/tshark.c - Changes - CSE2410 Fall 2014 the Passive Aggressors - CS Projects

The data contained in this repository can be downloaded to your computer using one of several clients.
Please see the documentation of your version control software client for more information.

Please select the desired protocol below to get the URL.

This URL has Read-Only access.

Statistics

main_repo / tshark.c @ master

History | View | Annotate | Download (143 KB)

#	Date	Author	Comment
97546165	08/24/2014 04:04 AM	Graham Bloice	Modify includes of config.h so that out-of-tree builds, i.e. CMake don't pick up the in-tree copy. Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71 Reviewed-on: https://code.wireshark.org/review/3798 Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>...
018b84de	08/18/2014 12:24 AM	Michael Mann	Refactor "common" hostlist/endpoint table functionality. This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both. Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31...
f3dd7fe1	08/05/2014 04:42 PM	Bill Meier	Fix whitespace/indentation to match editor modelines. Change-Id: I3445ae22f10584582d465bf632942e016f5f70ca Reviewed-on: https://code.wireshark.org/review/3452 Reviewed-by: Bill Meier <wmeier@newsguy.com>
0734ac38	08/02/2014 07:01 AM	Guy Harris	Rename buffer_ routines to ws_buffer_ to avoid name collisions. In particular, epan/wslua/lrexlib.c has its own buffer_ routines, causing some linker warnings on some platforms, as reported in bug 10332. (Not to be backported to 1.12, as that would change the API and ABI of...
dcf6d44b	07/30/2014 12:12 PM	Michael Mann	Apply refactored "conversation" (tap) data to TShark. I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI....
31ecdf5b	07/26/2014 04:59 PM	Michael Mann	Refactor "common" Conversation table functionality. Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality. The idea is to not have to modify the GUI when a dissector adds a new "conversation type"...
0492921a	07/25/2014 05:26 PM	Peter Wu	Replace lseek/fstat by ws_lseek64/ws_fstat64 lseek returns an off_t type which is system-dependent. Use ws_lseek64 in favor of lseek as that supports 64-bit quanities. Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows. For the majority of the changes, this makes no difference as they do not...
4028f567	07/22/2014 07:57 PM	Guy Harris	Clean up indentation (get rid of tabs). Change-Id: I14917737db30c80af2d40e40efd79ceb6aea79f8 Reviewed-on: https://code.wireshark.org/review/3170 Reviewed-by: Guy Harris <guy@alum.mit.edu>
f6ce0cda	07/22/2014 07:53 PM	Guy Harris	Get rid of NO_INTERFACES_FOUND - it's not an error. It just means "pcap didn't give me any interfaces, and didn't report an error". Hopefully, in the future, there will be pcap APIs that distinguish between the (admittedly unlikely, these days) case of "there...
42b537ea	07/05/2014 06:08 PM	Evan Huus	Reset state when cycling ring-buffer files in tshark. This has several implications: - we match user expectations that a ring-buffered tshark capture will run forever without running out of resources (except where we still have leaks) - we lose reassembly and request/response matching when the relevant packets...
9e6487f2	07/04/2014 03:25 AM	Guy Harris	Move utility routines for capturing into a libcaputils static library. Some of those routines are used only in dumpcap; others are used in TShark and Wireshark as well. Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7 Reviewed-on: https://code.wireshark.org/review/2841...
66b02c75	07/03/2014 11:22 AM	Guy Harris	Include <sys/capaibility.h> to get _LINUX_CAPABILITY_VERSION defined. It's no longer used in version_info.c, but is used in the main source files of TShark and Wireshark (it's already included in dumpcap). Change-Id: I2169a2bbed678baf26fc8711d7c13d95cce3ee2a...
1692c520	07/03/2014 05:16 AM	Guy Harris	Include "capture-pcap-util.h" even if we don't have libpcap. The routines to get libpcap version information just say "no pcap here" if we don't have it, so they're called regardless of whether we were compiled with it. Change-Id: I4e58cce83f7c0e36aa6ef9b40ec7075732402f3b...
