| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
reference an hf item (in hf[] with types:
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
|
|
Added Time Shift functionality.
From me:
Renamed to use "Time Shift" everywhere + some other minor cleanups.
svn path=/trunk/; revision=38510
|
|
svn path=/trunk/; revision=38413
|
|
svn path=/trunk/; revision=36829
|
|
optional
svn path=/trunk/; revision=36652
|
|
pseudo-header, and hence there's no direction indication. Don't set
pinfo->p2p_dir for it. Use WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR, not
WTAP_ENCAP_BLUETOOTH_H4, for capture files where we have the direction.
Don't assume pinfo->p2p_dir is either P2P_DIR_SENT or P2P_DIR_RECV when
setting the info column in various Bluetooth dissectors; it might be
unknown.
In the HCI H4 dissector, put the direction into the info column
regardless of whether we have a type match or not; the dissectors for
HCI packet types appear to assume it's been set (as they put a blank at
the beginning of the stuff they append to the direction).
svn path=/trunk/; revision=35933
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
svn path=/trunk/; revision=33198
|
|
svn path=/trunk/; revision=31470
|
|
svn path=/trunk/; revision=31320
|
|
ABSOLUTE_TIME_LOCAL or ABSOLUTE_TIME_UTC, indicating whether to display
the date/time in local time or UTC. (int)ABSOLUTE_TIME_LOCAL ==
(int)BASE_NONE, so there's no source or binary compatiblity issue,
although we might want to eliminate BASE_NONE at some point and have the
BASE_ values used with integral types start at 0, so that you can't
specify BASE_NONE for an integral field.
svn path=/trunk/; revision=31319
|
|
This will remove the package from the dissection functions without
removing it from the capture file.
svn path=/trunk/; revision=31287
|
|
frame.time_epoch
svn path=/trunk/; revision=31110
|
|
svn path=/trunk/; revision=31074
|
|
svn path=/trunk/; revision=30051
|
|
svn path=/trunk/; revision=29767
|
|
This is an expensive operation because we:
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols
We should only do this if the 'hf_frame_protocols' is referenced (unlikely)
svn path=/trunk/; revision=29733
|
|
marking the protocol tree as permamently visible. It only needs to disable the optimization temporarily while it creates the protocol item it intends to use proto_item_append_string() on
svn path=/trunk/; revision=29730
|
|
Protocol Hierarchy stats tap always needs the protocol node to appear even though no color, display filter etc. reference it. This is no longer needed due to r29380.
svn path=/trunk/; revision=29428
|
|
svn path=/trunk/; revision=29271
|
|
svn path=/trunk/; revision=29170
|
|
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
|
|
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
|
|
Drop packet length in favor of frame length.
Clean up code / indentations / header fields.
Improve docsis preference description.
svn path=/trunk/; revision=27329
|
|
svn path=/trunk/; revision=27328
|
|
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
|
|
The attached patch augments the epan/dissectors/packet-frame.c module to optionally generate MD5 hashes of each packet. These MD5 hashes are calculated in the same
manner as the MD5 hash used for duplicate packet removal by the editcap utility.
The ability to generate the MD5 hashes can be enabled or disabled by a new boolean preferences option: frame.generate_md5_hash. By default MD5 hash generation is disabled.
To help identify frames with matching MD5 hashes this patch also includes a new
display filter: frame.md5_hash.
svn path=/trunk/; revision=27150
|
|
svn path=/trunk/; revision=27050
|
|
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
|
|
dissector catch exceptions generated by post dissectors.
svn path=/trunk/; revision=25339
|
|
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
|
|
svn path=/trunk/; revision=23940
|
|
on the first fragment of a fragmented message. This allows us to continue
dissecting chunks even if one of the first chunks in the frame was fragmented.
(It's useful to keep doing this partial dissection just so we have some idea
what's in that chunk.)
(One could rightfully argue that you should only see a fragmented chunk
bundled with another chunk when retransmitting but, well, I'm staring at
traces of an implementation--to remain nameless to protect the guilty--which
is sometimes fragmenting and then bundling the fragments into one packet.)
svn path=/trunk/; revision=23471
|
|
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
|
|
http://www.cacetech.com/documents/PPI_Header_format_1.0.pdf .
svn path=/trunk/; revision=22094
|
|
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
|
|
routines and routines using those routines. GLib might use different
modifiers for 64-bit quantities than the platform's C library does.
svn path=/trunk/; revision=21990
|
|
Some code cleanups.
svn path=/trunk/; revision=21752
|
|
the PRI macros instead of %llu, etc.
svn path=/trunk/; revision=21454
|
|
svn path=/trunk/; revision=21443
|
|
svn path=/trunk/; revision=21233
|
|
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
|
|
bug 491.
svn path=/trunk/; revision=20870
|
|
unfortunately, this exception seems to corrupt the stack at least in a way that the TRY / CATCH pair later causes an access violation ...
svn path=/trunk/; revision=20764
|
|
for consistency. The frame.pkt_len filter is now deprecated, but still
supported as a hidden field for an easy transition. The new field name is
frame.len.
svn path=/trunk/; revision=20519
|
|
a new OutOfMemoryError Exception, so file.c can show at least a better explanation to the user before Wireshark terminates
XXX - to prevent a busy wait, I need a portable way to wait for a short time period, like Sleep() for Windows
svn path=/trunk/; revision=20437
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
a look at the source code (the corresponding field was hidden) -> that's not very intuitive.
So make the field "frame.marked" visible and tag it as generated.
Move both "time reference" and "marked frame" fields towards the end of the "frame" protocol fields.
Should be copied over to trunk-1.0
svn path=/trunk/; revision=18435
|
|
svn path=/trunk/; revision=18196
|
|
WTAP_ENCAP_BLUETOOTH_H4.
svn path=/trunk/; revision=17874
|
