| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When the '-Y' display filter option is given with a '-2', and a '-w' to write out
the packets, tshark grabs *all* dependent frames in the catprue file, even those
that weren't dependents of a matching packet. Note that this also uses the '-2'
two-pass option, since only two-pass mode writes out dependent frames to begin with.
Change-Id: I17726447bec434ba2566e98fb78893d1331e3056
Reviewed-on: https://code.wireshark.org/review/866
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This fixes part-1 of bug9931: the uninitialized use of a wtap_pkthdr
struct. The second part of the bug deals with dissectors calling
the Ethernet dissector for ecnapsulated Ethernet packets but using
the wrong dissector handle to do so. That's unrelated to the issue this
commit addresses, so I'm splitting them up.
Change-Id: I87be7b736f82dd74d8c261062f88143372b5344c
Reviewed-on: https://code.wireshark.org/review/848
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There's a relatively new feature in 1.11.3 to select a specific file format
reader, instead of relying on magics or heuristics. If you select a file
reader and open a file, open it, and then click the reload-file button or go
to View->Reload or press the ctrl-R keymap, the file is reloaded but using the
magic/heuristics again instead of the file format reader you previously chose.
Likewise, the Lua relaod() function has the same issue (which is how I found
this problem).
I have tested this change by hand, using a Lua script, but I didn't add it
to the testsuite because I need another change for my test script to work
correctly. (an enhancement rather than a bug fix, which I'll submit separately)
Change-Id: I48c2d9ea443e37fd9d41be43d6b6cd5a866d5b01
Reviewed-on: https://code.wireshark.org/review/764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Now that we have the ability to choose input file format type
in the GUI, we might as well have it in the command-line too.
Plus it would help me in test-stuies if we had a commandline.
So I've added a '-X read_format:Foo' for this. Using just
'-X read_format:', or with a bad name, will make it print out
the full list (in tshark); just like the '-F' does for output
file formats.
Note: I am *not* putting in code for Win32 GUI,
because I can't compile that and I wouldn't have even
done the GTK one if I could compile Qt originally. (I don't think we need
to add any more features to GTK or Win32, just Qt from now on,
right?)
Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64
Reviewed-on: https://code.wireshark.org/review/493
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
Just as "tshark ... -P -w xxx" writes raw packets to xxx *and* writes
text packet summaries to the standard output, and just as "tshark ...
-V -w xxx" writes raw packets to xxx *and* writes text packet details to
the standard output, so should "tshark ... -T fff -w xxx" write raw
packets to xxx *and* write whatever "-T fff" (and any "-e" options)
specifies to the standard output.
Change-Id: I28ab3a4d48531f297533ec4dfb3742031eb69885
Reviewed-on: https://code.wireshark.org/review/278
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We were using cf->buf in some places and a local variable buf in others;
consistenly use the local variable.
Have a local variable for the struct wtap_pkthdr while we're at it; with
some work we may be able to get rid of the struct wtap_pkthdr and the
Buffer in the capture_file structure.
Change-Id: I4762e22e11ef576be6bf9015450d1a270dd3d16b
Reviewed-on: https://code.wireshark.org/review/178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In make-version.pl, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.
Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-on: https://code.wireshark.org/review/139
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: If20a14b949667911df44f09c6a705b7645d4c49e
Reviewed-on: https://code.wireshark.org/review/85
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
|
|
declares the functions must be included, in order to make sure the
declarations match the function signature. Make it so.
Said header declares pipe_input_cb_t, so we don't have to do it
ourselves.
svn path=/trunk/; revision=54750
|
|
svn path=/trunk/; revision=54643
|
|
wtap_seek_read().
svn path=/trunk/; revision=54570
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9548 and adds addtional help, better formatting, sorting and some minimal documentation of the -u option to the tshark man page.
svn path=/trunk/; revision=53938
|
|
the code to scan for them uses those routines.
This means epan_init() no longer takes those routines as arguments -
which is just as well, given that the mechanism in question is no longer
part of libwireshark, but is part of libwsutil.
