| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
They've been replaced by the Python scripts.
Change-Id: I8add9c9ea0a6bdd68b2fa3841977863c0ea9a761
Reviewed-on: https://code.wireshark.org/review/27243
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I4c95e56e067eed98d269812225256462dfa46273
Reviewed-on: https://code.wireshark.org/review/27140
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Now that we only support CMake, that file would be reduced to
Wireshark is built using CMake.
which doesn't justify keeping it around.
Change-Id: I07d0ce0689ab274fd6c7dff3d8e5a8b31e110cbb
Reviewed-on: https://code.wireshark.org/review/27139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The doc has a mixed way of providing example, both without executable
name and with it. Add it to all the provided examples. Add highlight of
tshark in examples, too.
Change-Id: I99d83201cc897629f186aabd20c0add9c7c53b93
Reviewed-on: https://code.wireshark.org/review/27034
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
This option generates an ElasticSearch mapping file as described here:
https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
It leverages the Glib-json library.
Change-Id: Iff25f991e87d3da07bf06654e353fb785799dde9
Reviewed-on: https://code.wireshark.org/review/26848
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Tests are independent and can be run in parallel using pytest-xdist
(https://github.com/pytest-dev/pytest-xdist), document it.
While at it, allow running the tests from other directories.
Change-Id: I3e55c549669f7d59d35cd64eca53680cea6dec2d
Reviewed-on: https://code.wireshark.org/review/26943
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
First mention tvbuff_new_subset_remaining(), as that's good enough for
most uses.
Then mention tvb_new_subset_length(), which is what most of the
remaining cases should use; we weren't even documenting it.
Then mention tvb_new_subset_length_caplen(); we want that to be used
only when *absolutely* necessary.
Change-Id: I57a6c202d4a68b001ddca8bd4c7e1d271eb52ef9
Reviewed-on: https://code.wireshark.org/review/26864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Icab98813d0b81a7337562e9857429d4bb98dc44c
Reviewed-on: https://code.wireshark.org/review/26817
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The original implementation lead to multiple extcap interfaces
being loaded, as well as an error output from the default example.
This fixes both
Change-Id: Icb6fbda7bcb11ed0d14cb683ddcdabdc20a7070d
Reviewed-on: https://code.wireshark.org/review/26773
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change-Id: I50f5abafb8adf18a5407427f7feb260301df45cc
Reviewed-on: https://code.wireshark.org/review/26771
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Explain the new behavior for reload and version
Change-Id: I80d0f3338ac2e6a588964ce052ed49640155bc71
Reviewed-on: https://code.wireshark.org/review/26754
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Allow certaing elements to be reloaded upon request. The way
this works is, certain elements can be configured to be reloadable.
By doing so, the extcap is asked once more just for the values
list of this item, together with all already set options, and
reloads the available options depending on the response.
Only supported for selector. Radio and Multiselect will need
additional patches, also moving those parts outside of extcap_argument.cpp
might make sense before hand.
Change-Id: I2e9e3d109b334bf878835a7cc9354f468bc22dee
Reviewed-on: https://code.wireshark.org/review/26223
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Add an optional argument to extcap-version, which tells the utilities
the wireshark version and therefore allows them to handle different
versions differently.
If no version is provided, the utility has to assume it is dealing
with a Wireshark 2.x version (default behavior).
Change-Id: I51658300f28f503ca8050d204b73749f1a54df16
Reviewed-on: https://code.wireshark.org/review/26752
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Otherwise the utility no longer works for Python 2.
Change-Id: Ibe2f09d26887603a971185253aeaf2521875770d
Reviewed-on: https://code.wireshark.org/review/26751
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Run 2to3. Convert our payload to bytes. Switch from tab to 4-space
indentation as described in PEP8, which fixes a "TabError" message.
Change-Id: Ic20b6bc1fc1a945758c8be1bb54435f3326fb605
Reviewed-on: https://code.wireshark.org/review/26744
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I5b21ade727f9c4bed6545e69d87082baafaefa2b
Reviewed-on: https://code.wireshark.org/review/26702
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Update invalid description for tvb_get_nstringz() and
tvb_get_nstringz0().
