Age | Commit message (Collapse) | Author | Files | Lines |
|
Add field expression functions to convert unsigned integer
and char fields to hex or decimal. (BASE_OCT is handled
somewhat different currently now, presumably because it
can't be used in filters, so leave that commented until
it is handled as a display representation.)
Currently string() always converts unsigned integers to their
decimal representation so it is the same as dec(), but possibly in
the future string() might use the native base.
These can be used in columns thanks to the fix for #15990
Fix #5308
|
|
|
|
Escape sequences either need \\ or raw strings, even in
docstrings.
|
|
Allow anything that can be used in a display filter to be used in
columns (with the exception that field references don't work without
a notion of a currently selected frame): display filter functions,
slices, arithmetic calculations, logical tests, raw byte addressing,
the layer modifier, display filter macros, etc., alone or in
combination.
Show the results and generate filters. Note that "resolved" values are
not yet supported. They make conceptual sense for some expressions
(e.g., if the layer modifier only is used) but not for others.
Perhaps resolution could be done as a final step in the filter before
returning values.
It would also be useful to be able to get the expected return type
of an expression, so that the functions for right justifying a column
or sorting numerically could work. Right now the results are treated
as strings even if the return field values are numeric.
Multifield columns (i.e., concatenation of field values) are currently
implemented using the OR operator.For backwards compability, continue to
support that. When a true logical OR would give a different result,
surround the expression in parentheses, which the multifield columns did
not previously support (due to the regex used instead of full filter
grammar parsing.)
Perhaps in the future we should introduce a separate operator for
concatenation, possibly only used in column definitions and nowhere
else.
Update release notes.
Fix #7752. Fix #10154. Fix #15990. Fix #18588. Fix #19076.
Related to #16181 - it's now possibly to define new display filter
functions so that is essentially solved, though I suppose there's
always room for more built-in functions.
|
|
|
|
Add an opaque public type for stats_tree configurations. Get rid of
stats_tree_register_with_group and add stats_tree_set_group. Add
stats_tree_set_first_column_name. Convert some documentation to doxygen.
|
|
Change some instances of "packet" to "event" in Logray's menu items.
Remove "Export Objects" and "Export PDUs" and associated code. Remove
the packet diagram menu items and associated code. Remove the "Decode
as" menu items and associated code.
Use "Selected" instead of the parenthetical plural "Packet(s)" for
marking and ignoring. Remove an attempt at plural translation which
apparently doesn't work if we don't have a "%n" in the translation
string.
|
|
When showing the follow data as text (ASCII, UTF-8, EBCDIC, etc), add a
newline at each turn. Add the ability to show delta times between
packets and turns. Add a recent setting for delta times.
Make the initial dialog a bit wider.
Save and restore our scoll position when reading a stream.
Manually connect our signals and slots. Fix some clazy warnings.
|
|
[skip ci]
|
|
Define VCS_NUM_COMMITS and VCS_COMMIT_ID in vcs_version.h. Use them to
return the Logray version in get_lr_vcs_version_info and use that where
appropriate. Rename VCSVERSION to VCS_VERSION.
|
|
For file sets produced by multiple file captures, match both
the number before time and the newer time before number format.
Distinguish them in the return value, since files of different
formats are not part of the same set.
Also handle files with a compression suffix as well, as we can
produce that in captures. Since in multi file captures compression
is done when switching files, allow file sets to have a mixture of files
compressed and uncompressed. When doing a multi file capture and
compressing, the last file is not compressed.
Add information to the user guide and release notes
Related to #12371
|
|
Expand `tshark -G dissector-tables` to also list heuristic dissector
tables. Parallels the output for standard dissector tables with the
following changes:
* Field 3 (ftenum type) is shown as "heuristic"
* Field 4 (base) is omitted, as it always was for non-integer dissector
tables
* Field 6 (decode as) is omitted, since heuristic tables can't be used
with "decode as"
Update the tshark man page to reflect this change. Also clarify that the
first field output from `-G heuristic-decodes` is the heuristic table
name.
Implementation detail: heuristic dissector tables are listed after all
other dissector tables, since they are stored in a separate structure
from the other tables. This results in simpler code than attempting to
commingle the entries for both types in strict alphabetical order.
Add descriptive table name
|
|
Instead of requiring ${macro:arg1;...;argN}, allow the format
${macro;arg1;...;argN}.
