Re: [Wireshark-dev] Do we require lua version 5.1 for the lua plugin?
For practical reasons I removed lua 5.0.x support when I migrated wslua into epan. I thought I had modified the autogen stuff to reflect this. I think we should look for lua_getfield() to verify if we are using the right version. Luis On Tue, Apr 29, 2008 at 7:45 AM, Joerg Mayer [EMAIL PROTECTED] wrote: Hello, Bug http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2510 seems to indicate that we require lua version 5.1 to build but the configure check seems to just check which version of lua is available. What is the intended behaviour: Requiring 5.1 or changing the code to work with lua 5.0 as well? ciao Joerg -- Joerg Mayer [EMAIL PROTECTED] We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] g_ascii_strcasecmp.c and friends
Hi, I started to remove code for g_ascii_strcasecmp and friends what remains is to remove stuff for it from configure files (which I not sure how to do) and Delete the files g_ascii_strcasecmp.c and friends. Regards Anders ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] RTP Player annoyance
Gentle developers, I believe the new RTP Player placement has been discussed in the mailing list in the past. I'm not sure anyone has noticed, but the ability to type in the selection list on the left hand side is quite a nice feature. However, I can no longer type 'r' t' 'p' and go right to the RTP protocol preference settings. I always go to the RTP Player section. If it plays a role in your design decisions as to what future placement the RTP Player preferences will have, I would like to say that it is a bit of an annoyance having it 'in the way'. A thousand thank yous for your efforts, rkm ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] New Wireshark welcome page!
What is special about March 1st and June 14th? The welcome page will display a different welcome message from the message The World's Most Popular Network Protocol Analyzer on these two dates. Just curious. This got me very curious as well... so I did a bit of digging around and I finally found this... _July_ (Guy Harris' hint) 14th back in 1998 was probably the day Gerald announced Ethereal. I can't find any direct evidence of this, but the USPTO (www.uspto.gov) website suggests that was the date the trademark was first used publicly. The alternate statement is (was) of course the motto of Ethereal. April 1st is a bit more difficult. I can't find any major incident related to Wireshark/Ethereal linked to that day. So, my guesses: - Perhaps it was an important date in Gerald's switch to the new co.? - or, it is just meant to be a April fool's day joke? Not really sure. I hope no one 'destroy[s my] very existence' after this ;-) Abhik. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Requiring GTK+ 2.4 or later
Guy Harris wrote: At least at one point, I seem to remember reading that the GtkTreeView was changed in GTK+ 2.4 to deal with a performance issue. A little searching indicated that this was the addition of a fixed height option, so it didn't have to calculate the height of every single row: http://lists.wxwidgets.org/pipermail/wx-dev/2006-October/078556.html which would probably be OK for the packet list if we were to switch to using a GtkTreeView, which would let us change the columns without destroying the packet list and reconstructing it, and would also let us avoid allocating strings for the content of all rows and columns by having a tree model that dissects packets on the fly (that requires support for fast random access to packets even in compressed files, but that's probably doable). *That* is certainly a good reason to go to GTK 2.4+ . :-) ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Communication between Dissectors
Hi Barry, can /* Get reported length of buffer */ extern guint tvb_reported_length(tvbuff_t*); from tvbuff.h give you the information you need? HTH, Martin On 4/28/08, Barry Constantine [EMAIL PROTECTED] wrote: Hello All, I am not a developer per se, but wrote simple dissector following the excellent how to guide by Ken Thompson. My protocol does not have a length field and rides on top of IP. It is a simplistic throughput protocol for test measurement purposes and we calculate payload length based off of the IP layer Length field. Can you point me to any resources how to interact with other dissectors? In other words, my dissector needs to retrieve fields from the IP dissector. Since I do not have a software background, I am looking for simple examples. Thanks, Barry ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] SMTP : Copying Data into a file
Hi Julien, I have to copy all the data transferred into a mail (SMTP) into a file. I don't think I have to implement a new dissector because SMTP one already exist, no? Right. So I think I have to complete the existing one and add a method to create a file and copy the data in. Am I in the right way to do that job? The basic idea is for sure correct. I think you must at least add the TCP reassembly stuffs to be able to guarantee that you're playing with the entire mail and the export object GUI Feature to save to a file (the mail or its attachments). You can take a look at epan/dissectors/packet-http.c to see how to do this. So where is defined smtp dissector? epan/dissectors/packet-smtp.c Regards, Sebastien ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] How to capture all IP fragments?
