Age | Commit message (Collapse) | Author | Files | Lines |
|
Specifically: show the use of tcp_dissect_pdus()
for a TCP heuristic dissector
Change-Id: I02f184b2c8ef6ed128ef3d0bc59eed759aae54bb
Reviewed-on: https://code.wireshark.org/review/5399
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
- get language as soon as possible (before creating any Qt objects) to make all
translations working
- dynamic list of supported languages
- runtime change of GUI language (no need to restart application)
- add flags icons support
- search for *.qm languages in buildin resources, then
data dir called "languages" (main directory in sources or
/usr/share/wireshark/languages), then user directory
(UNIX: ~/.wireshark/languages); "languages" directory should contains
files wireshark_xx.qm where xx is language code (en, en_GB, etc.),
and optional xx.svg for flag icon
- try to fix some untranslated manually-created UI items
(need manual reset text of those components)
Change-Id: I62ca8a8cddce47cec9dbcad6b0bd68b6cfd92229
Reviewed-on: https://code.wireshark.org/review/5041
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
Change-Id: I5aef31ef7ad604352f6e108835f0e9c2d10cdf8a
Reviewed-on: https://code.wireshark.org/review/4706
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
- If boolflags are being used, an extra space is added
to the call of the extcap filter. This leads to the
argumentparser of python to exit with an error-code,
and the extcap filter will not start. This patch instead
catches the unknown arguments and prints them on stdout,
as well as running the dissection with the rest of the
arguments list.
Basically this is a work-around, for a behaviour not
yet fixed in extcap, but it stabilizes the usage of the demo
Change-Id: I7589292692b0b3c839909fd09d62a4714cbe869e
Reviewed-on: https://code.wireshark.org/review/4638
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Idbf879f20448eea0b69e793271439dec877832e9
Reviewed-on: https://code.wireshark.org/review/4602
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
There is regular expression that extracts only the number from
--extcap-interface argument and only that number (as string) is being
passed to extcap_dlts().
Change-Id: I5159f9405a766c1edff792213b2aef72b9a29ba4
Reviewed-on: https://code.wireshark.org/review/4550
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Description:
Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation.
Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example).
e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
The default value is 0.
This option is only relevant when used with -d|-D|-w
Bug: 8511
Change-Id: I009a09d32778a182b2d88f372651f658a4938882
Reviewed-on: https://code.wireshark.org/review/4104
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I024a882030e489cbd273a4245b0cd3be656f060f
Reviewed-on: https://code.wireshark.org/review/4191
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id4f258e0e45e44c1ab63bd77a6fab10013a4810c
Reviewed-on: https://code.wireshark.org/review/4160
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829
Reviewed-on: https://code.wireshark.org/review/4140
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
documents referring to the split out sections.
Remove trailing whitespace while at this.
Change-Id: I36cfe0ac55e8f653bffbf850e01f582aacf85557
Reviewed-on: https://code.wireshark.org/review/4094
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Make sure the Qt UI is named "Wireshark" and its executable is named
"wireshark" or "wireshark.exe". Make sure the GTK+ UI is named
"Wireshark 1" or "Wireshark (GTK+)" depending on how much the target
audience is likely to care about UI toolkits. Make sure the GTK+
executable is named "wireshark-gtk" or "wireshark-gtk.exe".
It looks like moving to Qt 5.3 (g978faf3) broke the PortableApps
package. It's likely even more broken now.
Autotools out-of-tree builds also broke on Ubuntu 12.02 (automake
1.11.3) at some point. The first attempt to compile in ui/qt returns
"error: source_file.cpp: No such file or directory". The second attempt
works. Out-of-tree builds work fine on Ubuntu 14.04 (automake 1.14.1).
Tested:
- Nmake builds
- NSIS packaging
- CMake builds (Windows, OS X)
- Autotools build and distcheck
- RPM packaging
To do:
- Test Debian packaging
- Fix PortableApps
Change-Id: I66429870e05fd2d6fc901942477959ed6164fce2
Reviewed-on: https://code.wireshark.org/review/3919
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Fix typo PROTO_ABBREV -> PROTOABBREV
Uncomment FIELDCONVERT
Change-Id: I7b64c09ecf0c22a38042156d958e1c6c850c839a
Reviewed-on: https://code.wireshark.org/review/3914
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Convert QTableWidget to QTreeWidget.
It looks like the GTK+ version has a separate set of apply/save buttons
for each tab which *only* operates on that tab. This can result unexpected
behavior which throws away changes if the user updates more than one
tab. Use a single "OK" button that applies all of our changes instead.
Reorder the tabs. Put Local Interfaces first and select it by default.
Always show Remote Interfaces. Disable it on platforms that don't have
PCAP_REMOTE.
