it might be possible to make use of this information to estimate the total SRT.
(See bug 5770 for more details.)
svn path=/trunk/; revision=36561
if an error occurred while processing.
E.G.,: For the default (no -C option):
'capinfos invalid.xxx' or 'capinfos a.pcap invalid.xxx c.pcap'
should exit with an error status
(after processing all the input args) if there is an error for invalid.xxx.
With this fix, I expect fuzz-test.sh (and list_protos_in_cap.sh
and presumably other scripts) will work a bit more as as expected.
svn path=/trunk/; revision=36487
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointer to a NULL-terminated string in the TVB. It is no safer than dissectors
which call tvb_get_strsize() and then tvb_get_ptr() but it makes it clear that
this usage of tvb_get_ptr() is safe.
This function is slightly more efficient than tvb_get_ephemeral_stringz()--but
only as long as we're not using composite TVBs.
svn path=/trunk/; revision=35493
tvb_get_ephemeral_fake_unicode() functions have been superceded by
tvb_get_unicode_string() and tvb_get_ephemeral_unicode_string() respectivey.
svn path=/trunk/; revision=35349
is a unicode (UTF-16) version of tvb_get_ephemeral_stringz(). It scans
a tvbuff for a UTF-16 string and converts it to UTF-8 upon return.
svn path=/trunk/; revision=35253
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Chris Maynard