This should fix bug 9508.
svn path=/trunk/; revision=53796
|
|
svn path=/trunk/; revision=53763
|
|
svn path=/trunk/; revision=53761
|
|
svn path=/trunk/; revision=53714
|
|
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
|
|
header type fails, as we might be capturing on more than one interface.
Report the failing interface name in single quotes in some places where
we weren't doing so, for stylistic consistency.
svn path=/trunk/; revision=53593
|
|
packet dissection, they're specific to the entire Wireshark suite of
programs.
svn path=/trunk/; revision=53377
|
|
svn path=/trunk/; revision=53230
|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
In the process, fix various man page descriptions of the -t flag,
and add support for UTC absolute times in the iousers and iostat TShark
taps.
svn path=/trunk/; revision=53114
|
|
configured columns. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317
#BACKPORT(1.10,1.8)
svn path=/trunk/; revision=52838
|
|
svn path=/trunk/; revision=52709
|
|
Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports.
From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes.
svn path=/trunk/; revision=52627
|
|
memcpy().
svn path=/trunk/; revision=52625
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9258 :
After calling wtap_close(), set the wth to NULL so we don't try to close it
again later. (The core only happens when tshark isn't keeping up with dumpcap's
file rotation.)
Wireshark still has a problem but it's a different one.
svn path=/trunk/; revision=52493
|
|
application filters" created in r52462.
svn path=/trunk/; revision=52474
|
|
svn path=/trunk/; revision=51747
|
|
thing as the display filter (-Y) in that case except with more confusing
semantics.
This also lets us fix -c in the single-pass case to unconditionally count
packets. This isn't the old behaviour (which counted them only if they passed
the read filter) but is more consistent with two-pass mode where they are
counted even if they pass the display filter, since they are counted on the
first pass and the display filter is applied on the second pass.
Anyone who wants to use -c to limit packet count conditionally on them passing a
filter should use it in tandem with -2 and -R: the read filter is applied on the
first pass before the count.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9048
svn path=/trunk/; revision=51556
|
|
svn path=/trunk/; revision=51488
|
|
svn path=/trunk/; revision=51461
|
|
The limits are enforced during the first pass, and frames that get dropped from
the first pass for this reason aren't available to the second pass at all, so
checking again is redundant.
svn path=/trunk/; revision=51460
|
|
enough cowbell^wconst; throw in a comment to squelch warnings.
svn path=/trunk/; revision=51351
|
|
Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases
causing problems for wmem_leave_file_scope() - remove that XXX comment and add
back the assertion.
Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense
there. init_dissection is only called from epan_new, so cleanup_dissection
should only be called from epan_free.
Add one missing epan_free call to tshark revealed by the above changes.
svn path=/trunk/; revision=51342
|
|
packet information to a terminal (which we assume is the same terminal
as the one to which the packet counts are being printed), as they get in
the way of each other.
Don't print it if we're sending the standard error to a terminal, or if
-q is specified, either.
Put all the setting of print_packet_counts together; it looks as if the
default value of print_packet_counts may have been changed to TRUE and
the code to handle -q wasn't changed to set it to FALSE if -q was
specified rather than setting it to TRUE if it wasn't specified.
svn path=/trunk/; revision=51227
|
|
as long options, and thus identified with numbers rather than option
letters as the return value of getopt_long(), we now have to include
capture_opts.h even if we're *not* building with libpcap, to provide
#defines for those numbers.
svn path=/trunk/; revision=51115
|
|
include capture_opts.h
svn path=/trunk/; revision=51099
|
|
handle error cases in tshark
svn path=/trunk/; revision=51094
|
|
make it clear that a capture comment can only be added when we
create a new file
svn path=/trunk/; revision=51091
|
|
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
|
|
make sure that getopt() does not permute tshark's argv[] array
svn path=/trunk/; revision=51089
|
|
svn path=/trunk/; revision=51087
|
|
if a capture file is read, do all corresponding checks in one place
svn path=/trunk/; revision=51086
|
|
svn path=/trunk/; revision=50858
|
|
svn path=/trunk/; revision=50794
|
|
svn path=/trunk/; revision=50772
|
