| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
packet dissection, they're specific to the entire Wireshark suite of
programs.
svn path=/trunk/; revision=53377
|
|
svn path=/trunk/; revision=53230
|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
|
|
configured columns. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317
#BACKPORT(1.10,1.8)
svn path=/trunk/; revision=52838
|
|
svn path=/trunk/; revision=52709
|
|
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
|
|
memcpy().
svn path=/trunk/; revision=52625
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9258 :
After calling wtap_close(), set the wth to NULL so we don't try to close it
again later. (The core only happens when tshark isn't keeping up with dumpcap's
file rotation.)
Wireshark still has a problem but it's a different one.
svn path=/trunk/; revision=52493
|
|
application filters" created in r52462.
svn path=/trunk/; revision=52474
|
|
svn path=/trunk/; revision=51747
|
|
thing as the display filter (-Y) in that case except with more confusing
semantics.
This also lets us fix -c in the single-pass case to unconditionally count
packets. This isn't the old behaviour (which counted them only if they passed
the read filter) but is more consistent with two-pass mode where they are
counted even if they pass the display filter, since they are counted on the
first pass and the display filter is applied on the second pass.
Anyone who wants to use -c to limit packet count conditionally on them passing a
filter should use it in tandem with -2 and -R: the read filter is applied on the
first pass before the count.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9048
svn path=/trunk/; revision=51556
|
|
svn path=/trunk/; revision=51488
|
|
svn path=/trunk/; revision=51461
|
|
The limits are enforced during the first pass, and frames that get dropped from
the first pass for this reason aren't available to the second pass at all, so
checking again is redundant.
svn path=/trunk/; revision=51460
|
|
enough cowbell^wconst; throw in a comment to squelch warnings.
svn path=/trunk/; revision=51351
|
|
Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases
causing problems for wmem_leave_file_scope() - remove that XXX comment and add
back the assertion.
Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense
there. init_dissection is only called from epan_new, so cleanup_dissection
should only be called from epan_free.
Add one missing epan_free call to tshark revealed by the above changes.
svn path=/trunk/; revision=51342
|
|
packet information to a terminal (which we assume is the same terminal
as the one to which the packet counts are being printed), as they get in
the way of each other.
Don't print it if we're sending the standard error to a terminal, or if
-q is specified, either.
Put all the setting of print_packet_counts together; it looks as if the
default value of print_packet_counts may have been changed to TRUE and
the code to handle -q wasn't changed to set it to FALSE if -q was
specified rather than setting it to TRUE if it wasn't specified.
svn path=/trunk/; revision=51227
|
|
as long options, and thus identified with numbers rather than option
letters as the return value of getopt_long(), we now have to include
capture_opts.h even if we're *not* building with libpcap, to provide
#defines for those numbers.
svn path=/trunk/; revision=51115
|
|
include capture_opts.h
svn path=/trunk/; revision=51099
|
|
handle error cases in tshark
svn path=/trunk/; revision=51094
|
|
make it clear that a capture comment can only be added when we
create a new file
svn path=/trunk/; revision=51091
|
|
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
|
|
make sure that getopt() does not permute tshark's argv[] array
svn path=/trunk/; revision=51089
|
|
svn path=/trunk/; revision=51087
|
|
if a capture file is read, do all corresponding checks in one place
svn path=/trunk/; revision=51086
|
|
svn path=/trunk/; revision=50858
|
|
svn path=/trunk/; revision=50794
|
|
svn path=/trunk/; revision=50772
|
|
timestamp of given frame.
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
|
|
- make init_dissection/cleanup_dissection private for libwireshark
- implement epan_new(), epan_free()
- pass epan_t to epan_dissect*
svn path=/trunk/; revision=50761
|
|
svn path=/trunk/; revision=50526
|
|
svn path=/trunk/; revision=50521
|
|
implement frame_tvbuff, right now almost a copy of 'real' tvb.
svn path=/trunk/; revision=50497
|
|
This patch augments Wireshark's and tshark's augument usage reports (-? and
-t?) and the Wireshark and tshark man pages to list all available timestamp
options available for the -t option.
svn path=/trunk/; revision=50445
|
|
Correctly calculate delta-displayed time when using two-pass dissection with a
display filter.
svn path=/trunk/; revision=50397
|
|
capture_sync stuff
... as per the XXX comment removed from tshark.c this was a mess to keep the linker
happy... I couldn't!
I did this without even understanding whether calling main_window_update was realy
necessary in most cases. I guess nothing or more specific update cbs would be best.
svn path=/trunk/; revision=50188
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
for packets to be read from the original pcap file, possibly filtered, then sent to stdout and piped to either tshark or wireshark, which can then read those filtered packets from stdin. Patch submitted by me in bug 2868, although it doesn't actually fix that bug.
#BACKPORT(1.10)
svn path=/trunk/; revision=49780
|
|
If we're not doing dissection (in 2-pass mode) then don't try to mark frames
as depended upon: in that case epan has not been initialized so we shouldn't
be looking in the edt (and anyway without dissection there won't be any
dependent frames).
(I'm not convinced there's any reason to run 2-pass mode without dissection,
however...)
svn path=/trunk/; revision=49554
|
|
svn path=/trunk/; revision=49519
|
|
capture_sync.c, not from capture.c, so they should be declared in
capture_sync.h, so callers that use the capture_sync.c stuff but not the
capture.c stuff - such as TShark - get the declarations and get their
implementations compared with the signatures that they should have.
Doing so points out that some of them in TShark *don't*, so fix that.
svn path=/trunk/; revision=49517
|
|
svn path=/trunk/; revision=49501
|
|
it into a separate capture_session structure. capture_opts should
contain only user-specified option information (and stuff directly
derived from it, such as the "capturing from a pipe" flag).
svn path=/trunk/; revision=49493
|
|
capture_opts_default_iface_if_necessary(), to reflect what it actually
does.
svn path=/trunk/; revision=49491
|
|
than the standard error.
In Wireshark on Windows, create a console before doing so and destroy it
before exiting. Don't do that in TShark or dumpcap, as those are
console-mode programs on Windows.
This should fix bug 8609 and still allow "wireshark -D" and "wireshark
-L" to work when the standard output isn't redirected.
svn path=/trunk/; revision=49025
|
|
See: http://www.wireshark.org/lists/wireshark-dev/201304/msg00015.html
svn path=/trunk/; revision=48753
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8223
Mention the new -Y flag and associated changes in the release notes.
svn path=/trunk/; revision=48654
|
|
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
|
|
remove C++ incompatibilities
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416 attachment #10397
svn path=/trunk/; revision=48438
|
