From 0a9ef601d201f87ff3effb8aca62c61184fd6146 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Wed, 14 Jul 2021 22:16:30 -0700 Subject: Clean up handling of --capture-comment. Don't store the comments in a capture_options structure, because that's available only if we're being built with capture support, and --capture-comment can be used in TShark when reading a capture file and writing another capture file, with no live capture taking place. This means we don't handle that option in capture_opts_add_opt(); handle it in the programs that support it. Support writing multiple comments in dumpcap when capturing. These changes also fix builds without pcap, and makes --capture-comment work in Wireshark when a capture is started from the command line with -k. Update the help messages to indicate that --capture-comment adds a capture comment, it doesn't change any comment (much less "the" comment, as there isn't necessarily a single comment). Update the man pages: - not to presume that only pcapng files support file comments (even if that's true now, it might not be true in the future); - to note that multiple instances of --capture-comment are supported, and that multiple comments will be written, whether capturing or reading one file and writing another; - clarify that Wireshark doesn't *discard* SHB comments other than the first one, even though it only displays the first one; --- doc/dumpcap.pod | 9 ++++++--- doc/editcap.pod | 10 +++++----- doc/tshark.pod | 10 ++++------ doc/wireshark.pod | 7 ++++++- 4 files changed, 21 insertions(+), 15 deletions(-) (limited to 'doc') diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index 19d16c5dfd..c5f043f44c 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -419,11 +419,14 @@ the default capture link type is used if provided. =item --capture-comment EcommentE -Add a capture comment to the output file. +Add a capture comment to the output file, if supported by the output +file format. This option is only available if we output the captured packets to a -single file in pcapng format. Only one capture comment may be set per -output file. +single file. + +This option may be specified multiple times. Note that Wireshark +currently only displays the first comment of a capture file. =item --list-time-stamp-types diff --git a/doc/editcap.pod b/doc/editcap.pod index 1d7f520e1e..cf8bcb5f16 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -375,12 +375,12 @@ the same command line. =item --capture-comment EcommentE -Adds the given comment to the Section Header Block (SHB) of the pcapng -output file. New comments will be added I any comments present in the -input file unless B<--discard-capture-comment> is also specified. +Adds the given comment to the output file, if supported by the output +file format. New comments will be added I any comments present +in the input file unless B<--discard-capture-comment> is also specified. -This option may be specified multiple times. Note that Wireshark currently only -recognizes the first comment of a capture file. +This option may be specified multiple times. Note that Wireshark +currently only displays the first comment of a capture file. =item --discard-capture-comment diff --git a/doc/tshark.pod b/doc/tshark.pod index 5548b1a971..e0059d43cf 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -1728,13 +1728,11 @@ SMB packets exchanged by the host at IP address 1.2.3.4 . =item --capture-comment EcommentE -Add a capture comment to the output file. +Add a capture comment to the output file, if supported by the output +file format. -This option is only available if a new output file in pcapng format is -created. - -This option may be specified multiple times. Note that Wireshark currently only -recognizes the first comment of a capture file. +This option may be specified multiple times. Note that Wireshark +currently only displays the first comment of a capture file. =item --list-time-stamp-types diff --git a/doc/wireshark.pod b/doc/wireshark.pod index c94814901a..f9b91b19b3 100644 --- a/doc/wireshark.pod +++ b/doc/wireshark.pod @@ -319,7 +319,12 @@ Start with the given configuration profile. =item --capture-comment EcommentE -Set the capture file comment, if supported by the capture format. +When performing a capture file from the command line, with the B<-k> +flag, add a capture comment to the output file, if supported by the +capture format. + +This option may be specified multiple times. Note that Wireshark +currently only displays the first comment of a capture file. =item -d Elayer typeE==EselectorE,Edecode-as protocolE -- cgit v1.2.3