Automatically start editing when we add a new pipe. Don't immediately
update pipe interface settings. Wait until we hit "OK" instead.
Rename NewFileDelegate to PathChooserDelegate. Note that we might want
to move it use it elsewhere in the application.
Try switching the user-facing terminology from "Hide" to the more
positive "Show".
Tell the user that we don't save pipe or remote interface settings.
Add a help URL for the "Manage Interfaces" dialog box.
Use the GLib and Qt string functions and classes to split and join
comma-separated preferences. This makes sure capture_dev_user_descr_find
doesn't skip over the first interface. It also keeps the Qt code from
adding a leading comma to our capture preferences.
Add a note about strings to README.qt. Summary: Use QStrings.
For another day:
- If we *do* save remote settings we need to store credentials securely,
e.g. with CryptProtectData.
- Get rid of the remote settings dialogs. Their controls should fit in the
remote settings tab.
- Add an extcap tab.
- We need getter/setter functions for global_capture_opts.all_ifaces. We
iterate over it *way* too much.
Change-Id: Ib7b61972f3ece4325e0230f725e7f2678acbb24b
Reviewed-on: https://code.wireshark.org/review/3873
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
(This change needs to be approved Roland Knall--by the file's author--in
Gerrit.)
Change-Id: I58285cb1d773a57fe7d087799bf6d2ffbd962364
Reviewed-on: https://code.wireshark.org/review/3773
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
- Specify that proto_register...() and proto_reg_handoff...() prototypes are required;
- Indicate that certain #includes should be used only as needed;
- Don't use CamelCase (or CAPS) in variable names;
- Do some reformatting of certain lines;
- Futz hf[] array entry so checkAPIs and checkhf tests don't fail.
Change-Id: Ie03846f4bebd2a9bece464c85cc3c2ef46dd4fe5
Reviewed-on: https://code.wireshark.org/review/3724
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I2e8d18df71688c654f7acaff51fae7823c08aa6a
Reviewed-on: https://code.wireshark.org/review/3677
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Files from the debian directory, documents from the doc directory,
graphics from the docbook/wsug_graphics directory, and the echld
Makefile.nmake.
Change-Id: Iccccc58811753581b0b180053defd937aea22f95
Reviewed-on: https://code.wireshark.org/review/3283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
for a while.
Change-Id: I1166a63d8896d0d5fc63b558ebb0df2e1e19bc63
Reviewed-on: https://code.wireshark.org/review/3197
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I69c080253cf7e861c575573e74a66b83e014cbb0
Reviewed-on: https://code.wireshark.org/review/2925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
(Though it works only with certain formats.) As requested in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874#c4
Change-Id: I2ce0509d8750b21ae0167d12459074ba0f9506f8
Reviewed-on: https://code.wireshark.org/review/2646
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.
As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804
Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-on: https://code.wireshark.org/review/2489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2e9f6341138e7305b849a754e28edfd322d44160
Reviewed-on: https://code.wireshark.org/review/2415
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I4d82175781e65c73179f4c8e737a7900cb050bce
Reviewed-on: https://code.wireshark.org/review/2283
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Change-Id: Iba5274ab5e653a0a3c0a56e62ee168ac957daf27
Reviewed-on: https://code.wireshark.org/review/2152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I43014922fc51ddeed70235006296500ec00bd437
Reviewed-on: https://code.wireshark.org/review/1826
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ief20460ed8ec1b4bd1286cc2a5490d9aeefdf98f
Reviewed-on: https://code.wireshark.org/review/1643
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
red/black tree to hash map
Update the readme file accordingly
Change-Id: I056d1ab1f77df641b83fa9b3618b6c25d66e1a83
Reviewed-on: https://code.wireshark.org/review/1420
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This commit adds tvb_get_string_bytes and proto_tree_add_bytes_item routines for
getting GByteArrays fields from the tvb when they are encoded in ASCII hex string form.
The proto_tree_add_bytes_item routine is also usable for normal
binary encoded byte arrays, and has the advantage of retrieving
the array values even if there's no proto tree.
It also exposes the routines to Lua, both so that a Lua script can take
advantage of this, but also so I can write a testsuite to test the functions.
Change-Id: I112a038653df6482a5d0ebe7c95708f207319e20
Reviewed-on: https://code.wireshark.org/review/1158
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I01ec87ff4181afb5b2de487fd5f5200f8d62f17d
Reviewed-on: https://code.wireshark.org/review/1088
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I20ea6c374f791054f16f0aaba33967b869348ff5
Reviewed-on: https://code.wireshark.org/review/857
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The -X read_format extension was added in code but in the manuals.
