is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.
svn path=/trunk/; revision=47758
information to crash dumps and the like. (Currently, we only handle OS
X's CrashReporter, but we should do this on other platforms where this
information can be added and would be helpful.)
White space tweaks.
svn path=/trunk/; revision=47104
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
called. (cf_open() calls init_dissection() which, since r45511,
re-initializes the name resolution database.)
Complain if the user gives an invalid argument to "-W".
Specify the invalid argument if we don't like a "-z" argument.
svn path=/trunk/; revision=46238
should be used (on success, have it return 0). Exit with that exit
status; if the problem is that we couldn't get the interface list or if
there are no interfaces in that list, return 2, as that's not a
command-line syntax error.
svn path=/trunk/; revision=46108
Friendly Names for interfaces on Windows
Notes on the changes the patch covers:
* if_info_t struct: addition of friendly_name
* Dumpcap Interface list format changes:
+ Win32: "dumpcap -D" shows friendly_name in place of descript if known
+ All: machine interface "dumpcap -D -Z none" includes friendly_name in the
list in addition to the existing parameters
* interface_options struct: addition of console_display_name
+ When an interface name is displayed in a console, it will typically be the
console_display_name (instead of name).
+ console_display_name is used as the basis of the autogenerated temp
filenames
+ console_display_name is typically set to the friendly_name if known,
otherwise it is set to the interface name
* Enhancements to capture_opts_add_iface_opt() (the function which process -i
options).
+ Can now specify the interface using its name and friendly_name
+ Interface name matching is case insenstive
+ Name matching first attempts exact matching, then falls back to prefix
matching
(e.g. dumpcap -i local)
+ Validates interface names, instead of blindly sending them off to
winpcap/libpcap
+ Interface specification by number is still supported.
* capture_opts_trim_iface() has been refactored:
+ Instead of repeating a decent chunk of the cost in
capture_opts_add_iface_opt(), it calls capture_opts_trim_iface() to specify the
interface.
* introduction of capture_win_ifnames.[ch] (windows only code)
+ Implements static function GetInterfaceFriendlyNameFromDeviceGuid() - a
windows version independant function to convert an interface guid into its
friendly name. Uses published api functions on windows vista and higher, but
falls back to unpublished API functions on older windows releases.
+ void get_windows_interface_friendlyname(/* IN */ char
*interface_devicename, /* OUT */char **interface_friendlyname); - extracts the
GUID from the interface_devicename, then uses
GetInterfaceFriendlyNameFromDeviceGuid() to do the resolution
* Auto temp filename generation:
+ Now uses wireshark_pcapng_* or wireshark_pcap_* depending on file format
+ Basis temp filename format on console_display_name
+ Win32: if console_display_name is a windows interface guid, extracts
numbers from GUID here (instead of in interface option processing)
GUI CHANGES:
* Dialog that displays when you click the "Manage Interfaces" button (within
Capture Options dialog) has been renamed from "Add new interfaces" to
"Interface Management"
* ui/gtk/capture_dlg.c: new_interfaces_w variable renamed to
interface_management_w
* Win32: Local Interfaces tab on Interface Management dialog, shows includes
friendly name as far left column
* Interface Management dialog defaults to larger size on win32 - so it fits
without resizing local interfaces tab
* Interface Management dialog now saves preferences when you click the apply
button (local hidden interfaces was not persisting across restarts)
* Tweaks: "Interface Details" dialog (Interface list->Capture Interfaces ->
Details):
+ "Friendly Name" renamed to "NDIS Friendly Name"
+ Added "OS Friendly Name" to the top of the list
* Win32: The "Capture Interfaces" dialog now shows the friendly name instead of
device guid
* Welcome screen:
+ The height of the interface list scrollbox dynamically adjusts & updates to
the number visible interfaces.
Up to 10 interfaces can be listed without a scroll bar, the minimum height
is for 2 interfaces.
+ Win32: now shows just the Friendly Name if known - in place of
"Interfacename_Guid:(Description)"
svn path=/trunk/; revision=46083
printed when either -T is not specified or "-T text" or "-T ps" is selected.
