diff options
| author | Hadriel Kaplan <hadrielk@yahoo.com> | 2014-03-29 17:16:22 -0400 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-03-30 17:36:18 +0000 |
| commit | b63b5034569f861d6cca0354aaa5c25eda18558e (patch) | |
| tree | c84ccafc1e39732a5fc25825294b74e5fd8ccde3 /tshark.c | |
| parent | 5cdf04e6c726ab0ec8d0a091099cac12ad624b6d (diff) | |
Fix Bug 9938 'tshark "-Y -2 -w" saves non-dependent frames'
When the '-Y' display filter option is given with a '-2', and a '-w' to write out
the packets, tshark grabs *all* dependent frames in the catprue file, even those
that weren't dependents of a matching packet. Note that this also uses the '-2'
two-pass option, since only two-pass mode writes out dependent frames to begin with.
Change-Id: I17726447bec434ba2566e98fb78893d1331e3056
Reviewed-on: https://code.wireshark.org/review/866
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'tshark.c')
| -rw-r--r-- | tshark.c | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -2904,6 +2904,9 @@ process_packet_first_pass(capture_file *cf, epan_dissect_t *edt, if (cf->rfcode) epan_dissect_prime_dfilter(edt, cf->rfcode); + if (cf->dfcode) + epan_dissect_prime_dfilter(edt, cf->dfcode); + frame_data_set_before_dissect(&fdlocal, &cf->elapsed_time, &ref, prev_dis); if (ref == &fdlocal) { @@ -2925,9 +2928,13 @@ process_packet_first_pass(capture_file *cf, epan_dissect_t *edt, /* If we're not doing dissection then there won't be any dependent frames. * More importantly, edt.pi.dependent_frames won't be initialized because * epan hasn't been initialized. + * if we *are* doing dissection, then mark the dependent frames, but only + * if a display filter was given and it matches this packet. */ - if (edt) { - g_slist_foreach(edt->pi.dependent_frames, find_and_mark_frame_depended_upon, cf->frames); + if (edt && cf->dfcode) { + if (dfilter_apply_edt(cf->dfcode, edt)) { + g_slist_foreach(edt->pi.dependent_frames, find_and_mark_frame_depended_upon, cf->frames); + } } cf->count++; @@ -3172,7 +3179,7 @@ load_cap_file(capture_file *cf, char *save_file, int out_file_type, /* If we're going to be applying a filter, we'll need to create a protocol tree against which to apply the filter. */ - if (cf->rfcode) + if (cf->rfcode || cf->dfcode) create_proto_tree = TRUE; /* We're not going to display the protocol tree on this pass, |