date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
An NHRP extension offset of 0 is not an error - it means there are no
extensions.
Start using the address family number to determine the type of
link-layer addresses in NHRP. Don't fetch IPv4 addresses and add them
to the tree - just use proto_tree_add_item().
svn path=/trunk/; revision=28286
some functions to match.
Add GeoIP lookups to the IP dissector. Add a preference for GeoIP lookups,
which is disabled by default.
svn path=/trunk/; revision=27063
GeoIP can map IP addresses to Countries, Cities, AS numbers, ISPs,
etc. If any library paths are defined AND any database files are found,
corresponding columns are added to the endpoint tables in the GUI.
To do:
- Add columns to the conversation list
- Add GeoIP info to "-z conv,..."
- Create a default UAT file.
svn path=/trunk/; revision=26571
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
different ways, add a set of common conversion routines. Add a
"Frequency/Channel" column and fill it in where we can. Fix RSSI column
printing in PPI.
Fix up whitespace along the way.
svn path=/trunk/; revision=22538
add the possibility, that a dissector writer can provide (usually non-trivial) display filters specific for the protocol in question (with an example in packet-dcerpc-pn-io.c), that will appear in the GUI
svn path=/trunk/; revision=22530
such as the fact that Flex strips all but the last component of the "-o"
argument, and that it doesn't generate a header file to declare routines
the generated lexical analyzer defines. Use that script when building
lexical analyzers, and, for each lexical analyzer, include the generated
header file in the generated analyzer.
svn path=/trunk/; revision=22446
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
there's no need for files in DISTCLEANFILES to be in
MAINTAINERCLEANFILES as well.
In epan, split the generated source files into those that should be
cleaned by "make distclean" and those that shouldn't, and have
DISTCLEANFILES include only the ones that should be cleaned by "make
distclean" and have MAINTAINERCLEANFILES include the ones that shouldn't
be cleaned by "make distclean". This should fix bug 1595.
The generated source files don't need to be in EXTRA_DIST.
Use LIBWIRESHARK_DISTCLEAN_GENERATED_SRC and
LIBWIRESHARK_NODISTCLEAN_GENERATED_SRC in epan/Makefile.nmake.
svn path=/trunk/; revision=21882
libraries. A single library is generated with the lex code without the barrier
"stop on warning". Another library is generated from the remaining source
files with the "stop on warning" barrier.
svn path=/trunk/; revision=21813
to work around the "data" field of a GArray being a guint8 *, and
defines a g_array_data() macro to extract that field and cast it to void
*.
Use that header where needed.
svn path=/trunk/; revision=21627
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
UAT is an API to handle User Accessible Tables,
an UAT is basically an array of arbitrary structs that has a file representation
as a mean for mantaining things like:
- the snmp_users_table
- dfilter macros
- ipsec/ssl key bindings
- k12 configuration,
- and many other table-like user modifiable preferences
comming soon gtk's uat_window() and prefs_add_uat()
uat.h is fairly doc[uo]m[m]?ented, a README with a simple example of how is to be used will be available as I write them
svn path=/trunk/; revision=20586
New dissector for ETSI DCP (ETSI TS 102 821).
Code rearranged to look more like other Wireshark dissectors and some warnings/errors
on Windows fixed.
svn path=/trunk/; revision=19981
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
I think I've changed all corresponding appearances from FT_STRING to FT_GUID, so assert the FT_ type as it should only be a FT_GUID now.
Add a generic implementation in guid_utils.h to have a way to store data about GUID to name resolving (something like value_string for e.g. int). It might be better to have a single registry for all GUID's of all dissectors and implement the GUID name resolving into the proto_tree_add... functions.
svn path=/trunk/; revision=18935
FT_UINT_BYTES and FT_UINT_STRING correctly when the tree argument is
null (which involves carving proto_tree_add_item() into bits and having
both ptvcursor_add() and proto_tree_add_item() call those bits).
svn path=/trunk/; revision=16287
04-stream.diff
A simplified packet reassembly API built on top of fragment_add_seq_next for
reassembling fragments that are delivered in-order, where fragments are
identified by a framenum and an offset into that frame. Streams are attached
to a conversation or a circuit and are unidirectional.
svn path=/trunk/; revision=16082
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
Among the improvements are:
- fixes to call-tracking (it's now less likely to confuse two separate
calls, for instance)
- improvements to Information Element dissection (clearer dissection,
dissects more IE types, easier to extend)
- you can now filter on the content of DTMF packets
- Analysis of timestamps (calculation of absolute timestamp, and packet
lateness).
- fixed a couple of assertion failures in subtle corner-cases.
negative relative times:
- get_timedelta()
- addtime()
- ftype-time.c:relative_val_from_unparsed()
I've also moved get_timedelta() and addtime() out of calldata.c into a
new file, epan/nstime.c, as I needed to use them in a dissector I'm
working on (and they therefore needed to go into libethereal).
svn path=/trunk/; revision=15201
This offesr memory allocation with a packet scope making memory leaks less likely and memory management faster.
Add initialization calls for both tethereal and ethereal.
Convert the ip_to_str() function to use this and avoid doing the silly rotating buffers thing it previously did.
We also need an equivalent set of functions for allocation with capture file scope (free when next capture is loaded) but i dont know where to put the free_all call.
svn path=/trunk/; revision=14984
vendor-name-and-next-three-bytes-in-hex) resolution for Ethernet/802.x
hardware addresses.
Move the ARP hardware types into a header file, for use by dissectors
other than the ARP dissector.
svn path=/trunk/; revision=12839
for organizations to an <epan/sminmpec.h> header, and add in the ones
that were used (without #defines) in the Diameter dissector.
Merge the value_string tables for them from the Diameter and Radius
dissectors into epan/sminmpec.c and merge them.
Use that value_string table in the Diameter and Radius dissectors.
Constify some stuff in the Diameter dissector.
svn path=/trunk/; revision=12159
make the source files all include the corresponding header files (so
that the declarations in the headers have to match the definitions in
the source files in order for compilation to succeed).
svn path=/trunk/; revision=12116
really more of an Ethereal/Tethereal component than a libethereal
component (nothing else in libethereal knows about capture files); move
it back out of libethereal. (The range stuff doesn't; we leave it in
libethereal.)
svn path=/trunk/; revision=11898
they should ultimately be split into files with routines that handle
ranges, which are just subsets of [0,2^32), and packet ranges, which are
subsets of the packet list, possibly specified by a range.
Move them into epan, so they can be used by, for example, utilities that
handle ranges, such editcap.
svn path=/trunk/; revision=11890
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
