lets us pass a NULL pinfo to expert_add_info_format() and
expert_add_undecoded_item(), which makes it possible to use those
routines deep in the bowels of many dissectors. As a proof of concept
remove the recent pinfo additions to packet-afp.c. This should also make
it easier to fix bug 3884.
svn path=/trunk/; revision=44435
proto_tree_add_item() calls.
Add new "add_packet_field" method to the TreeItem class, taking a
protocol field (*not* a protocol), TvbRange, and encoding value as
arguments.
Add the ENC_ values to init.lua. Make them all hex #defines so
make-init-lua.pl can easily extract them.
Export tvb_unicode_strsize() for use by Lua (and elsewhere as desired).
Note that it handles UTF-16 and UTF-8, and fix the comment to note that
its count of hexadectets *does* include the null terminator (that's what
the code does).
svn path=/trunk/; revision=42621
same, and that the routines to get "Unicode" strings are really doing
UCS-2 (and not doing anything about code values that aren't valid in
UCS-2 strings).
Have tvb_get_ephemeral_string_enc() separate cases for ASCII and UTF-8,
even though they're *currently* treated the same.
For FT_UINT_STRING, treat an encoding value of TRUE as meaning
"little-endian ASCII"; pass all other encodings through to
tvb_get_ephemeral_string_enc().
svn path=/trunk/; revision=42592
removes a potential buffer overflow and should fix a bunch of Coverity
errors mentioned in bug 6878.
We might want to do the same for no_of_bits.
svn path=/trunk/; revision=41945
The attached patches add the ability to dissect split bit-strings as discussed under bug 6797.
proto_tree_add_split_bits_ret_val()
proto_tree_add_split_bits_crumb()
svn path=/trunk/; revision=41246
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
tvb_get_ephemeral_string() but takes an ENC_ value for the character
encoding. Use it in the MQ dissector to fetch strings to put, for
example, into the Info column, so we properly handle EBCDIC strings
there.
svn path=/trunk/; revision=37876
values, and use them in the MQ dissector, so EBCDIC strings are
displayed as such.
Fix up some other final arguments to proto_tree_add_item().
svn path=/trunk/; revision=37872
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
Rename g_gnuc_malloc.h to g_gnuc.h (since it contains non-malloc related
GNUC stuff).
Use G_GNUC_WARN_UNUSED_RESULT from glib instead of using warn_unused_result
directly.
svn path=/trunk/; revision=36825
return value of proto_item_add_subtree() is used.
(The WARN_IF_UNUSED macro doesn't belong here... But where should it go?)
svn path=/trunk/; revision=36812
orthogonal to the byte order.
This means that we can't just test for a non-zero encoding to determine
whether the format is big-endian or little-endian when we set the
field's endianness flag; instead, for the types where we accept any
non-zero value as meaning "litle-endian", map it to ENC_LITTLE_ENDIAN.
When we use ENC_TIME_NTP, OR in the byte order flag. While we're at it,
in the dissectors that used ENC_TIME_NTP, update all the other encoding
items in proto_tree_add_item() calls to use the appropriate ENC_ value.
svn path=/trunk/; revision=35841
an encoding of ENC_TIME_NTP.
This increases the number of decimal places shown for NTP times (from 6 to 9),
so round the value to the nearest microsecond. (I can't tell if NTP times are
ever more precise than a microsecond--this rounding is mainly to be closer to
the old behavior.)
Use proto_tree_add_item() for some NTP times.
svn path=/trunk/; revision=35840
The event info values were (mostly) done as though they were flags rather than values, but as it doesn't really make sense to combine events I changed them to use contiguous values. They now use the 8 m.s. bits, so there are now 9 unused bits available for new uses.
svn path=/trunk/; revision=32945
"representation" - we already use "representation" to refer to the text
representation of fields.
Change some routines with an endianness argument to make it a
representation argument instead;
svn path=/trunk/; revision=32929
from which to choose; use that for protocol fields in some protocols
(modify the CORBA generator to use it, and manually update the generated
CORBA dissectors accordingly).
svn path=/trunk/; revision=32777
proto_tree_add_item() and field definitions, and for current use if
somebody finds it more self-documenting (some dissectors already have
their own #defines for that purpose).
svn path=/trunk/; revision=32775
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
a mask to select the base_display_e value from a display field in a
header_field_info structure.
Never select that value by masking out the BASE_RANGE_STRING flag bit,
as that won't continue to work if more flag bits, or other bitfields,
are added. Instead, mask with BASE_DISPLAY_E_MASK.
Note that the base_display_e value and BASE_RANGE_STRING flag are only
for integral field types, and clarify what BASE_DISPLAY_E_MASK is.
Give at least one of the reasons why hiding protocol fields is not
considered a good idea.
svn path=/trunk/; revision=31249
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
This patch optimizes proto_tree_prime_hfid() + friends and
plugs a memleak in the process.
From me:
Removed unused hfindex in proto_tree_new_item()
Fixed ref_count entry in struct header_field_info.
svn path=/trunk/; revision=29137
Currently, if you call proto_tree_free on anything other than the root node of a tree
the tree will get left in an inconsistent state. This is because the parent is left pointing
to the newly freed child.
The traversal code is updated, the parent node update is currently disabled since
freeing is done for the complete tree only at this time, so there is no need to keep
the parent node consistent.
svn path=/trunk/; revision=26466
This patch implements a function for dissecting bitfields with better control
over the resulting representation than the existing proto_tree_add_bitmask()
routine. This function will be used by reworked IPMI/ATCA dissector (bug 2048).
The function is described in README.developer. In short, the differences are as
follows:
- The new function does not require a hf_XXX field for the whole bitmask. When
the bitmask includes several unrelated fields, such hf_XXX field does not make
sense.
- The new function allows better control over the way the sub-item descriptions
are added to the top-level item. For example, proto_tree_add_bitmask() function
does not add non-enumerated integers, does not use true_false_string to display
boolean.
- The new function allows to specify "fallback" text for the top-level item
which is used if no items were added to the top-level item.
svn path=/trunk/; revision=25920
proto.[hc]
define new APIs to allow delayed registration of protocol fields,
so that dissectors with "flexible" fields like xml, radius, diameter,
snmp do not have to load their files at startup but can do so as late as possible.
gtk/dfilter_expr_dlg.c :
have the expression dialog registering all prefixes so that all fileds appear in the dialog
tshark.c
register all prefixes when called with -G
epan/radius_dict.l
epan/dissectors/packet-radius.c
epan/dissectors/packet-radius.h
refactor registration to delay dictionary loading as long as possible
svn path=/trunk/; revision=24762
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
Shuffle the expert severities down, and note that we have only 8 bits
available for FI_ flags unless you shrink the set of event groups and
shuffle them and the expert severities up.
svn path=/trunk/; revision=23731
Move the expert information bits to the top of that field, to avoid
collisions (we had a collision with the 0x00000004 bit).
svn path=/trunk/; revision=23726
packets in the Packet Details View.
This "appendix" bytes are not copied with the Copy functions or in the
Export Selected Packet Bytes.
svn path=/trunk/; revision=22887
Jakub Zawadzki