35c47214	07/03/2014 04:56 AM	Guy Harris	Get rid of an extra blank line. Change-Id: I321ef1404e37ebb13a456d18eeb81285b7ba477f Reviewed-on: https://code.wireshark.org/review/2796 Reviewed-by: Guy Harris <guy@alum.mit.edu>
b4ce3525	07/03/2014 04:46 AM	Guy Harris	Make --help and --version information a bit more uniform. Have --version print the version number, the copyright information, the "compiled with" information, the "running on/with" information, and the compiler information. Have --help print the version number, a one-line summary of what the...
6b3391c6	07/02/2014 10:29 PM	Guy Harris	Regularize the help output of programs. Only print to the standard output, and only give the version information, if a "print help" command-line option is specified. Otherwise, leave out the version information, and print to the standard error. Leave out the copyright information; it's extra cruft, and...
66c342ed	07/02/2014 10:03 PM	Guy Harris	Regularize the first line of version output. For Wireshark, say "Wireshark", not "wireshark". For other programs, put "(Wireshark)" after the program name, as per `http://www.gnu.org/prep/standards/html_node/_002d_002dversion.html` ("If the program is a subsidiary part of a larger package, mention the...
0cf54e78	07/01/2014 06:11 AM	Guy Harris	Drop privileges even earlier. Do it at the same point at which Wireshark does so. Do some other things in the same order as well. Change-Id: I2925366d49d14271ceffa1a938b5e3450337c772 Reviewed-on: https://code.wireshark.org/review/2743 Reviewed-by: Guy Harris <guy@alum.mit.edu>
efafca71	06/30/2014 07:12 PM	Guy Harris	Drop privileges very early on. TShark relies on dumpcap to capture packets, and TFShark doesn't even do packet capturing (it dissects files, not network traffic), so neither of them need, or should run with, special privileges. If you must run with special privileges in order to capture, grant those privileges to...
b33512b7	06/30/2014 01:09 AM	Guy Harris	Move capture_session.h to capchild; what it declares is defined there. Change-Id: I8b1407839390b7ac0b45bf6f583c1a509073f002 Reviewed-on: https://code.wireshark.org/review/2709 Reviewed-by: Guy Harris <guy@alum.mit.edu>
df583372	06/29/2014 09:36 PM	Guy Harris	Move capture_ui_utils.[ch] to libui. Change-Id: Id0f3d4d60a1acc7aa64fd3737b8f16df5bca4e5a Reviewed-on: https://code.wireshark.org/review/2708 Reviewed-by: Guy Harris <guy@alum.mit.edu>
fe42762f	06/29/2014 07:03 PM	Guy Harris	Move some more stuff into wsutil. Move the routines to parse numerical command-line arguments there. Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just call routines specified by a call to cmdarg_err_init(), and have programs supply the appropriate routines to it....
9d4af5fc	06/26/2014 08:48 PM	Jeff Morriss	Check the validity of fields given to tshark with "-e": complain and exit if they aren't valid. Should help avoid confusion like that in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10201 Bug: 10201 Change-Id: Iff7f51ae042ca1a92d1c803b6cb61aa5d81ce205...
e0461ecd	06/25/2014 02:01 PM	Jeff Morriss	Indicate tshark can read (-r) from stdin and named pipes now. (Though it works only with certain formats.) As requested in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874#c4 Change-Id: I2ce0509d8750b21ae0167d12459074ba0f9506f8 Reviewed-on: https://code.wireshark.org/review/2646...
0fb9369a	06/24/2014 04:49 PM	Guy Harris	Support -w even if we're not built with pcap. You can, for example, do `tshark -r file1 -Y filter -w file2` to read a file, apply a read filter, and write the packets that match the filter to another file even if you can't capture traffic. Change-Id: Ifd5e1d5c0e745edef5e98ec4babc720bfbcee6d9...