Change-Id: I03483bc1a2aa5a701b44cd895b91289716ef215d
Reviewed-on: https://code.wireshark.org/review/26598
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8140edaee152ce1e9978d8df8a0f0e3dd077322e
Reviewed-on: https://code.wireshark.org/review/26490
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
inital => initial
Change-Id: Id92a853bd6b24e06b2f6074903f8e89249c6c2cc
Reviewed-on: https://code.wireshark.org/review/26168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
IIRC this was used to generate a list of display filters for the User's
Guide. We stopped doing that a long time ago.
Change-Id: Ib18f3982169ebda133f05e5fcad4083f75051286
Reviewed-on: https://code.wireshark.org/review/25907
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Try to do a better job of explaining the behavior with various
combination of options. There are a lot of different output options,
and combinations of those options, for TShark; try to cover more of them
- it's complicated.
Consistently refer to command-line "options" rather than "flags".
Change-Id: Idbe6d22a07920789b3d5ed46a700e654a5ac0ae3
Reviewed-on: https://code.wireshark.org/review/25902
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I38da07fb68a3b8c62e2267a06a9ba41ff80e7497
Reviewed-on: https://code.wireshark.org/review/25893
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia7b229fc4c42bd967ee4315543f58f6c05be5510
Reviewed-on: https://code.wireshark.org/review/25827
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The plugin.c generation in an autotools build comes in from an included
Makefile.am file. The various types of plugins need different parameters
for the generation script. Put the plugin.c production rule is a seperate
include file so each plugin type build can include its own variant.
Also amend the README.plugins file with regards to the new directory
structure and the fact that there are multiple types of plugins, not just
dissector plugins.
Change-Id: I3a815d0d767baa555356cf428861b18697401355
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25398
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia54bba388755cf27a343fe6d69d244bf1ab897f9
Reviewed-on: https://code.wireshark.org/review/25186
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The sample dissector was inconsistent with the definition of
expert_field_info in epan/expert.h.
Change-Id: I533537e52bbcfa7f0cd7ff42e4233f17f40f8bab
Reviewed-on: https://code.wireshark.org/review/24902
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
plugin_ldadd was removed in 262a84c384353b2a88a6e81cdc499ab94a8316c2.
Change-Id: I516aa1be3466433bf8db83ab3d1773bf88082e8c
Reviewed-on: https://code.wireshark.org/review/24850
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Micro version bump for mate to homogenize it between CMake and autotools.
The cmake macro doesn't handle the "a" suffix and it doesn't seem worth
implementing.
Change-Id: Ib022c6aa170623b83a9700e4fa098c60a9cddfab
Reviewed-on: https://code.wireshark.org/review/24847
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
plugin.rc is Windows specific, also add condition to reflect that.
Change-Id: Ibbb7dab77dd1f277e2302c8f931218ca433f8c72
Reviewed-on: https://code.wireshark.org/review/24833
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Currently more autotools than CMake.
Change-Id: I167f0bdd49d70d72f6155a4d978975c034ce3b4a
Reviewed-on: https://code.wireshark.org/review/24773
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
proto_tree_add_item
Change-Id: I728091998c531c992aa1b741b03e653460a0e77f
Reviewed-on: https://code.wireshark.org/review/24499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Replace the GPLv2+ blurbs in the doc and docbook directories with SPDX
headers as appropriate. This includes example code such as
packet-PROTOABBREV.c.
Remove dfilter2pod.pl and dfilter2xml.pl. We haven't used them since
2010.
Change-Id: I4adec02a9a4bc3e71e32bdf89f2754edaf696938
Reviewed-on: https://code.wireshark.org/review/24343
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
After other changes, add info about -G help
and update output from -G dissector-tables.
Change-Id: I339d5c31a606720ef92e641e59ec5a45114321a8
Reviewed-on: https://code.wireshark.org/review/24188
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
Convenience function to add the same parameters to find_conversation as
find_or_create_conversation.
Change-Id: I3a92541cb9c1e827a9de8248825636debbd989cd
Reviewed-on: https://code.wireshark.org/review/24118
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Move The Slowest Migration In The History Of Ever a little further
along.
Change-Id: Ib8b49708e7036dd412a7ffc8660ded9f681374c0
Reviewed-on: https://code.wireshark.org/review/24006
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We don't need to be this strict for bundled plugins about following
the GNU Coding Standards.
Change-Id: I18ed1b81d428eea15ea387102823f588287daf81
Reviewed-on: https://code.wireshark.org/review/23918
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Iedae94ffefe27b13b1967d69cacb757b5aa4576d
Reviewed-on: https://code.wireshark.org/review/23928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
