It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's not available at the old URL any more.
Change-Id: Id8baba5e02cf0e3227365f53a11caa054ef2c40f
Reviewed-on: https://code.wireshark.org/review/23165
Reviewed-by: Guy Harris <guy@alum.mit.edu>
color_t is 16-bit per channel, the print string assumes the usual 8-bit.
Use 8-bit per channel as per older patches proposed for bug 6682 via
color_t_to_rgb().
Change-Id: I7d71bc04e52376c0ecb598aedafa066f982de840
Ping-Bug: 6682
Reviewed-on: https://code.wireshark.org/review/23154
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some hf_ variables were "cached" in print.c to break dependency on (frame)
dissectors. They are no longer used (and check*.pl scripts found them)
Change-Id: Ib46e5f5e58da54b6d7a3f85586581507f653c55a
Reviewed-on: https://code.wireshark.org/review/22078
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Packet ranges are used only in the UI; move the packet range stuff into
libui.
Don't pass a print_args_t structure to libwireshark packet-printing
routines, just pass the few parameters they need. Move the declaration
of print_args_t into file.h.
Change-Id: Icff5991eea7d7d56f33b4716105895263d275bcf
Reviewed-on: https://code.wireshark.org/review/21308
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)
The modification in tshark -T json -x and new tshark -T jsonraw output
add into hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.
Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Modified epan/print.c to use function print_indent
Change-Id: Iefcb1e3c7813919c6af70d57a4f8a6f921595360
Reviewed-on: https://code.wireshark.org/review/20060
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For fields that contain both a value and a subtree, print the value and
then create a new item with a _tree suffix for the subtree content
Bug: 13086
Change-Id: I5a3c96bf9895d87faff3925d439bb54b73769a3e
Reviewed-on: https://code.wireshark.org/review/18663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
- reinitialize the variable used to insert comma between packets when
performing a new export
- ensure that escaped ASCII characters are code on 4 digits characters
Change-Id: Ib557da4843f6b98f793b60e417260ebb27a38b99
Ping-Bug: 13073
Reviewed-on: https://code.wireshark.org/review/18598
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This prevents tshark from crashing when run with "-T fields -e data".
I5778b08c52119b5be1ec482be9417b3c4ba8ed62 mistakenly removed this line (this
'data' is a write_field_data_t rather than the print_data structure that
change was cleaning up).
Bug: 12616
Change-Id: I773e47f12f852e19a20ec29a43eb3a0953923173
Reviewed-on: https://code.wireshark.org/review/16415
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Description:
when -T json,ed or pdml used in conjunction with -e fields they would
always miss the last field.
in case of json and ek, if some fields in the middle are empty,
the generated json would be invalid.
sample for ek:
{ "_index": "packets-2016-06-30", "_type": "pcap_file",
"_score": null, "_source":
{ "layers": { "e212.mcc": ["255","262"] "frame.time_epoch":
["1426550400.004751510"], "e212.mnc": ["1","1"] } } }
command:
tshark -T ek -r C:\a.pcap -e e212.mcc -e frame.comment
-e frame.time_epoch -e e212.mnc > C:\test.json
note:
the comma is missing between e212.mcc and frame.time_epoch
Change-Id: I2efae0c48036cf6313e2a064453c8dbc49f38b09
Reviewed-on: https://code.wireshark.org/review/16226
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
That makes failing to specify a format a compile-time error.
Change-Id: Iff0bda8be35b1e3acc97e4314657ceaff2b3d0be
Reviewed-on: https://code.wireshark.org/review/16218
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename write_fields_proto_tree() to write_specified_fields(), and make
it static. Make write_fields_proto_tree() a wrapper around
write_specified_fields() that sets the format to FORMAT_CSV. Have
write_specified_fields() fail with an assertion if fields->format isn't
one of the known formats, to catch problems such as this in the future.
Don't fill in the "data" structure if we're not going to use it.
Change-Id: I11dbf448d72ca389f0e5fb8558a41b7eecf7c9a4
Reviewed-on: https://code.wireshark.org/review/16210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some pcaps caused invalid json and ek files.
Bug: 11754
Change-Id: Id4c4d744b4d07fe4e8b6423688be1bb10a803844
Reviewed-on: https://code.wireshark.org/review/16152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ie7c55fb432b29abe689eed1968cfa30bd8e88e33
Reviewed-on: https://code.wireshark.org/review/16124
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previous patches converted all fvalue_to_string_repr calls to expect
an allocated buffer (and not a passed in one). Now changing signature
to force an allocated buffer. Added wmem in case that can be taken
advantage of within epan (and since the function signature was changing
anyway).
Change-Id: Ica1ac4a9a182ce0e73303856329e198d9d525b7b
Reviewed-on: https://code.wireshark.org/review/15343
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
MSVC compiler does not support properly setting an enum being part of a bit field.
For example the following code:
pinfo->fd->flags.encoding = PACKET_CHAR_ENC_CHAR_EBCDIC;
changes pinfo->fd->flags.encoding from 0x0 to 0xfffffffe instead of 0x1
Let's put back an unsigned int definition (like it is in master-1.12 branch) and add explicit casts where required
Bug: 11787
Change-Id: Idae0140fb6c172f1b3dbf10baefc8cfb00128f4c
Reviewed-on: https://code.wireshark.org/review/12220
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I'm not 100% sure if this is really a good idea in all cases, but at least some
people want it.