5a3632ef	06/24/2014 04:05 PM	Guy Harris	Load WinPcap before we get the run-time information string. That way, we can include the WinPcap version in that string. Change-Id: I01fa0defce158e122d1c602fdfbc81916a9e80ef Reviewed-on: https://code.wireshark.org/review/2625 Reviewed-by: Guy Harris <guy@alum.mit.edu>
adf6b1a8	06/23/2014 08:28 PM	Guy Harris	For capchild headers, include <capchild/XXX.h>. Change-Id: I780c69ee637dcd9846756a2e2d6a35baf02d826d Reviewed-on: https://code.wireshark.org/review/2594 Reviewed-by: Guy Harris <guy@alum.mit.edu>
1d92195d	06/23/2014 05:56 PM	Guy Harris	Have individual programs get libpcap and libz version info. That way, the code that constructs the runtime version string doesn't itself have to call libpcap and libz, and could be usable in programs that don't call them. While we're at it, add "with" to the run-time version information for...
c46329c2	06/21/2014 09:06 PM	Guy Harris	Add a routine to return a version string including VCS information. Add a routine get_ws_vcs_version_info() that, for builds from a tree checked out from Wireshark's version control system, returns a string that includes both the Wireshark version number and an indication of...
a70dea19	06/21/2014 05:33 PM	Guy Harris	Move get_os_major_version() to wsutil and rename it to get_windows_major_version(). It's Windows-specific, so name it appropriately. Change-Id: Ic518cbfabebf95757f6b308a4d547a6cabed6a5e Reviewed-on: https://code.wireshark.org/review/2528 Reviewed-by: Guy Harris <guy@alum.mit.edu>
43443af0	06/21/2014 01:33 PM	Guy Harris	Move get_copyright_info() to wsutil. Change-Id: I75c1c747cd2b4a9845c659636582d54b2caecf1a Reviewed-on: https://code.wireshark.org/review/2510 Reviewed-by: Guy Harris <guy@alum.mit.edu>
b2622e11	06/20/2014 07:43 PM	Guy Harris	Move the "capture-comment" long option to LONGOPT_CAPTURE_COMMON. Change-Id: I55884d48911de307cde52accfebbda69f2989526 Reviewed-on: https://code.wireshark.org/review/2505 Reviewed-by: Guy Harris <guy@alum.mit.edu>
235d3a2a	06/20/2014 07:26 PM	Guy Harris	Fix build without pcap. The files that use LONGOPT_CAPTURE_COMMON and OPTSTRING_CAPTURE_COMMON include capture_opts.h unconditionally, so there's no need to define them if we don't have pcap. In addition, we want the capture options "available" even if we don't have pcap, so we can tell the user "you're...
b3885a93	06/20/2014 05:51 PM	Guy Harris	Fix builds without pcap. Change-Id: I6c67f9ea9d115a8396af0904ef9a73d2c528dcaa Reviewed-on: https://code.wireshark.org/review/2498 Reviewed-by: Guy Harris <guy@alum.mit.edu>
cc4710ac	06/20/2014 05:39 PM	Guy Harris	Also define LONGOPT_CAPTURE_COMMON as nothing if we don't have pcap. While we're at it, simplify the #ifdefs and #defines in capture_opts.h - don't do the same tests twice. Change-Id: I2079167f31789470ef77120054d769d5914745e3 Reviewed-on: https://code.wireshark.org/review/2496...
9a50b0f2	06/20/2014 05:14 PM	Guy Harris	Define OPTSTRING_CAPTURE_COMMON as nothing if we don't have pcap. No capturing, no capture options. Change-Id: I0023184b9c358d5876f19a098590f34d641c8649 Reviewed-on: https://code.wireshark.org/review/2493 Reviewed-by: Guy Harris <guy@alum.mit.edu>
26bbee3f	06/20/2014 05:00 PM	Guy Harris	Add some long options for capture short options. The names match tcpdump trunk's names for the corresponding options. Also have capture_opts.h provide a #define for the part of the short option string that corresponds to the capture short options that all our...
312ed109	06/20/2014 03:19 PM	Guy Harris	Add --help and --version long options. Also, make the convention for long-only options be that their case-statement values start at 128, so they avoid colliding with any ASCII code points, including control characters. Make the tables of long options "static const" while we're at it, and...
