Age | Commit message (Collapse) | Author | Files | Lines |
|
fields in TShark
Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
follow-up of g1b91475
Bug: 13086
Change-Id: I7171c50a0b113e3036860941b586e96a068fea9e
Reviewed-on: https://code.wireshark.org/review/18705
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
For fields that contain both a value and a subtree, print the value and
then create a new item with a _tree suffix for the subtree content
Bug: 13086
Change-Id: I5a3c96bf9895d87faff3925d439bb54b73769a3e
Reviewed-on: https://code.wireshark.org/review/18663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
- reinitialize the variable used to insert comma between packets when
performing a new export
- ensure that escaped ASCII characters are code on 4 digits characters
Change-Id: Ib557da4843f6b98f793b60e417260ebb27a38b99
Ping-Bug: 13073
Reviewed-on: https://code.wireshark.org/review/18598
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I5f97b70d7f423cb5b7792863fb2bd07516aa1951
Reviewed-on: https://code.wireshark.org/review/18375
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
writing PSML and PDML preambles for more consistent code formatting.
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I11f50d7b00851880f77067260e2496175d227e76
Reviewed-on: https://code.wireshark.org/review/17937
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie77292bfb2d962b326cb4dd9273d7258586f18b5
Reviewed-on: https://code.wireshark.org/review/17841
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
info.
Change-Id: I266775b0880931bbce5ec0ed9bc9d8b0dbce7246
Reviewed-on: https://code.wireshark.org/review/17840
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This prevents tshark from crashing when run with "-T fields -e data".
I5778b08c52119b5be1ec482be9417b3c4ba8ed62 mistakenly removed this line (this
'data' is a write_field_data_t rather than the print_data structure that
change was cleaning up).
Bug: 12616
Change-Id: I773e47f12f852e19a20ec29a43eb3a0953923173
Reviewed-on: https://code.wireshark.org/review/16415
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Description:
when -T json,ed or pdml used in conjunction with -e fields they would
always miss the last field.
in case of json and ek, if some fields in the middle are empty,
the generated json would be invalid.
sample for ek:
{ "_index": "packets-2016-06-30", "_type": "pcap_file",
"_score": null, "_source":
{ "layers": { "e212.mcc": ["255","262"] "frame.time_epoch":
["1426550400.004751510"], "e212.mnc": ["1","1"] } } }
command:
tshark -T ek -r C:\a.pcap -e e212.mcc -e frame.comment
-e frame.time_epoch -e e212.mnc > C:\test.json
note:
the comma is missing between e212.mcc and frame.time_epoch
Change-Id: I2efae0c48036cf6313e2a064453c8dbc49f38b09
Reviewed-on: https://code.wireshark.org/review/16226
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
That makes failing to specify a format a compile-time error.
Change-Id: Iff0bda8be35b1e3acc97e4314657ceaff2b3d0be
Reviewed-on: https://code.wireshark.org/review/16218
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5778b08c52119b5be1ec482be9417b3c4ba8ed62
Reviewed-on: https://code.wireshark.org/review/16215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2a41d378187c1685afb701372cf3a8ec9c0aeb70
Reviewed-on: https://code.wireshark.org/review/16214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Id8b45715c753dc6006f7833e5f49bd8aabc15271
Reviewed-on: https://code.wireshark.org/review/16213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rename write_fields_proto_tree() to write_specified_fields(), and make
it static. Make write_fields_proto_tree() a wrapper around
write_specified_fields() that sets the format to FORMAT_CSV. Have
write_specified_fields() fail with an assertion if fields->format isn't
one of the known formats, to catch problems such as this in the future.
Don't fill in the "data" structure if we're not going to use it.
Change-Id: I11dbf448d72ca389f0e5fb8558a41b7eecf7c9a4
Reviewed-on: https://code.wireshark.org/review/16210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
-e fields filter addded to ek|json|pdml output.
Bug: 12529
Change-Id: I1f0f8772eefceb5b71927925ce0c34af483571b9
Reviewed-on: https://code.wireshark.org/review/16193
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Added NULL pointer check in print_escaped functions.
Requested by comment in change 16034.
Change-Id: Id172d772d9b5cb4bcd31fe8b42286f885ec5b968
Reviewed-on: https://code.wireshark.org/review/16188
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Change-Id: I8cae4a8d2b57f961d16cb388befed2348a88badc
Reviewed-on: https://code.wireshark.org/review/16191
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Change-Id: Ia5d75bab03bfc065651ea83c936aedffb1f69e9f
Reviewed-on: https://code.wireshark.org/review/16190
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
[-Wmissing-prototypes]
Change-Id: Ib10e919dd3f0bec92004c68bf73a3c7d37961f03
Reviewed-on: https://code.wireshark.org/review/16187
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Corrected if no protocol filter (-j) specified.
Change-Id: Id20dd255642951633efa935dbb1363e7b9aa9be0
Reviewed-on: https://code.wireshark.org/review/16164
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
Some pcaps caused invalid json and ek files.
Bug: 11754
Change-Id: Id4c4d744b4d07fe4e8b6423688be1bb10a803844
Reviewed-on: https://code.wireshark.org/review/16152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie7c55fb432b29abe689eed1968cfa30bd8e88e33
Reviewed-on: https://code.wireshark.org/review/16124
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Added ouput -T for json|ek
Added -j switch fo filter EK json|ek fields.
