| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Matches is a special case that looks on the RHS and tries
to convert every unparsed value to a string, regardless
of the LHS type. This is not how types work in the display
filter. Require double-quotes to avoid ambiguity, because
matches doesn't follow normal Wireshark display filter
type rules. It doesn't need nor benefit from the flexibility
provided by unparsed strings in the syntax.
For matches the RHS is always a literal strings except
if the RHS is also a field name, then it complains of an
incompatible type. This is confusing. No type can be compatible
because no type rules are ever considered. Every unparsed value is
a text string except if it happens to coincide with a field
name it also requires double-quoting or it throws a syntax error,
just to be difficult. We could remove this odd quirk but requiring
double-quotes for regular expressions is a better, more elegant
fix.
Before:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp.srcport
dftest: tcp and udp.srcport are not of compatible types.
Filter: tcp matches udp.srcportt
Constants:
00000 PUT_PCRE udp.srcportt -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
After:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
dftest: "udp" was unexpected in this context.
Filter: tcp matches udp.srcport
dftest: "udp.srcport" was unexpected in this context.
Filter: tcp matches udp.srcportt
dftest: "udp.srcportt" was unexpected in this context.
The error message could still be improved.
|
|
Some enhancements and visual fixes to version 3 dissector are also included.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
It won't work with embedded null bytes so don't try. This is
not an additional restriction, it just removes a hidden failure
mode. To support matching embedded NUL bytes we would have
to use an internal string representation other than
null-terminated C strings (which doesn't seem very onerous with
GString).
Before:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "AB" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
After:
Filter: http.user_agent == 41:42:00:43
Constants:
00000 PUT_FVALUE "41:42:00:43" <FT_STRING> -> reg#1
Instructions:
00000 READ_TREE http.user_agent -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_EQ reg#0 == reg#1
00003 RETURN
|
|
FT_PROTOCOL and FT_BYTES are the same semantic type, but one is
backed by a GByteArray and the other by a TVBuff. Use the same
semantic rules to parse both. In particular unparsed strings
are not converted to literal strings for protocols.
Before:
Filter: frame contains 0x0000
Constants:
00000 PUT_FVALUE 30:78:30:30:30:30 <FT_PROTOCOL> -> reg#1
Instructions:
00000 READ_TREE frame -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_CONTAINS reg#0 contains reg#1
00003 RETURN
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
After:
Filter: frame contains 0x0000
dftest: "0x0000" is not a valid byte string.
Filter: frame[5:] contains 0x0000
dftest: "0x0000" is not a valid byte string.
Related to #17634.
|
|
Use the `copycss` attribute in the release notes and FAQ to copy ws.css
to the right location.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
|
|
|
|
[skip ci]
|
|
Manually revert commit 4e3ec2d01a in order to work around a conflict
with 2484ad2f72.
|
|
Fix a bogus URL in a comment in the asn2wrs documentation.
Switch a backslash in the Unix Quick Setup instructions to a slash.
Insert commas in two places where they are needed.
|
|
Add a note about improved Reload Lua Plugins.
|
|
Add test/suite_external.py, which can dynamically generate tests from a
configuration file. This is intended to make happy-shark useful, but it
should make it easy to add simple TShark tests elsewhere.
The configuration file format must currently be JSON as described in the
Developer's Guide.
|
|
Convert doc/*.pod to Asciidoctor. This:
* Means we use the same markup for our man pages, the guides, and
release notes.
* Lets us add versions to our man pages.
* Gives us more formatting options, e.g. AsciiDoc supports `commands`,
nested lists and makes it easy to include version information. The
manpage backend doesn't seem to support tables very well,
unfortunately.
Convert our CMake configuration to produce *roff and html man pages
using Asciidoctor. Add a "manarg" block macro which makes our synopses
wrap correctly.
Similar to the release notes, guides, and FAQ, if Asciidoctor isn't
found the man pages won't be generated or installed.
Move Asciidoctor to the list of package build dependencies in various
places.
This commit includes the conversion script (pod2adoc.py), which will be
removed later.