Bug: 10906
Change-Id: I26e69a683781cdc6ba1cfcd6a41458bbca7ca2c0
Reviewed-on: https://code.wireshark.org/review/9108
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Trust that the files in epan/ immediately (not dissectors) know what they're
doing so just blindly convert them to captured length.
Change-Id: I872f7d58b2e15ae82c75fd56f4873996fbc97be7
Reviewed-on: https://code.wireshark.org/review/9083
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ib3614431c3ff8f6e53fa0993e296ffea70926d03
Reviewed-on: https://code.wireshark.org/review/7911
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
the option parameter of output_fields_set_option() is always a
0-terminated string
therefore, option_value can't possibly be NULL, remove the NULL checks
if someone runs 'tshark ... -E header=', option_value is an empty
string, bail out in this case, don't parse *option_value and
*(option_value++) in the switch statements
Change-Id: I734b04aff653e8dbe990f546220595546e7503b0
Reviewed-on: https://code.wireshark.org/review/7904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I45a4cbef7cb38a851c207fbe26ff412ffc502240
Reviewed-on: https://code.wireshark.org/review/7903
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I4ec48067e9ca2cbe88e1cf2e6c9dc1e382379221
Reviewed-on: https://code.wireshark.org/review/7767
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Both clang and gcc define __GNUC__. Make sure we account for that when
defining diagnostic macros.
Use DIAG_OFF + DIAG_ON to suppress gcc -pedantic warnings about
frame_data.
Get rid of packet_char_enc casts.
Change-Id: Idbcc61bcdb35c1d20f185461c69451dcdf73bae9
Reviewed-on: https://code.wireshark.org/review/7106
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.
If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.
Get rid of empty preamble/finale routines.
For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().
For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().
capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.
Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.
Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the low-level print stream code from epan/print.c into
epan/print_stream.c, leaving the higher-level stuff in print.c
Change-Id: Iae961f168ec655a29f434257b1af0937fca9f025
Reviewed-on: https://code.wireshark.org/review/5436
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Revert gafa8c02 since it didn't work on Windows. Use a pragma to squelch
Visual C++ instead.
Qt's rich text renderer doesn't handle "'". Replace it with "'".
Remove a QDebug include.
Change-Id: I0e6308efda74a4bc0e67ce841a50a0a9b68f4a8b
Reviewed-on: https://code.wireshark.org/review/4511
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Otherwise glib throws an assertion since the array we pass it is NULL.
Change-Id: I9159c1f5ad99b280c040cd790df3cf352738601f
Reviewed-on: https://code.wireshark.org/review/2680
Reviewed-by: Evan Huus <eapache@gmail.com>
Add a routine get_ws_vcs_version_info() that, for builds from a tree
checked out from Wireshark's version control system, returns a string
that includes both the Wireshark version number and an indication of
what particular VCS version was checked out, and just returns
Wireshark's version number for other builds.
Use that routine rather than manually gluing VERSION and the Git version
number together.
("vcs", not "git", just in case we do something bizarre or mercurial
some day. :-))
Change-Id: Ie5c6dc83b9d3f56655eaef30fec3ec9916b6320d
Reviewed-on: https://code.wireshark.org/review/2529
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I24fe3cc4a3589dadc4528a77fe7ff13d06b1a983
Reviewed-on: https://code.wireshark.org/review/2245
Reviewed-by: Michael Mann <mmann78@netscape.net>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
When converting from proto_construct_match_selected_string to fvalue_to_string_repr remember proto_construct_match_selected_string includes fieldname + value, not just value
bug:10081
Change-Id: I4fc6ea7fd1f63cff410207c8b30562771af40ada
Reviewed-on: https://code.wireshark.org/review/1578
Reviewed-by: Evan Huus <eapache@gmail.com>
It's causing a few different test failures - I've tracked down at least one of them, but the others are weirder and will require more digging.
This reverts commit 9edba650d1.
Change-Id: I897f8cf1cfbb2a189b2054e5002f59757befa47f
Reviewed-on: https://code.wireshark.org/review/1575
Reviewed-by: Evan Huus <eapache@gmail.com>
Some are legitimate warnings - get_node_field_value() now returns a
value that the callers are expected to g_free(), so we'd better not
return a string constant.
Change-Id: I937254316119044691c1d9a3da8c9615763e2e5a
Reviewed-on: https://code.wireshark.org/review/1571
Reviewed-by: Guy Harris <guy@alum.mit.edu>
emem was exposed because of its memory limits trying to output PDML for a very large byte field in a capture file.
bug:10081
Change-Id: I6346dfdfb5f6381e16761a99291c4be7851185d9
Reviewed-on: https://code.wireshark.org/review/1566
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The while loop in question ends with tmp_str being NULL; the next loop
processes the same string, so you have to set tmp_str to csv_str before
looping.
Fix some comments while we're at it.
Change-Id: I69dd7dc276e0cb11226eceee7921be87e3cc7534
Reviewed-on: https://code.wireshark.org/review/352
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Changeset 1d8a895fa4 introduced the use of UTF-8 righ arrow to indicate the direction in TCP dissector.
While it displays nicely in Wireshark GUI or in a text export of packets, an export to CSV results in an escaped string.
This patch is a naive attempt to display the right arrow in a more friendly way when exporting to CSV.
Any smarter fix is welcome.
Change-Id: Ife787268696fa69dafc24a5cf9706af4c4832831