Added -x switch to work with json|ek to insert raw fields.
Bug: 11754
Change-Id: Iad5a9092b843c074b0b774d1745fa14fca09f6b7
Reviewed-on: https://code.wireshark.org/review/15869
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add an option to print the UTF-8 BOM.
Change-Id: I3d30c67852b9b89d1548b0f957d97fd8e8741049
Reviewed-on: https://code.wireshark.org/review/15318
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Previous patches converted all fvalue_to_string_repr calls to expect
an allocated buffer (and not a passed in one). Now changing signature
to force an allocated buffer. Added wmem in case that can be taken
advantage of within epan (and since the function signature was changing
anyway).
Change-Id: Ica1ac4a9a182ce0e73303856329e198d9d525b7b
Reviewed-on: https://code.wireshark.org/review/15343
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefcbeb5d24df383c29d29ef888b503945.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Bug: 12276
Change-Id: I705b79073856cfb49c05d83014a3b9f50d2e30cf
Reviewed-on: https://code.wireshark.org/review/14556
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iaacd492858ca2fb98c4947d587fbbd26fc102a7d
Reviewed-on: https://code.wireshark.org/review/14486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
MSVC compiler does not support properly setting an enum being part of a bit field.
For example the following code:
pinfo->fd->flags.encoding = PACKET_CHAR_ENC_CHAR_EBCDIC;
changes pinfo->fd->flags.encoding from 0x0 to 0xfffffffe instead of 0x1
Let's put back an unsigned int definition (like it is in master-1.12 branch) and add explicit casts where required
Bug: 11787
Change-Id: Idae0140fb6c172f1b3dbf10baefc8cfb00128f4c
Reviewed-on: https://code.wireshark.org/review/12220
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I92791ec51978be59944628b7eaccd2784dd72be1
Reviewed-on: https://code.wireshark.org/review/11089
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
-e invalidfield
Change-Id: Iaf8733096d9e1d15510a38363397b1dcd972ff59
Reviewed-on: https://code.wireshark.org/review/10504
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
columns" to share their own data structure.
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
I'm not 100% sure if this is really a good idea in all cases, but at least some
people want it.
Bug: 10906
Change-Id: I26e69a683781cdc6ba1cfcd6a41458bbca7ca2c0
Reviewed-on: https://code.wireshark.org/review/9108
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Trust that the files in epan/ immediately (not dissectors) know what they're
doing so just blindly convert them to captured length.
Change-Id: I872f7d58b2e15ae82c75fd56f4873996fbc97be7
Reviewed-on: https://code.wireshark.org/review/9083
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Ib3614431c3ff8f6e53fa0993e296ffea70926d03
Reviewed-on: https://code.wireshark.org/review/7911
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
the option parameter of output_fields_set_option() is always a
0-terminated string
therefore, option_value can't possibly be NULL, remove the NULL checks
if someone runs 'tshark ... -E header=', option_value is an empty
string, bail out in this case, don't parse *option_value and
*(option_value++) in the switch statements
Change-Id: I734b04aff653e8dbe990f546220595546e7503b0
Reviewed-on: https://code.wireshark.org/review/7904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: I45a4cbef7cb38a851c207fbe26ff412ffc502240
Reviewed-on: https://code.wireshark.org/review/7903
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: Id18d392bf7ff948fc78b684d8222c5c3725d302a
Reviewed-on: https://code.wireshark.org/review/7886
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
protocol and field ids that it needs.
Change-Id: I4ec48067e9ca2cbe88e1cf2e6c9dc1e382379221
Reviewed-on: https://code.wireshark.org/review/7767
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
FT_{U}INT{40,48,56}
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Both clang and gcc define __GNUC__. Make sure we account for that when
defining diagnostic macros.
Use DIAG_OFF + DIAG_ON to suppress gcc -pedantic warnings about
frame_data.
Get rid of packet_char_enc casts.
Change-Id: Idbcc61bcdb35c1d20f185461c69451dcdf73bae9
Reviewed-on: https://code.wireshark.org/review/7106
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I973c672e9d573ad67e9b9fd82a5610aaf8a74efa
Reviewed-on: https://code.wireshark.org/review/6605
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
type.
These "bases" will put a ".", "-", or ":" respectively between hexidecimal bytes in the field in packet view and display filter. FT_BYTES with BASE_NONE will have no separator in the packet view, but continue to have the ':' as a separator in the display filter.
Converted the "string" hf_ entries that used tvb_fc_to_str as a string to use proto_tree_add_item with FT_BYTES/BASE_DOT type.
Converted applicable tvb_bytes_to_ep_str_punct() calls to use the new BASE values.
Change-Id: I2442185bb314d04a3ff2ba57883652ecd738b5f9
Reviewed-on: https://code.wireshark.org/review/6098
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3a5c7e219974bfb924819b43b4d445eaf00e5bde
Reviewed-on: https://code.wireshark.org/review/6153
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I0ecf618cc79060d35b5480f3d8e7ebf8575761c4
Reviewed-on: https://code.wireshark.org/review/5969
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|