68a1b552	06/04/2014 03:31 PM	Bill Meier	tshark.c: 'tshark -F pcap -w ...' should create a pcap (not pcapng) file; fixes Bug #9991. Change-Id: I182357fc57d6e57033319afc762549d805c2c10c Reviewed-on: https://code.wireshark.org/review/1954 Reviewed-by: Bill Meier <wmeier@newsguy.com>
dc02627a	06/04/2014 03:30 PM	Bill Meier	tshark.c: Change "Live captures can only be saved in libpcap format" to "[...] in pcap or pcapng format" Change-Id: I18dd0d15e261ecbc1ec086b4870a994afc7665ee Reviewed-on: https://code.wireshark.org/review/1953 Reviewed-by: Bill Meier <wmeier@newsguy.com>
318cf8a6	05/24/2014 08:05 PM	Guy Harris	Add support for dissecting non-packet records. Add a dissector table indexed by the file type, and, for the file-type-specific records, have the frame dissector skip the usual pseudo-header processing, as the pseudo-header has a file-type-specific record subtype in it, and call the dissector for that file type's...
a344c973	05/23/2014 06:50 AM	Guy Harris	Revert "Allow wtap_read() and wtap_seek_read() to return non-packet records." This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4. A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress....
716fdc8e	05/23/2014 06:48 AM	Guy Harris	Revert "Fix some white space issues." This reverts commit 2456b22cd36b08fc2816d5a730918af3d7a9d480. Next step: revert my other change. Change-Id: I7a2302c527c8a85ce9f37d6e4f68c1e2d0adb741 Reviewed-on: https://code.wireshark.org/review/1740 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2456b22c	05/22/2014 11:05 PM	Guy Harris	Fix some white space issues. Change-Id: I3b4f57c2d1ceffeea1770494fe19a0eee8717a76 Reviewed-on: https://code.wireshark.org/review/1737 Reviewed-by: Guy Harris <guy@alum.mit.edu>
c0c480d0	05/22/2014 11:02 PM	Guy Harris	Allow wtap_read() and wtap_seek_read() to return non-packet records. This is the first step towards implementing the mechanisms requestd in bug 8590; currently, we don't return any records other than packet records from libwiretap, and just ignore non-packet records in the rest...
3aee9170	05/17/2014 08:41 AM	Peter Wu	wiretap: remove unused code, drop number_of_interfaces While investigating an ASAN issue (fixed in commit dcdd076ab0965c346efe90051678ba790eaf7a02), I got greatly confused by three different types having the same "interface_data" field name: pcapng_t *pn stores an array of interface_data_t objects....
a1b1c8be	05/09/2014 01:21 AM	Guy Harris	Revert "Refactor Wiretap" This reverts commit 1abeb277f5e6bd27fbaebfecc8184e37ba9d008a. This isn't building, and looks as if it requires significant work to fix. Change-Id: I622b1bb243e353e874883a302ab419532b7601f2 Reviewed-on: https://code.wireshark.org/review/1568...
1abeb277	05/08/2014 11:04 PM	Michael Mann	Refactor Wiretap Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality....
cb16dff9	04/12/2014 06:27 PM	Guy Harris	Get rid of more tvb_get_nstringz* calls. Add an FT_STRINGZPAD type, for null-padded strings (typically fixed-length fields, where the string can be up to the length of the field, and is null-padded if it's shorter than that), and use it. Use IS_FT_STRING() in more cases, so that less code needs to know what types...
e7b3eff7	04/01/2014 02:06 AM	Hadriel Kaplan	Fix tshark.c to pass checkAPIs script Since tshark.c was using strdup, perror, and g_main_quit, changes to the file won't pass checkAPIs; so this commit replaces those with the approved functions; except strdup, which was unecessary. Change-Id: I031aa44594f2b96960a45f48537ab4e9a10d34b1...