The semicolon isn't used anywhere else, it's simple to support,
and already used in the macro syntax. It's easier to remember
if all the separators in a macro are the same.
The colon is allowed in literals, which is why it's not used
between the arguments in the macro argument list, and allowing
it after the name makes the grammar more complicated, including
tokenizing when having pop-ups of potential field matches in
the display filter line edit (#19499.)
Update the documentation for this. Also edit the documentation
for macro syntax in a few places where it implies that whitespace
in macro arguments would be ignored; in fact, it's significant.
|
|
Show truncated fields as "Field name […]: data" instead of "Field name
[truncated]: data". This lets us show a few more characters of data.
|
|
|
|
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
Add a Service Response Time table for PFCP, similar to that
for GTPv2. Update the tshark docs to mention it.
|
|
We've been planning on removing -G with no argument for
18 years (2f7fd680e20345bbda6731cd041ee9ed0a04690f); start
warning users that it is deprecated.
Single letter options with optional arguments are tricky and
deprecated, see Guideline 12 of the POSIX Utility Syntax Guidelines.
( https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html )
We have special handling for -G as a result which forces it to the
first argument. -G with no argument can't be mixed with other options,
unlike the other reports. Removing this would allow relaxation of that
restriction.
Related to #17924
|
|
Also make it a bit more apparent that the -C option to select the
configuration profile affects (some of) the reports.
[skip ci]
Part of #17924
|
|
|
|
|
|
Add a minimum and maximum API level. Backward-compatible changes to
the API only bump the maximum API level. Backward incompatible
changes bump the maximum API level and the mininum, to the
new (maximum) level.
This may allow codec plugins to continue working without recompilation,
possibly with reduced functionality.
The API level is only defined for codecs because it is a small
and easy to define API, and very stable.
Maybe we could do the same for wiretap (file type) plugins. For the
various epan plugin types it seems pointless and futile. I cannot
see a scenario where a new Wireshark minor release does not increase
the minimum API level.
|
|
Remove the major.minor version from the plugin path, i.e:
lib/plugins/X.Y/{epan,wiretap,codecs}
and use an unversioned path:
lib/plugins/{epan,wiretap,codecs}
Introduce a new naming policy for plugins that requires
name.so.ABI_VERSION.
This is a simplified filesystem layoutfor plugins some
important benefits such as:
* improves compatibility between Wireshark versions, because
a plugin that wasn't recompiled will be automatically picked
up, but only if it has a compatible ABI version in the file name.
* does not clash with Apple guidelines
* simpler for users to understand and apply
* just overall simpler and easier to maintain, removes a lot
of complexity from CMake code
It does impose more requirements on the plugin naming scheme
but this should be handled completely transparently
by the build system.
It would also be possible to add support for unversioned *.so file
extensions at the same time, although in ths case it is not possible
to support multiple Wireshark ABI versions with only *.so, of course.
This wasn't done here but it may or may not be a useful enhancement
in the future.
Follow-up to 90b16b40921b737aadf9186685d866fd80e37ee6.
|
|
In general user customization should take higher priority
over system defaults. Do that here. This allows the user
to replace system plugins without much hassle.
We load the personal plugin folder first and lower the report
for a plugin found in multiple folders to a console log message
with log level "message" (so by default it will be displayed).
|
|
|
|
Add an option to the tools menu to copy a binary plugin file
(a .dll or .so) to the personal plugin folder.
This avoids the user having to create the paths manually and
knowning a lot of relatively unimportant details about where and
how Wireshark loads binary plugins.
It will also try to validate the plugin and do some sanity checks to
ensure the ABI is compatible.
|
|
|
|
|
|
This removes the license check introduce with commit 90b16b4092.
After discussion and criticism received on the mailing list
I now think this license requirement is too permissive on
one hand about GPL compatibility and on the other it can be
a significant inconvenience for users who do not wish to distribute
the modified work, and so in its current form the change did
not advance the project's goals or GPL compliance.
|
|
Create a derived class for the TableViews to make it easier
to create the context menus.
Enable copying and saving only selected rows
Add release notes
Related to #16419
|
|
|
|
Remove the boilerplate and multiple symbols required
to write and load a plugin and use a simpler
interface that is also much more featureful and
extensible.
