Age | Commit message (Collapse) | Author | Files | Lines |
|
Add conversion to ISO 8601 time representation as an option
to abs_time_to_str_ex. This is already preferred for creating
display filters from a field. There are three other categories
of absolute time representation.
* absolute_val_to_repr in ftype-time.c determines what is used
for outputting to -T fields, JSON, and the PDML "show" field.
* proto_item_fill_display_label controls what is put in custom
columns (and thus CSV output) and the packet diagrams.
* proto_item_fill_label and proto_tree_add_item_ret_time_string
determine what is placed in the proto tree, and hence the packet
details and the PDML "showname" field.
Add a preference to control when to use the previous time format,
which is similar to that of asctime. The three cases above are
ordered in terms how likely a machine versus a human is to consume
the data. Thus, have the preference be an enum using levels (rather
than a more complicate set of full 2^N choices.) By default, use
ISO 8601 format for the first two cases mentioned above, and the
existing asctime like format for the last.
Fix #10220
|
|
|
|
Ping #19116
|
|
inet_netw.c -> inet_cidr.c
inet_netw.h -> inet_cidr.h
|
|
Consolidate code to handle CIDR network addresses in inet_netw.[ch].
|
|
Add ABSOLUTE_TIME_UNIX absolute time type, to allow
date and time values to be represented in Unix time,
besides other existing formats.
|
|
Move some utility functions to wsutil/to_str.c.
Add interfaces to convert nstime to string representation in
ISO8601 and Unix time.
Use it in epan/print.c.
|
|
Add the option to enter a filter with an absolute time
value in UTC. Otherwise the value is interpreted in
local time.
The syntax used is an "UTC" suffix, for example:
frame.time == "Dec 31, 2002 13:55:31.3 UTC"
This also changes the behavior of "Apply Selected as filter".
Fields using a local time display type will use local time
and fields using UTC display type will be applied using UTC.
Fixes #13268.
|
|
|
|
This makes it easier to understand the code, avoids conflicts
and ugly and unnecessary casts.
The field display enum has evolved over time from integer types
to a type generic parameter.
|
|
Add @file markers for most files that
contain functions exported with
WS_DLL_PUBLIC so that Doxygen will
generate documentation for them.
|
|
|
|
|
|
Mostly straightforward. The only complication was
proto_tree_add_split_bits_crumb which needed some manipulation to
guarantee a non-null tree so we could use its memory scope.
This is one of the last non-dissector uses of wmem_packet_scope!
|
|
These three all had pretty minimal usage, so do them together.
|
|
There are a bunch of near-identical macros here, but I'm gonna change
one at a time or else the builder times out at the number of files
changed in one merge.
|
|
Implement little endian support for tvb_get_bits family of functions.
The big/little endian refers to bit numbering within an octet. In big
endian, the most significant bit is considered bit 0, while in little
endian the least significant bit is considered bit 0.
Add encoding parameters to proto tree bits format family functions.
Specify ENC_BIG_ENDIAN in all dissectors using these functions except in
USB HID that requires ENC_LITTLE_ENDIAN to work correctly.
When formatting bits values, always display most significant bit on the
leftmost position regardless of the encoding. This results in no gaps
between octets and makes the displayed value comprehensible.
Close #4478
Fix #17014
|
|
|
|
|
|
|
|
|
|
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
|
|
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
|
|
|
|
Make display_signed_time() take a 64-bit signed number of seconds, and,
in calls to it, cast the argument to gint64, not gint32.
Addresses issue #16909.
|
|
Skipping dissectors dir for now.
Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa
Reviewed-on: https://code.wireshark.org/review/25694
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I02b5d01797e526299a6dc5a031662cb78e4f8423
Reviewed-on: https://code.wireshark.org/review/24163
Reviewed-by: João Valverde <j@v6e.pt>
|
|
We have WS_INET_ADDRSTRLEN and WS_INET6_ADDRSTRLEN; use them.
Change-Id: Idade0da9fae70d891901acd787b06d21e2ddbc5f
Reviewed-on: https://code.wireshark.org/review/24156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It will end up eventually crashing column buffers because memory
behind the address is trounced.
Change-Id: Id6b5a42effc503e4b8bf5e1deb2135241e2893f3
Reviewed-on: https://code.wireshark.org/review/22563
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also make it use ws_inet_ntop6() (rather than implementing the string
conversion ourselves).
Remove ip6_to_str_buf_len().
Change-Id: I1eff3a8941e00987c2ff0c4dcfda13476af86191
Reviewed-on: https://code.wireshark.org/review/15692
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Indicate whether they take a signed time delta or an unsigned time
delta.
Export unsigned_time_secs_to_str() while we're at it.
Change-Id: I0fbe87f1825efa886364caa61a3358b79d285947
Reviewed-on: https://code.wireshark.org/review/15324
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Put the routines that handle absolute time ("relative to the Epoch")
together and the routines that handle relative time together.
