| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This option generates an ElasticSearch mapping file as described here:
https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
It leverages the Glib-json library.
Change-Id: Iff25f991e87d3da07bf06654e353fb785799dde9
Reviewed-on: https://code.wireshark.org/review/26848
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Change-Id: Ie95cf37f9cd283545693e290340a7489cc989c95
Reviewed-on: https://code.wireshark.org/review/26970
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
oids.c: Sort out libsmi init, add user paths once.
Qt, About WS: Stop memory leak of MIB/PIB paths.
GTK, About WS: Allow for 20 individual paths.
tshark, folders: init before getting paths, allow 20 individual.
Bug: 14539
Change-Id: I113ee2dd4394d553a16b256e66fd840eeeec78ef
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/26555
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
One reason to do dissection is if a tap requires it, so we have to check
after starting the taps.
Change-Id: Ic7910449c3f85df2a52065e789986d970d13c253
Reviewed-on: https://code.wireshark.org/review/25904
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There are no "old" versions of them that we're keeping around.
Change-Id: I3c76a14d0ec1a06df39c547da37f4dea9987df4d
Reviewed-on: https://code.wireshark.org/review/25892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We shouldn't do so until we have something on which to compute
statistics and until we're in file scope, as the taps may use
file-scoped memory, given that statistics pertain to a file.
Change-Id: Ifb568480a3cbbd4dc891015b3bb42da1511ca514
Reviewed-on: https://code.wireshark.org/review/25887
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
loaded
g995812c5f1 moved wiretap plugins registration from applications to
wiretap library init function.
As we do not want to load plugins for all users of libwiretap, let's
make it configurable.
Bug: 14314
Change-Id: Id8fdcc484e2d0d31d3ab0bd357d3a6678570f700
Reviewed-on: https://code.wireshark.org/review/25194
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The default value of kernel.unprivileged_bpf_disabled is 0 which means
this is enabling the BPF JIT compiler for unprivileged users. Given that
this is a known attack vector for Spectre variant 1 (CVE-2017-5753) this
is not a setting that a utility should be tampering with.
Tshark's and dumpcap's help message is changed by Balint Reczey to suggest
enabling BPF manually after considering security-related implications.
Change-Id: I1cc34cbd6e84485eba9dee79a8700aa388354885
Signed-off-by: Balint Reczey <balint.reczey@canonical.com>
Bug: 14313
Reviewed-on: https://code.wireshark.org/review/25192
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ia54bba388755cf27a343fe6d69d244bf1ab897f9
Reviewed-on: https://code.wireshark.org/review/25186
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13020
Change-Id: Ia83797a4e390be7cc59a9718735edc1c7f9a5712
Reviewed-on: https://code.wireshark.org/review/24928
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Ief5b1fffecc9712c01ff10292c403b7c84a5908a
Reviewed-on: https://code.wireshark.org/review/24756
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Have the routines that create them take a pointer to a struct
packet_provider_data, store that in the tvbuff data, and use it to get
the wtap from which packets are being read.
While we're at it, don't include globals.h in any header files, and
include it in source files iff the source file actually uses cfile. Add
whatever includes that requires.
Change-Id: I9f1ee391f951dc427ff62c80f67aa4877a37c229
Reviewed-on: https://code.wireshark.org/review/24733
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have separate packet_provider_data structures and packet_provider_funcs
structures; the latter holds a table of functions that libwireshark can
call for information about packets, the latter holds the data that those
functions use.
This means we no longer need to expose the structure of an epan_t
outside epan/epan.c; get rid of epan/epan-int.h.
Change-Id: I381b88993aa19e55720ce02c42ad33738e3f51f4
Reviewed-on: https://code.wireshark.org/review/24732
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
libwireshark now expects an epan_t to be created with a pointer to a
"packet provider" structure; that structure is opaque within
libwireshark, and a pointer to it is passed to the callbacks that
provide interface names, interface, descriptions, user comments, and
packet time stamps, and that set user comments. The code that calls
epan_new() is expected to provide those callbacks, and to define the
structure, which can be used by the providers. If none of the callbacks
need that extra information, the "packet provider" structure can be
null.