Change-Id: I21692120229ef531671fc3db247809ace69d23b3
Reviewed-on: https://code.wireshark.org/review/742
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Makefiles)
There have been discussions on -dev about removing this and I believe I was the last holdout. Finally convinced that I should just have a local copy (ignored by git)
Change-Id: Ic72a22baf58e3412023cf851f0fce16eb07113b0
Reviewed-on: https://code.wireshark.org/review/681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ifeb61abdcc7aa049529d584ff3fe50b6fd79fe21
Reviewed-on: https://code.wireshark.org/review/662
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
returning FALSE.
Change-Id: I9f1ab000f7a2c554d1c20abf8ca4e4bab4b5ef27
Reviewed-on: https://code.wireshark.org/review/635
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ic27b0e601967c90567fac58447d28b10c02a3888
Reviewed-on: https://code.wireshark.org/review/564
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Discovered while reviewing Ibd3efb92a203861f507ce71bc8d04d19d9d38a93
Change-Id: Ie4dfc1b9b7a99f14657148ed5a935bbb079c2b4e
Reviewed-on: https://code.wireshark.org/review/415
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Do with tvb_get_stringz() what was done with tvb_get_string().
Redo the comments for the string get routines to try to give more detail
in a fashion that's a bit less hard to read.
Warn, in comments, of the problems with using
tvb_get_string()/tvb_get_stringz() (i.e., if your strings are non-ASCII,
all bytes with the 8th bit set are going be replaced by the Unicode
REPLACEMENT CHARACTER, and displayed as such).
Warn, in a comment, of the problems with tvb_get_const_stringz() (i.e.,
it gives you raw bytes, rather than guaranteed-to-be-valid UTF-8).
Update documentation and release notes appropriately.
Change-Id: Ibd3efb92a203861f507ce71bc8d04d19d9d38a93
Reviewed-on: https://code.wireshark.org/review/327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Id6cf1a617bff3e09e47933a69d505393502874d1
Reviewed-on: https://code.wireshark.org/review/370
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Approach suggested by Jeff seems right to me:
https://www.wireshark.org/lists/wireshark-dev/201402/msg00198.html
Change-Id: I3d54cb49e2f0027ee79f68a633f57382101241b5
Reviewed-on: https://code.wireshark.org/review/350
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I6bd7fa40726fe7ffd68b9341c640874f2a0f1c7c
Reviewed-on: https://code.wireshark.org/review/314
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
- rename tvb_length and similar to tvb_captured_length and similar; leave
#defines in place for backwards-compat, but mark them clearly as deprecated in
code comments and in checkAPI
- remove tvb_get_string as C code and just leave a #define in place for
backwards-compat; mark it clearly as deprecated in code comment and checkAPI
- update READMEs and sample dissector for all of the above
- while in the neighbourhood, make checkAPI skip (and warn) for missing files
instead of bailing on the whole check, so subsequent files still get checked
Change-Id: I32fc437896ca86ca73e9b49d5f50400adf8ec5ad
Reviewed-on: https://code.wireshark.org/review/311
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
As discussed in bug 3513 and 9709, one can register more than one new ProtoFields for
the same field name. Of course C-code can do that too, and does a LOT apparently, but
if they're not similar ftypes then things can get scrweed up in display filters.
So this change prevents duplicate field registration of dissimilar ftypes. The
similarity is based on the discussion on the mailing list, and the listing in
README.developer has been updated to refelect that as well.
Also, this change adds a testscript for Proto/ProtoFields.
Change-Id: I43bd323f785245941a21289647332a19adec2a9d
Reviewed-on: https://code.wireshark.org/review/285
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I28a376f7e0fd90971f65ae9c1105a3ec85221470
Reviewed-on: https://code.wireshark.org/review/204
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
This change adds the ability to pass on to lua scripts loaded from the
command-line (tshark or wireshark) additional arguments supplied by the
command-line. This will help us in our testsuites, but also might be
useful for user-created scripts. The additional arguments are passed in
using the '-X' eXtension switch.
Change-Id: Ib94cdf1ffd194ca84692fee7816665e4ff95efbd
Reviewed-on: https://code.wireshark.org/review/156
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
Spawned from https://www.wireshark.org/lists/wireshark-dev/201402/msg00024.html
Add some ignore rules for files that can't/shouldn't include a license header.
Reorganize some ignore rules to group rules with similar motivations.
Add a header to autogen.sh and attribute it to just "The Wireshark Authors"
since while Gilbert wrote the original version it's gone through so many changes
over the years that sorting out proper authorship is unnecessarily complex.
Add headers to Graeme Hewson's two files as verified by private email, and
update his address in the AUTHORS file per his request.
Add header to one of Ulf Lamping's files, as verified by private email.
Only remaining problem is the reedsolomon code.
Change-Id: Ifb7de8c4b4d79012553e29d459a0145d39f51df5
Reviewed-on: https://code.wireshark.org/review/145
Reviewed-by: Evan Huus <eapache@gmail.com>
|