Line count sanity check:
Man page .pod .adoc
androiddump 260 280
asn2deb 93 105
capinfos 401 471
captype 54 55
ciscodump 241 269
dftest 42 42
dpauxmon 153 169
dumpcap 464 534
editcap 528 583
etwdump 136 156
extcap 157 181
idl2deb 91 103
idl2wrs 120 100
mergecap 206 207
mmdbresolve 75 75
randpkt 107 111
randpktdump 158 184
rawshark 558 610
reordercap 76 78
sdjournal 145 157
sshdump 272 302
text2pcap 274 312
tshark 2135 2360
udpdump 133 151
wireshark-filter 486 479
wireshark 2967 3420
|
|
Add a description of absolute time fields to the Display Filter
Field Types section and explain some of its quirks (always in
local time zone, no time zone suffix, etc.) Related to #13268.
|
|
|
|
Reverse the text added in cdd6f2ec80 and note that we can't yet use
Asciidoctor.js to build our documentation. I'm not sure how I managed to
miss this in my initial tests, but Asciidoctor.js is missing Docbook,
PDF, and EPUB backends, and doesn't support Ruby macros.
|
|
Store all user specified values from the "Import from Hex Dump"
dialog in a profile import_hexdump.json file.
Set default ExportPDU dissector to "data".
Fixed a minor typo in a help text.
|
|
Add the changed hover behavior for the byteview to the
documentation
|
|
Migrate compress-pngs from a Bash script that ran Make to a Python
script, which should be usable on more platforms.
Add Efficient Compression Tool (ect) to the list of compressors.
Add the compressors to the various *-setup.sh scripts, but comment them
out for now.
|
|
Non-hex character in the data are skipped, enabling the decoding
to continue converting all hex digits found.
|
|
Consolidate build instructions and troubleshooting into WSDG chapter 2.
Remove (moved) troubleshooting note that libpcap is required.
Link from WSUG build instructions to the WSDG chapters.
Reorder WSUG to have install instructions before build instructions for both
Windows and Unix.
Link from WSDG build instructions in WSDG sources chapter back to
WSDG chapter 2.
Offer options to the 'git clone' lines in obtaining sources: '--depth' and
'--shallow-since'
Add brief descriptions of new options mentioned.
|
|
|
|
Use the $<TARGET_FILE_DIR:tshark> generator expression instead.
|
|
|
|
This patch adds support for the ISO 10681-2 protocol, which is similar
to the ISO 15765-2 protocol (see packet-iso15765.c).
This patch also add support for registering combined FlexRay IDs to
register the new dissector.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
|
|
|
|
[skip ci]
|
|
Use an apostrophe instead of RIGHT SINGLE QUOTATION MARK in our PDF and
EPUB filenames. Some programs (notably Okular) can't open filenames with
extended characters, at least on Windows.
|
|
Add 64-bit PortableApps and macOS Arm items. Fix an issue from a
previous commit. Add new dissectors.
|
|
We occasionally get requests to fill in compliance forms and to sign
contracts. Add items for those.
Move the name change question to a historical intrest section.
|
|
Thanks to Serkan ÖNDER
|
|
|
|
|
|
|
|
Use the document title for our PDF and EPUB filenames under the theory
that "Wireshark User’s Guide.pdf" is more obvious than "user-guide.pdf".
|
|
|
|
If only someone could create a proper cover page
|
|
|
|
Add user_guide_epub and developer_guide_epub targets that generate
EPUB versions of the User's Guide and Developer's Guide.
Ping #17494.
|
|
|
|
|
|
Automated find/replace of wmem_packet_scope() with pinfo->pool in all
files where it didn't cause a build failure.
I also tweaked a few of the docs which got caught up.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
This patch adds first support for the BLF file format.
|
|
Set a minimum width for our admonition graphics. Otherwise some browsers
make them tiny. Fixes #17473.
Fix was done via
https://github.com/geraldcombs/asciidoctor-stylesheet-factory/commit/420a8a3d7c431c232f1e8dc18a9f7b947fd270df
which also pulls in upstream CSS fixes.
|
|
This patch adds support for LIN (Local Interconnect Network) as
well as support for:
- Signal PDUs on LIN
- ISO 15765 (ISO TP) on LIN
- TECMP transported LIN is handle like LIN
LIN is a simple automotive fieldbus to connect for example simple
sensors and actuators to an electronic control unit.
|