b63b5034	03/30/2014 01:36 PM	Hadriel Kaplan	Fix Bug 9938 'tshark "-Y -2 -w" saves non-dependent frames' When the '-Y' display filter option is given with a '-2', and a '-w' to write out the packets, tshark grabs all dependent frames in the catprue file, even those that weren't dependents of a matching packet. Note that this also uses the '-2'...
ca9c1609	03/27/2014 05:39 PM	Hadriel Kaplan	Fix bug9931 'Encapsulated ethernet packets sometimes show invalid FCS' This fixes part-1 of bug9931: the uninitialized use of a wtap_pkthdr struct. The second part of the bug deals with dissectors calling the Ethernet dissector for ecnapsulated Ethernet packets but using...
d1873dbc	03/21/2014 01:51 PM	Hadriel Kaplan	Fix Bug 9903: 'Clicking reload-file ignores selected file format reader' There's a relatively new feature in 1.11.3 to select a specific file format reader, instead of relying on magics or heuristics. If you select a file reader and open a file, open it, and then click the reload-file button or go...
041f844d	03/05/2014 01:38 PM	Hadriel Kaplan	Add command-line arg for input file format for tshark/wireshark Now that we have the ability to choose input file format type in the GUI, we might as well have it in the command-line too. Plus it would help me in test-stuies if we had a commandline. So I've added a '-X read_format:Foo' for this. Using just...
29659139	03/04/2014 09:27 AM	Alexis La Goutte	Remove all $Id$ from top of file (Using sed : sed -i '/^ \* \$Id\$/,+1 d') Fix manually some typo (in export_object_dicom.c and crc16-plain.c) Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8 Reviewed-on: https://code.wireshark.org/review/497 Reviewed-by: Anders Broman <a.broman58@gmail.com>
579e7e19	02/25/2014 12:43 PM	Michal Labedzki	Wireshark: Add option to choose format type of capture file The best heuristic can fail, so add possibility to manually choose capture file format type, so not correctly recognize file format can be loaded in Wireshark. On the other side now it is possible to open capture file...
c65fbffc	02/20/2014 08:51 PM	Guy Harris	Force "printing" if -T is specified, even if -w is also specified. Just as "tshark ... -P -w xxx" writes raw packets to xxx and writes text packet summaries to the standard output, and just as "tshark ... -V -w xxx" writes raw packets to xxx and writes text packet details to...
114d051a	02/11/2014 02:50 PM	Guy Harris	Fix crash when doing "tshark -2 -r file -w newfile". We were using cf->buf in some places and a local variable buf in others; consistenly use the local variable. Have a local variable for the struct wtap_pkthdr while we're at it; with some work we may be able to get rid of the struct wtap_pkthdr and the...
f9669809	02/07/2014 06:03 PM	Gerald Combs	Replace "svn" with "git" all over the place. Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate. Rename "svnversion.h" to "version.h" as Evan suggested. Update some URLs. In make-version.pl, make sure we don't set an improper upstream branch name. Use the number of commits + short hash from `git describe`...
f62450ff	02/03/2014 08:31 AM	Peter Hatina	allow tshark reading from pipes Change-Id: If20a14b949667911df44f09c6a705b7645d4c49e Reviewed-on: https://code.wireshark.org/review/85 Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Evan Huus <eapache@gmail.com>
90d7c5f5	01/21/2014 07:26 PM	Guy Harris	Don't write out packets that have a "captured length" bigger than we're willing to read or that's bigger than will fit in the file format; instead, report an error. For the "I can't write a packet of that type in that file type" error, report the file type in question....
97137766	01/13/2014 08:44 PM	Guy Harris	In a source file that defines external functions, the header file that declares the functions must be included, in order to make sure the declarations match the function signature. Make it so. Said header declares pipe_input_cb_t, so we don't have to do it...