Have a "file" packet provider for all the programs that provide packets
from a file.
Change-Id: I4b5709a3dd7b098ebd7d2a7d95bcdd7b5903c1a0
Reviewed-on: https://code.wireshark.org/review/24731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Embed one of those structures in a capture_file, and have a struct
epan_session point to that structure rather than to a capture_file.
Pass that structure to the routines that fetch data that libwireshark
uses when dissecting.
That separates the stuff that libwireshark expects from the stuff that
it doesn't look at.
Change-Id: Ia3cd28efb9622476437a2ce32204597fae720877
Reviewed-on: https://code.wireshark.org/review/24692
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Those fields weren't being used in TShark/TFShark/rawshark/sharkd, so we
can use them, instead of defining our own static variables.
This makes the non-Wireshark code paths a bit more like the Wireshark
code paths.
Change-Id: I55da4cf525e37598f314efca22f20d3e80cb547c
Reviewed-on: https://code.wireshark.org/review/24691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have cfile-int.h declare the structure, and use it in files that
directly access the structure.
Have cfile.h just incompletely declare the structure and include it
rather than explicitly declaring it in source files or other header
files.
Never directly refer to struct _capture_file except when typedeffing
capture_file.
Add #includes as necessary, now that cfile.h doesn't drag in a ton of
Change-Id: I7931c8039d75ff7c980b0f2a6e221f20e602a556
Reviewed-on: https://code.wireshark.org/review/24686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Explictly struct _capture_file * in epan_session and its callbacks.
Change-Id: I63703015c661a08f3350a7448a7bcdaf98f119dc
Reviewed-on: https://code.wireshark.org/review/24675
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Follow-up to b695b3e2f72998d66ca4b7a6826d4ce1688060c8.
Change-Id: I7e36519f2c3806c1205d05437671325080974257
Reviewed-on: https://code.wireshark.org/review/24524
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
A while back Graham pointed out the SPDX project (spdx.org), which is
working on standardizing license specifications:
https://www.wireshark.org/lists/wireshark-dev/201509/msg00119.html
Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b
Start the conversion process with our top-level C and C++ files.
Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-on: https://code.wireshark.org/review/24302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This partially reverts dc0e6ccc9f9aaad7139c1edd3b723c4b939b15da in favor
of a cleaner solution.
Change-Id: Ie57329020b5a7d15eb7d99aad3103843a14f07a6
Reviewed-on: https://code.wireshark.org/review/24278
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
The user has no way to apply this setting while loading dissectors in order
to enable g_debug messages during init for example.
Change the behavior to be as documented in the comment.
Change-Id: I9317f12b207d4621508212b02ca1ebd46b55aadc
Reviewed-on: https://code.wireshark.org/review/24184
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
Not all platforms handle ? or -? *predictably* at the command line.
As long as "?" isn't replaced with a file name, it works, but if it
gets replaced by a file name...
Bug: 13984
Change-Id: I4496bb27fdef121967e7baf7b7f4a1bb0a44b00a
Reviewed-on: https://code.wireshark.org/review/24125
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In preparation for possibly using AUTOUIC in CMake which treats "ui_*.h"
files specially, rename ui_util.h. No other changes.
Change-Id: Id026572c000b713ff0e9388dc7fff8d81d4df73e
Reviewed-on: https://code.wireshark.org/review/23916
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tcpdump just got a --print option, which causes packet information to be
printed even if the raw packets are being saved to a file with -w. We
have -P for the same purpose; make --print another name for it.
While we're at it:
document --help and --version;
just speak of -P/--print as causing printing even of the packet
details, even though -V forces printing with -w, for consistency
with how --print is documented for tcpdump;
fix the description of -h/--help.