2) Allow for packet hex/ascii to be printed without necessarily requiring that
either packet summary or packet details also be printed. This just means that
if you want packet summary information, use "-Px" instead of just "-x".
3) Fix bug with order of evaluation of -V and "-T psml".
4) If a packet separator is specified, always use it regardless of the -PVx
options chosen.
5) Don't print 2 lines of separation between packets when only printing
hex/ascii. Print 1 line of separation as in all other cases.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7782 plus other misc. enhancements.
svn path=/trunk/; revision=45715
packet_range_init(). Get rid of global cfile references in
packet-range.c. C++-ize packet-range.h. Shuffle some includes around.
svn path=/trunk/; revision=45333
host_name_lookup_process(). If, in the future, we find that we need an
argument for changes we're making, we can add it then.
svn path=/trunk/; revision=45269
This commit reduces size (from 144B to 128B on AMD64) of frame_data structure.
Part of bug 5821: Reduce per-packet memory requirements.
svn path=/trunk/; revision=45071
Remove * from gconstpointers, they are already pointer types.
Add modelines to packet.c and clean up indentation a bit.
svn path=/trunk/; revision=44698
a protocol tree in process_packet_first_pass(). Otherwise we crash with
ERROR:dfvm.c:434:dfvm_apply: assertion failed: (tree)
svn path=/trunk/; revision=43420
"unsaved_changes", and have it be TRUE iff changes have been made to the
file since it was read - *not* if it's a temporary file from a live
capture.
Check the "is_tempfile" member, and the "unsaved_changes" member, when
appropriate.
Just have a set_toolbar_for_capture_file() routine that updates the
"save", "close", and "reload" toolbar as appropriate, given a
capture_file structure - absorb the function of
set_toolbar_for_unsaved_capture_file() into it.
svn path=/trunk/; revision=42721
The problem was that when reading a .pcap file, we don't have any IDBs.
If reqested to write out an pcapng file, we (now) build a dummy IDB which
uses the file's encapsulation as the interface encapsulation. Therefore
it can't be per=packet.
We need to fix this by using wtap_dump_open_ng()...
svn path=/trunk/; revision=41122
the details of what in particular is unsupported; report it in TShark
and Wireshark.
Handle WTAP_ERR_RANDOM_OPEN_PIPE in TShark.
Handle WTAP_ERR_COMPRESSION_NOT_SUPPORTED in TShark, and have its error
message in Wireshark not speak of gzip, in case we support compressed
output in other formats in the future.
If we see a second section header block in a pcap-NG file, don't report
it as "the file is corrupted", report it as "the file uses a feature we
don't support", as that's the case - and don't free up the interface
data array, as the file remains open, and Wireshark might still try to
access the packets we were able to read.
svn path=/trunk/; revision=41041
sent to the standard output if "-w" is specified because, when you
capture, you can capture with the output directed to the standard
output, and dumping some text crap to the standard output will corrupt
your capture file.
svn path=/trunk/; revision=40966
Went through all stderr cases within tshark trying to make tshark "quieter". I
basically ended up agreeing with the submitted in terms of what should be
switched to stdout from stderr. The attached patch does that.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2881
svn path=/trunk/; revision=40862
test scripts are passed.
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40715
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40693
it wasn't, whether it matters; that way you can still capture from a
pipe (named or "-" for standard input) even if you don't have WinPcap.
svn path=/trunk/; revision=40336
and capture_interface_list(). Return it if, on Windows, we ask for the
interface list but don't have WinPcap installed. Handle it like
CANT_GET_INTERFACE_LIST.
svn path=/trunk/; revision=40334
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
getopt() can/should normally be found in unistd.h, so:
- When testing for getopt(), define that we HAVE_GETOPT instead of
HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)
If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.
svn path=/trunk/; revision=38437
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
Added ability to display UTC time or UTC time with date. I liked having the
difference between UTC and local time, not just setting local=UTC.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629
svn path=/trunk/; revision=37898
is mainly an attempt to fix the currently-broken "test.sh" step on the
XP buildbot. If this causes too many problems we might want to have
suite-capture.sh:capture_step_snapshot pass "-P" to dumpcap instead.
svn path=/trunk/; revision=37736
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
Add a new tap flag to indicate that a tap listener is just a "dissector helper",
that is, a tap which is used by a dissector to help it do its dissection but
does not, itself, require dissection.
