Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ib7c0617d88bf92cad0ac877176001d29960f1cd8
Reviewed-on: https://code.wireshark.org/review/2725
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If8dd4c37bcb1b35dd9f988184ad53118172ae9db
Reviewed-on: https://code.wireshark.org/review/1764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This fixes part-1 of bug9931: the uninitialized use of a wtap_pkthdr
struct. The second part of the bug deals with dissectors calling
the Ethernet dissector for ecnapsulated Ethernet packets but using
the wrong dissector handle to do so. That's unrelated to the issue this
commit addresses, so I'm splitting them up.
Change-Id: I87be7b736f82dd74d8c261062f88143372b5344c
Reviewed-on: https://code.wireshark.org/review/848
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- make init_dissection/cleanup_dissection private for libwireshark
- implement epan_new(), epan_free()
- pass epan_t to epan_dissect*
svn path=/trunk/; revision=50761
|
|
implement frame_tvbuff, right now almost a copy of 'real' tvb.
svn path=/trunk/; revision=50497
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
http://www.wireshark.org/lists/wireshark-dev/201209/msg00030.html
svn path=/trunk/; revision=44774
|
|
so that we can properly associate a widget with create, update, and
destroy events. Only used by Qt so far but it should be easy enough to
add to GTK+.
Rename ui/qt/progress_dialog.{h,cpp} to progress_bar.{h,cpp}. Show a
progress bar in the status bar of the main window instead of creating
a separate dialog. Note that we still need to add a "cancel" mechanism
and display the task and item titles somewhere.
Thus began the War Against Gratuitous Dialogs.
svn path=/trunk/; revision=43833
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
|
|
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
|
|
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
|
|
that cf_read_frame() and cf_read_frame_r() pop up an alert box on an
error, its callers no longer do so).
svn path=/trunk/; revision=33792
|
|
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
|
|
New functions: cf_read_frame_r, cf_read_frame
It's much easier to write:
cf_read_frame (cf, fdata, &err, &err_info)
Than:
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header, cf->pd,
fdata->cap_len, &err, &err_info)
svn path=/trunk/; revision=32980
|
|
svn path=/trunk/; revision=32312
|
|
with capture_file.plist_end
svn path=/trunk/; revision=30047
|
|
svn path=/trunk/; revision=29568
|
|
elsewhere.
svn path=/trunk/; revision=29490
|
|
initialise/cleanup stack allocated 'edt' structures. This should speed up dissection since we avoid some malloc traffic.
svn path=/trunk/; revision=29404
|
|
users (e.g. proto_hier_stats.c, others?) that relies on FT_PROTOCOL nodes being created they'll now need to call the newly introduced epan_dissect_fake_protocols() to disable this optimization.
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
|
|
svn path=/trunk/; revision=29355
|
|
because proto_item is typedefed to proto_node. We shouldn't rely on this since this is an implementation detail.
svn path=/trunk/; revision=29354
|
|
up (99 44/100% of which were assignments of double-precision
floating-point constants to floats). Hopefully this will catch at least
some P64 issues on UN*X.
svn path=/trunk/; revision=28108
|
|
menu. Simplified getting the Display filter.
svn path=/trunk/; revision=23786
|
|
The Bytes and End Bytes columns will be wrong for reassembled protocols,
as they span across several packets, but I don't see any obvious way to
display such values. The correct values can be found by looking at the
parent protocols.
svn path=/trunk/; revision=23700
|
|
svn path=/trunk/; revision=23686
|
|
This fixes a bug where packets having toplevel tree items for desegmentation
(like [Reassembled TCP Segments]) are not added to the Protocol Hierarchy
Statistics "End Packets" and "End Bytes" columns.
svn path=/trunk/; revision=23667
|
|
the hop-by-hop option header tree in the main protocol tree. This fix skips
those entries that don't have a name assigned to them and goes on to the next
entry before adding it to the protocol hierarchy display.
svn path=/trunk/; revision=20558
|
|
svn path=/trunk/; revision=18197
|
|
button"; "Stop" should be used for operations that can only be stopped
(meaning that what it's already done isn't undone), not cancelled
(meaning that whatever it's already done *is* undone), for which
"Cancel" is used.
Allow the merging process to be cancelled.
Clean up indentation.
Update some comments.
svn path=/trunk/; revision=16489
|
|
Rename some variables to make the names used in progress bars more
common. (Should more of that functionality be moved into common
progress bar code?)
svn path=/trunk/; revision=16347
|
|
rather than checking only on every progress bar update quantum, so that
if the update quantum is *very* large, we don't end up waiting longer
than the standard time for a dialog box before checking.
svn path=/trunk/; revision=16327
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
we now put generated items as top-level items in the decode pane so
we should not check and abort if such are found.
svn path=/trunk/; revision=14819
|
|
desegmentation items "[Reassembled TCP Segments]"
svn path=/trunk/; revision=14549
|
|
optimization for COLUMNS to make ethereal faster when filtering
optimization to make the slow find_protocol_by_id() fast.
(idea from Didier, implementation modified by me to be less intrusive)
svn path=/trunk/; revision=14026
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
- store times of first and last packets in ph_stats_t
- add bandwidth columns in GUI
- miscellaneous code cleaning
svn path=/trunk/; revision=10398
|
|
"simple_dialog()"; NULL might be #defined to be a pointer expression on
some platforms, causing compiler warnings (and, on platforms where a
null pointer doesn't have all its bits 0, possibly causing misbehavior,
although I don't think there are any such platforms on which Ethereal
runs).
Don't allow 0 as button mask argument to "simple_dialog()".
Squelch a compiler warning.
Report fatal problems as errors, not warnings.
Report file I/O errors with "file_open_error_message()".
Report file write errors (including those reported by "close()", e.g.
some errors writing to an NFS server) when saving raw packet data to a
file.
svn path=/trunk/; revision=9915
|
|
better reflect the real error text
svn path=/trunk/; revision=9913
|
|
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
|
|
As this will always be a Cancel of a running operation, this parameter was removed.
This makes us also able to use a stock button for this.
svn path=/trunk/; revision=9774
|