In Wireshark, if I want to capture UDP traffic on a specific port (say port 5 for purposes of this discussion), I can easily set a capture filter as udp port 5, and I get all the traffic I'm interested in, including all IP fragments. However, I have written my own pcap-based capturing tool, and if I use the same capture filter, I don't get all the IP fragments (just the 1st one). I have to use udp port 5 or (ip[6:2] 0x2000 = 0x2000 or ip[6:2] 0x1fff !=0x) in order to get all the fragments, but with that filter, I would also get fragments for all other ports, which is not what I want. I tried those exact same filters with tcpdump, and I got the exact same results. So, how does Wireshark handle this? I guess there is some magic filter behind the scenes similar to what I have shown above for capturing IP fragments that takes care of the IP fragment capturing as well? I'm not really familiar with how the capture filters work on Wireshark. Sorry if this post is better suited to the tcpdump (or possibly even the winpcap) mailing list(s), but Wireshark seems to have solved this quirk quite well, so I thought I would try here first. - Chris BTW: I'm using libpcap 0.9.8 with my own capture tool, but both Wireshark and tcpdump are using libpcap 0.8.3. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] RTP Player annoyance
Hi, The preference has already been moved into the statistics page, so it shouldn't conflict anymore. Thanx, Jaap Peter Fuller wrote: Gentle developers, I believe the new RTP Player placement has been discussed in the mailing list in the past. I'm not sure anyone has noticed, but the ability to type in the selection list on the left hand side is quite a nice feature. However, I can no longer type 'r' t' 'p' and go right to the RTP protocol preference settings. I always go to the RTP Player section. If it plays a role in your design decisions as to what future placement the RTP Player preferences will have, I would like to say that it is a bit of an annoyance having it 'in the way'. A thousand thank yous for your efforts, rkm ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Should we also require GLib 2.4 or later?
GTK+ 2.4 requires GLib 2.4, so if we're building with GTK+, that requires GLib 2.4 or later. One could, I guess, build everything *but* Wireshark with an earlier version of GLib, but requiring 2.2 or later means that, for example, we wouldn't have to check for g_ascii_strtoull(), as that first appeared in 2.2, and requiring 2.4 or later means that we wouldn't have to check for G_GINT64_MODIFIER, as that first appeared in 2.4. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] RTP Player annoyance
Hello Peter, This might be related to a known issue: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2325 Hope this helps! Abhik. On Mon, Apr 28, 2008 at 12:54 AM, Peter Fuller [EMAIL PROTECTED] wrote: Gentle developers, I believe the new RTP Player placement has been discussed in the mailing list in the past. I'm not sure anyone has noticed, but the ability to type in the selection list on the left hand side is quite a nice feature. However, I can no longer type 'r' t' 'p' and go right to the RTP protocol preference settings. I always go to the RTP Player section. If it plays a role in your design decisions as to what future placement the RTP Player preferences will have, I would like to say that it is a bit of an annoyance having it 'in the way'. A thousand thank yous for your efforts, rkm ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] g_ascii_strcasecmp.c and friends
Anders Broman wrote: I started to remove code for g_ascii_strcasecmp and friends what remains is to remove stuff for it from configure files (which I not sure how to do) and Delete the files g_ascii_strcasecmp.c and friends. I've checked in a change to do that (and to remove an un-removed include of g_ascii_strcasecmp.h from epan/dtd_parse.l). ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] How to capture all IP fragments?
On Apr 29, 2008, at 9:48 AM, Maynard, Chris wrote: In Wireshark, if I want to capture UDP traffic on a specific port (say port 5 for purposes of this discussion), I can easily set a capture filter as udp port 5, and I get all the traffic I'm interested in, including all IP fragments. Only if you don't have any fragmented IP datagrams. If you get any fragments other than the first fragment with that capture filter, that would be a miracle. So, how does Wireshark handle this? I guess there is some magic filter behind the scenes similar to what I have shown above for capturing IP fragments that takes care of the IP fragment capturing as well? Nope. It handles it by not handling it; as indicated, perhaps some miracle happened, but Wireshark just passes the capture filter on to pcap_compile(). ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/Windows-XP-x86/builds/4297 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: windows-xp-x86 Build Reason: Build Source Stamp: HEAD Blamelist: guy,sfisher BUILD FAILED: failed failed slave lost sincerely, -The Buildbot ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Should we also require GLib 2.4 or later?
On Tue, Apr 29, 2008 at 10:52:16AM -0700, Guy Harris wrote: GTK+ 2.4 requires GLib 2.4, so if we're building with GTK+, that requires GLib 2.4 or later. One could, I guess, build everything *but* Wireshark with an earlier version of GLib, but requiring 2.2 or later means that, for example, we wouldn't have to check for g_ascii_strtoull(), as that first appeared in 2.2, and requiring 2.4 or later means that we wouldn't have to check for G_GINT64_MODIFIER, as that first appeared in 2.4. Requiring GLib 2.4+ makes sense. The fewer workarounds we have to do for things missing in early GLib versions, the better. Steve ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev