Age | Commit message (Collapse) | Author | Files | Lines |
|
The current API for Lua provides a global function
"all_field_infos()" which returns all the populated field_info nodes
in the current proto_tree.
By default all_field_infos() "works", in the literal sense: it returns
exactly the fields the previous dissectors of the packet have
populated at that instant of time. But of course dissectors don't
populate all the applicable fields most of the time, because of the
TRY_TO_FAKE_THIS_ITEM optimization where they don't fill in things
that aren't needed at the time by a display, color, or tap's dfilter.
So this commit offers a way to force the dissectors to populate
all the applicable field_infos in the tree, by setting the proto_tree
to be visible. Obviously that is going to impact performance, since
it basically bypasses the TRY_TO_FAKE_THIS_ITEM optimization; so the
patch only does this if the Lua script author told it to explicitly,
by adding an argument to Listener.new() and register_postdissector().
Change-Id: I11d3559fbe8c14fbadf1b51415a3701dc1200b7b
Reviewed-on: https://code.wireshark.org/review/286
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9607)
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646
|
|
Move COL_* enum to <epan/column-utils.h>
XXX Later we can rename epan/column-info.h to column-int.h (or smth like this)
svn path=/trunk/; revision=54352
|
|
the code to scan for them uses those routines.
This means epan_init() no longer takes those routines as arguments -
which is just as well, given that the mechanism in question is no longer
part of libwireshark, but is part of libwsutil.
This should fix bug 9508.
svn path=/trunk/; revision=53796
|
|
svn path=/trunk/; revision=53770
|
|
XXX ncp2222 dissector is using dfilter_compile(), why?
svn path=/trunk/; revision=53766
|
|
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
|
|
This time it makes more sense, cause for each dissection we need two wmem allocators.
Reseting wmem allocator is much faster than destroy & create.
svn path=/trunk/; revision=52706
|
|
not finding it, I finally found it in column_info.h
Renamed column_info.h to column-info.h to have consistency
with the column*h files.
svn path=/trunk/; revision=52667
|
|
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
|
|
svn path=/trunk/; revision=50794
|
|
timestamp of given frame.
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
|
|
- make init_dissection/cleanup_dissection private for libwireshark
- implement epan_new(), epan_free()
- pass epan_t to epan_dissect*
svn path=/trunk/; revision=50761
|
|
implement frame_tvbuff, right now almost a copy of 'real' tvb.
svn path=/trunk/; revision=50497
|
|
is in this epan_dissect_t contain the field whose name is passed as an
argument" routine in libwireshark, and use it where we used
packet_is_ssl(). (We should check to see if anything *else* could use
it.)
svn path=/trunk/; revision=49530
|
|
svn path=/trunk/; revision=49092
|
|
Also remove old WS_VAR_IMPORT define and related Makefile magic
everywhere in the project.
svn path=/trunk/; revision=47992
|
|
svn path=/trunk/; revision=45884
|
|
unexport tap_queue_init, tap_push_tapped_queue
svn path=/trunk/; revision=45670
|
|
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
|
|
Implement DICOM, HTTP, and SMB object exports. Rename the GTK+ export
files. C++-ize epan/tap.h. Fix an apparent memory leak in
eo_save_all_clicked_cb.
The Qt dialog has an indeterminate progress bar. I tried adding
something similar to the GTK+ dialog but event processing led down a
rabbit hole.
svn path=/trunk/; revision=45647
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
svn path=/trunk/; revision=40321
|
|
Update of 3GPP RRC and LTE RRC dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6333
svn path=/trunk/; revision=38964
|
|
svn path=/trunk/; revision=37680
|
|
svn path=/trunk/; revision=34193
|
|
svn path=/trunk/; revision=34191
|
|
show if the field has multiple occurrences.
svn path=/trunk/; revision=34186
|
|
svn path=/trunk/; revision=33990
|
|
libwireshark into libwireshark, and call it only in programs linked with
libwireshark. That way, programs that don't link with libwireshark
don't have to link with libgcrypt or libgnutls solely so that they can
say that they're linked with a particular version of libgcrypt or
libgnutls.
Don't link dumpcap with libgcrypt or libgnutls any more.
svn path=/trunk/; revision=33531
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
|
|
svn path=/trunk/; revision=32361
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
svn path=/trunk/; revision=32360
|
|
svn path=/trunk/; revision=31720
|
|
processing. This is rarely needed. It's only needed when the user right clicks on the packet list view to generate a display filter.
svn path=/trunk/; revision=29806
|
|
speed up a little proto_custom_set.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3972
svn path=/trunk/; revision=29789
|
|
free memory properly on shutdown.
This is an initial step. There's still some work to do.
svn path=/trunk/; revision=29754
|
|
move custom col set from proto_tree_set_xxx() to
epan_dissect_fill_in_columns().
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3930
I'v added the new functions to the .h files.
svn path=/trunk/; revision=29551
|
|
initialise/cleanup stack allocated 'edt' structures. This should speed up dissection since we avoid some malloc traffic.
svn path=/trunk/; revision=29404
|
|
users (e.g. proto_hier_stats.c, others?) that relies on FT_PROTOCOL nodes being created they'll now need to call the newly introduced epan_dissect_fake_protocols() to disable this optimization.
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
|
|
Only fill in frame_data vals when needed.
svn path=/trunk/; revision=29203
|
|
svn path=/trunk/; revision=27541
|
|
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
|
|
from -Wshadow, as noted by John Smith.
svn path=/trunk/; revision=25541
|
|
The splash screen shows a progress bar and a percentage complete - like the progress dialog.
As dissectors are initialised and handed off the name is shown. However, the names of plugin dissectors are not shown.
The update to the make-dissector-reg shell script has been tested, though I think generally the python version is used.
svn path=/trunk/; revision=21716
|
|
if set, and if the program isn't running with additional privileges,
it'll treat the directory in which the program is found as the data
directory.
If, on Windows, the version-number subdirectory of {data
directory}\plugins doesn't exist (which is assumed to mean that the
program is being run from the build directory), or if, on UN*X,
WIRESHARK_RUN_FROM_BUILD_DIRECTORY is set, the plugin directory is the
"plugins" subdirectory of the data directory, and all subdirectories of
that directory are scanned for plugins, as the "plugins" subdirectory of
the build directory contains subdirectories for the plugins; this means
that if we're running from the build directory, we'll find the plugins
we built in the build tree.
When generating the wireshark-filter man page, run tshark with
WIRESHARK_RUN_FROM_BUILD_DIRECTORY set, so it uses the plugins from the
build to generate the list of filters.
svn path=/trunk/; revision=20261
|
|
svn path=/trunk/; revision=18450
|
|
svn path=/trunk/; revision=18197
|
|
svn path=/trunk/; revision=15190
|