Use this new flag in the dissectors which register taps.
Remove the (now-unused) have_tap_listeners() function.
svn path=/trunk/; revision=37069
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
Global profiles can be installed in a "profiles" directory in the
Global configuration directory, and a global profile will be copied
to the users profiles on first time usage.
svn path=/trunk/; revision=36077
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
libwireshark into libwireshark, and call it only in programs linked with
libwireshark. That way, programs that don't link with libwireshark
don't have to link with libgcrypt or libgnutls solely so that they can
say that they're linked with a particular version of libgcrypt or
libgnutls.
Don't link dumpcap with libgcrypt or libgnutls any more.
svn path=/trunk/; revision=33531
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
The attached patch simply documents a long supported but hidden tshark -G
option.
Tshark's print_usage() has been augmented as well as the tshark man page.
svn path=/trunk/; revision=33253
taps, etc., so we at least print the statistics for the packets we
*could* read.
Also, if we're printing packet data, and the standard output and
standard error are going to the same place, before printing the error
message for that error, flush the standard output and print a newline to
the standard error, so the error appears after all the packet data, and
has a newline separating it from the packet data.
This fixes bug 4845.
svn path=/trunk/; revision=33124
back out the change to check its return value until we fix that.
Also back out the test suite changes to look for an error exit for
invalid capture filters and interfaces.
svn path=/trunk/; revision=33029
Return 2 for a capture error - we mainly use 1 for command-line syntax
errors (rather than, say, filter syntax errors or an invalid interface).
Now that TShark exits with an error status when given an invalid capture
filter or invalid interface, check for "error" rather than "success" as
an exit status.
svn path=/trunk/; revision=33006
is just an indication that the capture child exited; don't treat it as
an error, unless the child process exits with an abnormal status.
As tshark sends a "stop capture" indication to the child when it's
^C'ed, the child will exit and we'll get an EOF from the capture pipe;
don't make SIGINT etc. interrupt system calls, so they don't cause reads
from the capture pipe to get EINTR errors.
svn path=/trunk/; revision=32986
interface statistics, have its error messages come out as sync-pipe
errors, have it send a sync-pipe "success" message on success, and have
the callers get that message and display it.
svn path=/trunk/; revision=32843
build without libpcap, to make sure that works, and then do a build with
libpcap, to put into a binary release. It's the former that's failing;
I'll back out the previous change and then work on that.
svn path=/trunk/; revision=32801
if_capabilities_t - it doesn't fail on Snow Leopard, even if I undefine
HAVE_PCAP_CREATE, and doesn't fail on the Leopard PPC buildbot, either.
svn path=/trunk/; revision=32799
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
the code to print the machine-readable format into dumpcap, and have the
code in capture_opts.c just print the human-readable format.
svn path=/trunk/; revision=32714
standard error and, in Wireshark on Windows, create a console if
necessary. Have the cmdarg_err routines use them.
Use *fprintf_stderr() to print the output of -L, rather than using
cmdarg_err_cont(), so that we don't get extra newlines in the output (it
should look similar to the output of tcpdump).
svn path=/trunk/; revision=32711
interface by running dumpcap, so that if you need privileges to open an
interface, and dumpcap has those privileges, neither TShark nor
Wireshark need them.
svn path=/trunk/; revision=32710
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
If the user specifies -V or -x, turn on print_packet_info (-S) so they actually
get some output in case we're also writing to a file.
svn path=/trunk/; revision=32486
Note: This is a behavior change:
Given the default value for the console_log_level preference
tshark will now show ERROR, CRITICAL and WARNING level log messages.
Prior to this change tshark was hardwired to show only
ERROR and CRITICAL level messages.