1678d378	01/07/2014 07:29 PM	Evan Huus	Explicitly reject two-pass live capture, it doesn't work anyways. svn path=/trunk/; revision=54643
9d41c658	01/02/2014 03:47 PM	Guy Harris	No seek-read routines use the length argument, so eliminate it from wtap_seek_read(). svn path=/trunk/; revision=54570
4c19d29b	12/11/2013 11:52 AM	Chris Maynard	Improve tshark command-line error help. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9548 and adds addtional help, better formatting, sorting and some minimal documentation of the -u option to the tshark man page. svn path=/trunk/; revision=53938
125a17f8	12/05/2013 04:30 AM	Guy Harris	Initialize the error-reporting routines before scanning for plugins, as the code to scan for them uses those routines. This means epan_init() no longer takes those routines as arguments - which is just as well, given that the mechanism in question is no longer...
f98625c0	12/03/2013 02:45 PM	Chris Maynard	Don't forget to test even the simplest fixes. svn path=/trunk/; revision=53763
c28c8ed2	12/03/2013 02:40 PM	Chris Maynard	Wrap usage text at column 80. svn path=/trunk/; revision=53761
c3de2cb2	12/02/2013 04:10 AM	Guy Harris	Don't assume we have Lua just because we have plugin support. svn path=/trunk/; revision=53714
0cc1545d	12/02/2013 03:30 AM	Guy Harris	Move most of the plugin code from epan to wsutil and remove all knowledge of particular types of plugins. Instead, let particular types of plugins register with the common plugin code, giving a name and a routine to recognize that type of plugin. In particular applications, only process the relevant plugin types....
b5e69855	11/25/2013 10:13 PM	Guy Harris	Report the interface when an open or an attempt to set the link-layer header type fails, as we might be capturing on more than one interface. Report the failing interface name in single quotes in some places where we weren't doing so, for stylistic consistency....
db25270d	11/16/2013 09:55 PM	Guy Harris	Move the epan/filesystem.c routines to wsutil; they're not specific to packet dissection, they're specific to the entire Wireshark suite of programs. svn path=/trunk/; revision=53377
ae59b094	11/10/2013 10:59 AM	Jakub Zawadzki	Add missing includes in order to remove exceptions.h from proto.h (next commit). svn path=/trunk/; revision=53230
853da2eb	11/08/2013 04:53 AM	Guy Harris	The "file types" we have are actually combinations of types and subtypes, e.g. Network Monitor version 1 and Network Monitor version 2 are separate "file types", even though they both come from Network Monitor. Rename various functions, #defines, and variables appropriately....
2a088c1d	11/06/2013 03:39 PM	Guy Harris	Add support for displaying dates as year and day-of-year (1-origin). In the process, fix various man page descriptions of the -t flag, and add support for UTC absolute times in the iousers and iostat TShark taps. svn path=/trunk/; revision=53114
62b66aca	10/25/2013 08:51 AM	Chris Maynard	Display the frame number on the packet summary line if it's one of the configured columns. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317 #BACKPORT svn path=/trunk/; revision=52838
fe937ac3	10/20/2013 08:35 AM	Jakub Zawadzki	tshark: use epan_dissect_reset() svn path=/trunk/; revision=52709
63e45392	10/15/2013 02:27 PM	Chris Maynard	From Ed Beroset via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9272 Add tshark -G column-formats report and document the missing ftypes, heuristic-decodes and plugins reports. From me: Sort the reports. Add modelines to epan/column.c. Minor whitespace changes....
6bb579ea	10/15/2013 02:20 PM	Jakub Zawadzki	Micro-optimize print_columns(): replace g_snprintf() & g_strlcat() with memcpy(). svn path=/trunk/; revision=52625
bcf51e81	10/10/2013 10:53 AM	Jeff Morriss	Fix the core dump reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9258 : After calling wtap_close(), set the wth to NULL so we don't try to close it again later. (The core only happens when tshark isn't keeping up with dumpcap's file rotation.)...
ba3e8e07	10/09/2013 03:43 PM	Michael Mann	Make column "filter name" prefixed with _ws. to be the same as other "*shark application filters" created in r52462. svn path=/trunk/; revision=52474
8eb0bfdc	09/04/2013 08:01 AM	Evan Huus	Fix one small memory leak. svn path=/trunk/; revision=51747
5c851858	08/27/2013 08:56 PM	Evan Huus	Fully deprecate read filter (-R) without two-pass (-2). It does exactly the same thing as the display filter (-Y) in that case except with more confusing semantics. This also lets us fix -c in the single-pass case to unconditionally count packets. This isn't the old behaviour (which counted them only if they passed...
