Age | Commit message (Collapse) | Author | Files | Lines |
|
help page update (pcapng is now the default file format).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6551
svn path=/trunk/; revision=40658
|
|
it wasn't, whether it matters; that way you can still capture from a
pipe (named or "-" for standard input) even if you don't have WinPcap.
svn path=/trunk/; revision=40336
|
|
anything that uses WinPcap can use that message text in its error
messages.
svn path=/trunk/; revision=40335
|
|
and capture_interface_list(). Return it if, on Windows, we ask for the
interface list but don't have WinPcap installed. Handle it like
CANT_GET_INTERFACE_LIST.
svn path=/trunk/; revision=40334
|
|
svn path=/trunk/; revision=40309
|
|
descriptions. Captitalize and fix up the descriptions. Use its output to
create the field type list in the wireshark-filter man page.
svn path=/trunk/; revision=40306
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
http://www.wireshark.org/lists/wireshark-users/201112/msg00044.html
svn path=/trunk/; revision=40172
|
|
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
|
|
svn path=/trunk/; revision=39825
|
|
svn path=/trunk/; revision=39798
|
|
current build test failures.
svn path=/trunk/; revision=39790
|
|
svn path=/trunk/; revision=39776
|
|
do the user a favor and continue as if -V had been specified. Add explicit documentation of the -O <protocols> option to the man page.
svn path=/trunk/; revision=39175
|
|
so it should be present even when building without libpcap.
svn path=/trunk/; revision=39171
|
|
separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342.
svn path=/trunk/; revision=39168
|
|
Fixed crash in write_preamble().
svn path=/trunk/; revision=38562
|
|
getopt() can/should normally be found in unistd.h, so:
- When testing for getopt(), define that we HAVE_GETOPT instead of
HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)
If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.
svn path=/trunk/; revision=38437
|
|
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
|
|
Added ability to display UTC time or UTC time with date. I liked having the
difference between UTC and local time, not just setting local=UTC.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2629
svn path=/trunk/; revision=37898
|
|
Remove our local strerror implementation.
Mark strerror as locale unsafe API.
This fixes bug 5715.
svn path=/trunk/; revision=37812
|
|
Signal an error if another capture filter is provided using the
-f option.
svn path=/trunk/; revision=37811
|
|
svn path=/trunk/; revision=37807
|
|
tshark -i en0 icmpp
returns a correct error message.
svn path=/trunk/; revision=37806
|
|
description.
svn path=/trunk/; revision=37802
|
|
reporting an error.
svn path=/trunk/; revision=37799
|
|
specifc. This finalizes the change of the infrastructure.
This patch is based on work by Irene Ruengeler.
svn path=/trunk/; revision=37794
|
|
is mainly an attempt to fix the currently-broken "test.sh" step on the
XP buildbot. If this causes too many problems we might want to have
suite-capture.sh:capture_step_snapshot pass "-P" to dumpcap instead.
svn path=/trunk/; revision=37736
|
|
svn path=/trunk/; revision=37670
|
|
to TShark which dumps a list of plugins.
svn path=/trunk/; revision=37512
|
|
svn path=/trunk/; revision=37478
|
|
svn path=/trunk/; revision=37374
|
|
svn path=/trunk/; revision=37372
|
|
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
|
|
svn path=/trunk/; revision=37288
|
|
svn path=/trunk/; revision=37253
|
|
Show multiple interfaces when capturing from them.
svn path=/trunk/; revision=37249
|
|
using the array of interface data.
Improve output of -L by printing the interface name.
svn path=/trunk/; revision=37120
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5445#c15 :
Add a new tap flag to indicate that a tap listener is just a "dissector helper",
that is, a tap which is used by a dissector to help it do its dissection but
does not, itself, require dissection.
Use this new flag in the dissectors which register taps.
Remove the (now-unused) have_tap_listeners() function.
svn path=/trunk/; revision=37069
|
|
svn path=/trunk/; revision=36976
|
|
svn path=/trunk/; revision=36948
|
|
The supplied patch adds a new option -O, which specifies a list of protocols
(names can be found with the "-G protocols" option) to be fully decoded while
the others only show the layer header.
svn path=/trunk/; revision=36947
|
|
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
|
|
svn path=/trunk/; revision=36880
|
|
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
svn path=/trunk/; revision=36617
|
|
svn path=/trunk/; revision=36597
|
|
to check for it on close.
svn path=/trunk/; revision=36593
|
|
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
|