diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/rawshark.pod | 16 | ||||
-rw-r--r-- | doc/tshark.pod | 44 | ||||
-rw-r--r-- | doc/wireshark.pod.template | 14 |
3 files changed, 58 insertions, 16 deletions
diff --git a/doc/rawshark.pod b/doc/rawshark.pod index 6981fc172a..1a3b9db210 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -436,10 +436,24 @@ when a dissector bug is encountered. abort(3) will cause the program to exit abnormally; if you are running B<Rawshark> in a debugger, it should halt in the debugger and allow inspection of the process, and, if you are not running it in a debugger, it will, on some OSes, assuming -your environment is configured correctly, generate a core dump file. +your environment is configured correctly, generate a core dump file. This can be useful to developers attempting to troubleshoot a problem with a protocol dissector. +=item WIRESHARK_EP_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after each +packet has been fully dissected. This can be useful to developers writing or +auditing code. + +=item WIRESHARK_SE_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after when +a capture file is closed. This can be useful to developers writing or +auditing code. + =back =head1 SEE ALSO diff --git a/doc/tshark.pod b/doc/tshark.pod index 9ad9eb93c3..c205800857 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -129,7 +129,7 @@ arguments, it's a capture filter if a capture is being done (i.e., if no B<-r> option was specified) and a read filter if a capture file is being read (i.e., if a B<-r> option was specified). -The B<-G> option is a special mode that simply causes B<Tshark> +The B<-G> option is a special mode that simply causes B<Tshark> to dump one of several types of internal glossaries and then exit. =head1 OPTIONS @@ -291,7 +291,7 @@ the last occurrence will be used and if B<a> all occurrences will be used B<aggregator=,|/s|>E<lt>characterE<gt> Set the aggregator character to use for fields that have multiple occurences. If B<,> a comma will be used -(this is the default), if B</s>, a single space will be used. Otherwise +(this is the default), if B</s>, a single space will be used. Otherwise any character that can be accepted by the command line as part of the option may be used. @@ -311,16 +311,16 @@ without a value will list the available formats. =item -G [fields|fields2|fields3|protocols|values|decodes|defaultprefs|currentprefs] -The B<-G> option will cause B<Tshark> to dump one of several types of glossaries -and then exit. If no specfic glossary type if specified then the B<fields> report -will be generated by default. +The B<-G> option will cause B<Tshark> to dump one of several types of glossaries +and then exit. If no specfic glossary type if specified then the B<fields> report +will be generated by default. The available report types include: -B<fields> Dumps the contents of the registration database to -stdout. An independent program can take this output and format it into nice -tables or HTML or whatever. There is one record per line. Each record is -either a protocol or a header field, differentiated by the first field. +B<fields> Dumps the contents of the registration database to +stdout. An independent program can take this output and format it into nice +tables or HTML or whatever. There is one record per line. Each record is +either a protocol or a header field, differentiated by the first field. The fields are tab-delimited. * Protocols @@ -348,17 +348,17 @@ B<fields3> Same as the B<fields> report but includes two additional columns. * Field 7 = base for display (for integer types); "parent bitfield width" for FT_BOOLEAN * Field 8 = bitmask: format: hex: 0x.... -B<protocols> Dumps the protocols in the registration database to stdout. -An independent program can take this output and format it into nice tables +B<protocols> Dumps the protocols in the registration database to stdout. +An independent program can take this output and format it into nice tables or HTML or whatever. There is one record per line. The fields are tab-delimited. * Field 1 = protocol name * Field 2 = protocol short name * Field 3 = protocol filter name -B<values> Dumps the value_strings, range_strings or true/false strings -for fields that have them. There is one record per line. Fields are -tab-delimited. There are three types of records: Value String, Range +B<values> Dumps the value_strings, range_strings or true/false strings +for fields that have them. There is one record per line. Fields are +tab-delimited. There are three types of records: Value String, Range String and True/False String. The first field, 'V', 'R' or 'T', indicates the type of record. @@ -384,7 +384,7 @@ the type of record. * Field 3 = True String * Field 4 = False String -B<decodes> Dumps the "layer type"/"decode as" associations to stdout. +B<decodes> Dumps the "layer type"/"decode as" associations to stdout. There is one record per line. The fields are tab-delimited. * Field 1 = layer type, e.g. "tcp.port" @@ -1224,6 +1224,20 @@ your environment is configured correctly, generate a core dump file. This can be useful to developers attempting to troubleshoot a problem with a protocol dissector. +=item WIRESHARK_EP_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after each +packet has been fully dissected. This can be useful to developers writing or +auditing code. + +=item WIRESHARK_SE_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after when +a capture file is closed. This can be useful to developers writing or +auditing code. + =back =head1 SEE ALSO diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template index 9707311cd7..c0cefb3f42 100644 --- a/doc/wireshark.pod.template +++ b/doc/wireshark.pod.template @@ -2674,6 +2674,20 @@ your environment is configured correctly, generate a core dump file. This can be useful to developers attempting to troubleshoot a problem with a protocol dissector. +=item WIRESHARK_EP_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after each +packet has been fully dissected. This can be useful to developers writing or +auditing code. + +=item WIRESHARK_SE_VERIFY_POINTERS + +This environment variable, if exported, causes certain uses of pointers to be +audited to ensure they do not point to memory that is deallocated after when +a capture file is closed. This can be useful to developers writing or +auditing code. + =back =head1 SEE ALSO |