71f7093c	08/23/2013 01:25 AM	Anders Broman	Output a warning about kernel BPF JIT compiler beeing activated. svn path=/trunk/; revision=51488
7e59f1fc	08/21/2013 10:29 PM	Evan Huus	Move a brace outside an #ifdef, it was confusing vim's folding. svn path=/trunk/; revision=51461
21615504	08/21/2013 10:19 PM	Evan Huus	Don't look at packet or byte limits during the second pass of two-pass analysis. The limits are enforced during the first pass, and frames that get dropped from the first pass for this reason aren't available to the second pass at all, so checking again is redundant....
da7c9208	08/13/2013 09:21 PM	Guy Harris	I guess Solaris's getopt_long() "struct option" declaration doesn't have enough cowbell^wconst; throw in a comment to squelch warnings. svn path=/trunk/; revision=51351
d8f00e22	08/13/2013 06:41 PM	Evan Huus	As suggested in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9033 Make epan_free a no-op if the pointer is NULL. This fixes 99% of the cases causing problems for wmem_leave_file_scope() - remove that XXX comment and add back the assertion. Remove the cleanup_dissection call from epan_cleanup, it doesn't make sense...
5c0baee2	08/08/2013 08:24 PM	Guy Harris	Don't print the packet counter when capturing if we're also printing packet information to a terminal (which we assume is the same terminal as the one to which the packet counts are being printed), as they get in the way of each other. Don't print it if we're sending the standard error to a terminal, or if...
d0174439	08/02/2013 03:07 AM	Guy Harris	Now that we're using getopt_long(), and have some options available only as long options, and thus identified with numbers rather than option letters as the return value of getopt_long(), we now have to include capture_opts.h even if we're not building with libpcap, to provide...
6ae33726	08/01/2013 06:21 PM	Martin Kaiser	fix buildbot error on OSX-10.6-x64 include capture_opts.h svn path=/trunk/; revision=51099
24c88b80	08/01/2013 05:09 PM	Martin Kaiser	pass --capture-comment from tshark to dumpcap handle error cases in tshark svn path=/trunk/; revision=51094
5863aaa5	08/01/2013 05:04 PM	Martin Kaiser	add --capture-comment to tshark's print_usage() function make it clear that a capture comment can only be added when we create a new file svn path=/trunk/; revision=51091
08eb36b5	08/01/2013 04:59 PM	Jakub Zawadzki	Remove fdata->opt_comment, add pkt_comment to pinfo Original (read from file) comments can be accessed by pkthdr->opt_comment Keep user comments in seperated BST, add new method for epan session to get it. svn path=/trunk/; revision=51090
6c5e1618	08/01/2013 04:57 PM	Martin Kaiser	add --capture-comment to tshark make sure that getopt() does not permute tshark's argv[] array svn path=/trunk/; revision=51089
7cdd97b0	08/01/2013 04:45 PM	Martin Kaiser	use getopt_long() in tshark svn path=/trunk/; revision=51087
0cbe8560	08/01/2013 04:44 PM	Martin Kaiser	simplify argument checking for tshark if a capture file is read, do all corresponding checks in one place svn path=/trunk/; revision=51086
9e77cc4b	07/23/2013 07:48 PM	Guy Harris	Make some functions not used outside tshark.c static. svn path=/trunk/; revision=50858
7ec1a78f	07/22/2013 03:38 PM	Jakub Zawadzki	Abuse epan_t more: add callback to get interface name. svn path=/trunk/; revision=50794
c702e921	07/21/2013 07:07 PM	Jakub Zawadzki	Replace relative timestamp with reference frame number. Saves 16B per frame. svn path=/trunk/; revision=50772