Time will tell whether this change results in too much noise
in tshark output.
svn path=/trunk/; revision=29328
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
the right thing in Wireshark and TShark, as both of them call
epan_init() to set the appropriate "report an error" function.
That obviates the need to have TShark have its own private version of
simple_dialog().
Have cmdarg_err() just call failure_message() instead of duplicating the
code in failure_message().
svn path=/trunk/; revision=25201
proto.[hc]
define new APIs to allow delayed registration of protocol fields,
so that dissectors with "flexible" fields like xml, radius, diameter,
snmp do not have to load their files at startup but can do so as late as possible.
gtk/dfilter_expr_dlg.c :
have the expression dialog registering all prefixes so that all fileds appear in the dialog
tshark.c
register all prefixes when called with -G
epan/radius_dict.l
epan/dissectors/packet-radius.c
epan/dissectors/packet-radius.h
refactor registration to delay dictionary loading as long as possible
svn path=/trunk/; revision=24762
used within a display filter.
(the usefullness of "frame.time_delta_displayed" in a display filter is very limited
since it bites it's own tail. Still, wireshark and tshark should at least show the
same behaviour)
svn path=/trunk/; revision=24708
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
The attached patch makes the Statistics -> RTP -> Show All Streams feature of
wireshark accessible via tshark.
I found it helpful in dealing with tons of RTP captures.
svn path=/trunk/; revision=24252
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
that we can find out what the signal action for SIGHUP is without
changing it).
That renders report_counts() safe to use at the end of a capture; do so.
Clean up indentation.
svn path=/trunk/; revision=23256
We can simply block waiting for input from the child process because we are
in a CLI that does not need to worry about updating a GUI while we're waiting
for packets and so forth.
Before I realized that I wrote a working (for me) method using select() that
I've left in for now (#ifdef'd out).
svn path=/trunk/; revision=22999
rewrite the tshark capture code almost completely, to use dumpcap instead of it's own pcap functionality.
This works on Win32 and should work on unix/linux (but I'm not sure here). Some stuff needs to be cleaned up, some more may need to be rewritten to specifically work with unix/win32. Futher work needs to be done at:
1. read filters (simply document current behaviour?)
2. event loop polling
3. privileges
4. code cleanup (e.g. in capture_loop.c)
Be prepared that tshark might not work as before / expected at least in the next days!
svn path=/trunk/; revision=22969
fetch the major OS version. If we're running Windows >= 6 (Vista)
_and_ npf.sys isn't running, warn the user in Wireshark and TShark.
Add a recent prefs item to disable the warning in Wireshark.
svn path=/trunk/; revision=22877
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
Try to call get_interface_descriptive_name() as little as possible (storing
the result in capture_opts) to avoid a performance hit during live capture
(especially if you have lots of interfaces) and to avoid leaking memory.
One issue with this is that capture_opts.c cannot (without adding significant
dependencies) set the iface_descr so readers of that field (only gtk/main.c
and tshark.c) use a macro to (set if not already set and) get the value of
that field.
svn path=/trunk/; revision=22587
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
it's a pointer to an arbitrary object, assumed to be correctly aligned,
not a pointer to a not-necessarily-properly-aligned array of bytes.
Cast it, so we won't get alignment warnings.
svn path=/trunk/; revision=21940
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set and, if so and we weren't run
with special privileges, set the running_in_build_directory_flag. Have
it do the same if it finds ".libs" in the pathname of the program and we
weren't run with special privileges, as that means it was probably run
from the libtool wrapper script and presumably thus isn't an installed
binary.
This means that get_credential_info() has to be called before
init_progfile_dir().
Clean up some indentation.
svn path=/trunk/; revision=21866
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
svn path=/trunk/; revision=21211
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1289
Rename 'svnversion' to 'wireshark_svnversion' to resolve a symbol conflict with
GTK 2.10.6 (hmm, shouldn't GTK not be exporting that symbol or at least naming
it so as to prevent such collisions? Well, so should we, so...)
From Andreas Fink: change #ifdef for size_t in airdcap_interop.h to fix
compile on MacOS X.
svn path=/trunk/; revision=20726
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
Gerald Combs