Change-Id: I15256921091ab67a1d92026385bf1b27aa52b404
Reviewed-on: https://code.wireshark.org/review/15316
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Create a "registration" system for Follow functionality so most of the work can be abstracted into a dissector and GUI can just be responsible for "display".
This also removes the global variables in follow.c to open up multithreading possibilities.
TCP, UDP and HTTP all have the same "tap interface" for Follow functionality (passing a tvb with byte data to "follow"). SSL still has it's own behavior, so Follow structures have to take that into account.
TShark through the Follow registration now has support for HTTP.
The only thing possibly missing is dynamic menu generation to further reduce explicit knowledge of Follow "type" (and rely on registration)
Bug: 11988
Change-Id: I559d9ee1312406ad0986d4dce9fa67ea2103b339
Reviewed-on: https://code.wireshark.org/review/13161
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7f942787dfdc4f76dd0ad5111d1eb528b20f0ba9
Reviewed-on: https://code.wireshark.org/review/13011
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define it yourself.
(And especially don't define it yourself if you're already including
epan/ipv6-utils.h.)
Change-Id: I9970d0edecef0c820b2a7fdce34509b54e7b3106
Reviewed-on: https://code.wireshark.org/review/13020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Correct parameter-name "opt-offset" to "offset" in macro
"tvb_eui64_to_str" in epan/to_str.h such that offset is taken into account
when converting eui64 to str.
Bug: 11856
Change-Id: Id0b17c4b9186b4c41d6fe338ba7c017e88f63acf
Reviewed-on: https://code.wireshark.org/review/12441
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Don't return allocated memory as a const pointer.
Fixes multiple [-Wcast-qual] warnings.
Change-Id: Ie9ceac27fa2a5eba41a5392ac983ff28c3939239
Reviewed-on: https://code.wireshark.org/review/12267
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Assuming *any* of the routines that generate printable strings should be
thought of as "for internal use by libwireshark routines only, not by
dissectors", the ones that *are* used by dissectors obviously shouldn't
be. The ability for dissectors to register address types certainly
expands the list of routines they would use.
Move everything used by dissectors from to_str-int.h into to_str.h, and
have dissectors not include to_str-int.h.
(Perhaps we should just get rid of to_str-int.h altogether.)
Change-Id: I3c583351f038233c9bcd8f9216188f82630267fa
Reviewed-on: https://code.wireshark.org/review/11149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use a standard way of displaying 128 UUIDs (like GUID).
This also change a way that UUID are handled by dissector tables.
Change-Id: Ie0f880f58480c34b40dd23c426202349e0620b12
Reviewed-on: https://code.wireshark.org/review/11018
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Have address_to_name() be a routine that takes an address and returns a
string with a "sufficiently long" lifetime for use in columns, using the
address type's addr_name_res_str routine for most address types, rather
than having a too-small set of address types wired into it. It replaces
both the internal solve_address_to_name() routine and get_addr_name(),
and can, for example, handle the special WLAN address types rather than
leaving them unresolved even with an ethers file.
Change-Id: Id09bc412adf5d2752155650a14a77c5378af2e42
Reviewed-on: https://code.wireshark.org/review/9475
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The following parameters of tvb_address_var_to_str(wmem_allocator_t *scope, tvbuff_t *tvb, address_type type, const gint offset, int length) are not documented: parameter 'length'
Change-Id: I0b93a2b47601bbb5ef424b6d0c2651952241ce32
Reviewed-on: https://code.wireshark.org/review/8229
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This "encourages" (forces) dissectors to use the bitmask field of the header_field_info structure to get "bitmask formatting" of a field.
other_decode_bitfield_value should be treated the same (eventually eliminated), but there are still replacements to be made in the dissectors.
Change-Id: I8a0d829c3fef2d5e5a588667a259e231bca559e6
Reviewed-on: https://code.wireshark.org/review/7736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Convert dissectors to using the API where appropriate.
Change-Id: I059582f73a75635d4a0338d02d4c4b212162480b
Reviewed-on: https://code.wireshark.org/review/7296
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
FT_{U}INT{40,48,56}
Change-Id: I57354c309ecf3a0c8f0c7cff485638027f30bb19
Reviewed-on: https://code.wireshark.org/review/5813
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add address_with_resolution_to_str API that returns address string + name resolution in the format %s (%s), first string is resolved name (if available) and second string is raw address string.
Convert AT_FCWWN to using proper name resolution format
First use of address_with_resolution_to_str with field types in proto.c
Change-Id: I2ae77c29a4ffc30bb919fbec00f06629830898c2
Reviewed-on: https://code.wireshark.org/review/7196
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows for even more cleanup with respect to how address types are handled, including removing address_to_str.c. Most of the functionality was folded into address_types.c, but the remainder was just dispersed because it didn't make sense to keep the file.
Change-Id: Id4e9391f0c3c26eff8c27b362e4f7a1970d718b4
Reviewed-on: https://code.wireshark.org/review/7038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|