This removes the major.minor ABI check in favor of an
ABI version number that is simpler and more flexible.
In practice our 3 separate ABI versions still increase
with each major.minor version number but this may change
in the future, particularly for codecs that have a much
narrower and stable codec API.
There is a new license compatibility check. Plugins
must declare if the use GPLv2 or later, or alternatively
an FSF compliant GPLv2 compatible license. Otherwise
Wireshark refuses to load the plugin. The SPDX ID is
just an ancillary field and not enforced currently.
Adds more metadata fields during plugin registration.
These are only used for display and debugging.
There is an extra API level number in the registration API
that is reserved for future use.
|
|
Instead of calling dumpcap separately for each interface in
the list, make one dumpcap call.
There's still two calls, one to get the list of interfaces and
one to get the capabilities, which is partly because interfaces
that support monitor mode can indicate support for different
link-layer types depending on whether monitor mode is enabled,
and we have to check per-interface preferences for the name to
see if we want monitor mode.
This roughly doubles the speed to add interfaces at startup
in my testing on Windows and Linux, and should massively
reduce the number of UAC pop-ups when npcap is installed with
restrictions to administrative access.
Fix #16191. Related to #15082 (it improves the number of UACs,
but perhaps they could be reduced even further by having dumpcap
stay open for all the calls in the life of the program.)
|
|
Manual revert of commit 0e82c6b4b8ed18ef1878446dd26d6345be2d2c2b.
Fixes #19493.
|
|
[skip ci]
|
|
Add dissector for EGNOS Message Server (EMS) files including entries
with EGNOS SBAS navigation messages.
|
|
Add a wiretap implementation for EGNOS Message Server (EMS) files.
|
|
|
|
Add a missing sentence.
Add some more information about display filter plugins, besides
the "What's new" blurb.
|
|
[skip ci]
|
|
If the quote character appears in a field value, then escape
it by printing the character twice. When escaping whitespace
with the backslash character, also escape the backslash
character itself.
Add a ws_escape_csv function to wsutil and use it for tshark.
Adopt the existing static escape_string_len function so that
ws_escape_csv can use it while maintaining the same output
for the other ws_escape_ functions.
Fix #10284
|
|
Add an alternative macro notation as $mymacro(a,b,c,d). For me
this notation is more natural, I have difficulty remembering how
to use macros with ${mymacro:a;b;c} and it makes the filter
expression harder to understand.
For convenience and to simplify the code we also allow
curly braces to open/close macro argument lists and the semicolon
as an argument separator for the new syntax.
This added flexibility may be reevaluated and dropped later if it
turns out to be undesirable for some reason.
|
|
Remove the UAT macro usage. The UAT API is nifty for dissectors
but clunky for everything else.
This allows using a hash table to store macros, that is the natural
data structure for the use case (and faster).
It also allows using the existing filter GUI dialog, adapted for
display filter macros. The difference isn't huge but it's better
and less limited than the more generic UAT dialog, with room for
improvement. Changing the UAT dialog for filter specific
use cases is difficult.
The config file is renamed to "dmacros" and uses the same format
as "dfilter", that is more amenable and forgiving for hand-editing
than the UAT storage format.
There is some logic to convert the "dfilter_macros" UAT config
file to a "dmacros" filter config file, for backward-compatibility.
The conversion is only done if there is no existing "dmacros" file
in the profile folder.
|
|
Add a script to initialize static proto values to 0 instead of -1.
This will save ~1MB static init code.
|
|
Ran `tools/convert-glib-types.py` over the files in `doc/` and
`docbook/`, then manually checked/massaged/reverted results as
appropriate.
One small step towards addressing #19116
|
|
Add a display filter plugin with functions to test IP addresses.
This extends the display filter features with some more specialized
functions and serves as an example on how to write a display
filter plugin.
|
|
Allow references without braces, for a less cluttered syntax:
Filter:
frame.number > $frame.number
Instructions:
0000 READ_TREE frame.number -> R0
0001 IF_FALSE_GOTO 5
0002 READ_REFERENCE ${frame.number} -> R1
0003 IF_FALSE_GOTO 5
0004 ANY_GT R0 > R1
0005 RETURN
The original syntax of ${reference} came from macros but the
braces don't add much. In any case they are still allowed.
|
|
|
|
|