Change-Id: Idf650a202a09a2d1682edbd9d76123f1b1412b55
Reviewed-on: https://code.wireshark.org/review/23888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add links to the online man page for each tool. Make sure tshark
generates pre-commit-compatible output on Linux.
Change-Id: I00d2973475f27460065bc8a65471abef152ded33
Reviewed-on: https://code.wireshark.org/review/23754
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Display separate entries for binary plugins and lua scripts.
This is explained in the user guide, that the binary folder is
a subfolder of the lua folder, but it's probably a good idea to be more
explicit about it, at the risk of cluttering the interface a bit.
Move GeoIP information down because it seems the least important.
Add helper functions to provide plugin version subdir.
Change some #ifdefs while at it for legibility.
Change-Id: Ieb8665df029b3c14de19e2c973bd9b1cc4ec4621
Reviewed-on: https://code.wireshark.org/review/23609
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
WS_DLL_PUBLIC const char *get_plugin_dir(void);
WS_DLL_PUBLIC const char *get_plugins_pers_dir(void);
Opt for the plural form consistently (for public functions at least).
Change-Id: I8a5861ad7f90f9c87168bd3275bd9dbc5c83b749
Reviewed-on: https://code.wireshark.org/review/23608
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Obviate allocation on every call to get_plugins_pers_dir().
Change-Id: I089ae499f93739d490d4552f59b5db5996f7d26f
Reviewed-on: https://code.wireshark.org/review/23495
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Depending on how packetlist columns are arranged certain columns may have a
Unicode arrow character inserted between it and the subsequent column to
indicate source vs destination column directionality when displayed in
tshark. Currently any inserted Unicode arrow characters are
unconditionally prefaced with an ASCII SPACE character.
Tshark's `-T tabs` option causes the various packetlist columns to be
delimited with ASCII TAB characters. The unconditional use of the SPACE
character before any inserted Unicode arrows makes it difficult to directly
compare a -T tabs report of column N values to column N+1 values without
dealing with the SPACE/Unicode Arrow suffix appended to all of the column
N values.
The inserted Unicode directionality arrows are effectively another
packetlist column of data that should be delimited like all other columns.
This patch ensures that any Unicode directionality arrows inserted between
packet list columns are delimited on both sides of the arrows with the
selected delimiter character.
Change-Id: I4eb7c6015a538afdc2c41be746eca4eec1ace36f
Reviewed-on: https://code.wireshark.org/review/23222
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change access of ifaces elements from by val to by reference.
With this change unnecessary copying of the whole struct is avoided
but even more important is that elements no longer have to be
removed and inserted whenever data is updated.
This change aims to make it more clear that ifaces elements shall
never directly be removed from the array. Instead use function
capture_opts_del_iface
NOTE: Code for GTK UI not updated
Ping-Bug: 13864
Change-Id: I04b65d5ee36526b30d959b8e5a2a48a3c7c4f15b
Reviewed-on: https://code.wireshark.org/review/23204
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iacde5514dc355cbb06fe45f5e342ddd45700999d
Reviewed-on: https://code.wireshark.org/review/22749
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
|
|
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There's no guarantee that there's a color filter that matches, so the
color filter pointer might be null.
Change-Id: Ia11845824a4ca9c0cc153a89aa2fba876084a796
Reviewed-on: https://code.wireshark.org/review/22079
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed. This initial commit only
adds such support for the standard text output format. A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).
Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the cause for a syntax error while parsing UATs. Example output:
$ tshark -ouat:ssl_keys:,
tshark: Invalid -o flag "uat:ssl_keys:,": ssl_keys:1: No IP address given.
$ tshark -ouat:unknown:,
tshark: Invalid -o flag "uat:unknown:,": Unknown preference
Change-Id: I549406c4e31a81d29f487ef47bdb3c22da084947
Reviewed-on: https://code.wireshark.org/review/21748
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib79da01124a7f1b44f168ce19691d3ceaa7d5a68
Reviewed-on: https://code.wireshark.org/review/21619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
