Re: [Wireshark-dev] [Wireshark-commits] rev 39328: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-2dparityfec.c packet-acn.c packet-ancp.c packet-ansi_a.c packet-aodv.c packet-aruba-papi.c pa
On 10/10/2011 8:03 PM, Guy Harris wrote: [...] and went with having a single encoding variable for strings and using that in all the proto_tree_add_item() calls). FWIW: there are currently only 12 dissectors which do this. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Replace TRUE/FALSE with proper ENC_* in proto_tree_add_item() using a script.
On Oct 10, 2011, at 11:41 AM, Bill Meier wrote: > --> packet-gmhdr.c Presumably ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN, as: 1) presumably they knew what they were doing, and their dissector works, and ENC_TIME_TIMESPEC is 0, as is ENC_BIG_ENDIAN, so FALSE = ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN and 2) their other fields are, apparently, big-endian. It would be Really Swell if the fine folks at Gigamon were to document their header's format online, and not require a customer login to get at the document, so we could put a URL for it into the dissector - or, if they've already done that, make it clearer where it is - especially given they were so happy to have an open source program support it: http://www.gigamon.com/wireshark-update-for-gigasmart > -->packet-netflow.c Probably ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN, as the other ntop fields appear to be big-endian, and Luca is, I think, a UN*X type, and for reason 1) in the previous item. I'm not sure where, if anywhere, they document them. > -->packet-reload.c All the RELOAD stuff is in I-Ds, so one would expect network byte order, and, in fact, draft-ietf-p2psip-base-18 says "All integers are represented in network byte order.", and draft-ietf-p2psip-diagnostics-06 says the times are in NTP format, so it'd be ENC_TIME_NTP|ENC_BIG_ENDIAN. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 39310: /trunk/ /trunk/: macosx-setup.sh
On Oct 11, 2011, at 10:46 AM, Stephen Fisher wrote: > Should this comment above the second GEOIP_VERSION be removed too? > > # > # XXX - they appear to have an unversioned gzipped tarball for the > # current version; should we just download that, with some other > # way of specifying whether to download the GeoIP API? > # No. If, as, and when we decide how to answer the question, we should update the comment to reflect that (either say why we're not just downloading the current version, or note that we're downloading the latest version rather than a specified version). ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 39305: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-sdp.c
On Tue, Oct 11, 2011 at 6:30 PM, Stephen Fisher wrote: > On Mon, Oct 10, 2011 at 11:13:41AM +0100, Martin Mathieson wrote: > > > packet-sdp.c:1302 'data_tvb' might get clobbered by 'longjmp' or > > 'vfork' > > > > Making 'data_tvb' volatile doesn't work as I then get warnings about > > discarding the volatile qualifier by passing data_tvb to the various > > sub-dissectors. I've never been sure of the best way to resolve this, > > other than changing my compiler, which isn't an easy option right now. > > Using volatile has always worked for me, but only if I put it in the > right place, such as "gchar *volatile string;" instead of "volatile > gchar *string;" > > Thanks Steve, was probably thinking of volatile as magic rather than as just another qualifier. Fixed now, Martin > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 39310: /trunk/ /trunk/: macosx-setup.sh
Should this comment above the second GEOIP_VERSION be removed too? # # XXX - they appear to have an unversioned gzipped tarball for the # current version; should we just download that, with some other # way of specifying whether to download the GeoIP API? # On Sat, Oct 08, 2011 at 03:17:57PM +, jma...@wireshark.org wrote: > http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=39310 > > User: jmayer > Date: 2011/10/08 08:17 AM > > Log: > Remove a duplicate entry > > Directory: /trunk/ > ChangesPath Action > +1 -2 macosx-setup.shModified > > ___ > Sent via:Wireshark-commits mailing list > Archives:http://www.wireshark.org/lists/wireshark-commits > Unsubscribe: https://wireshark.org/mailman/options/wireshark-commits > > mailto:wireshark-commits-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 39305: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-sdp.c
On Mon, Oct 10, 2011 at 11:13:41AM +0100, Martin Mathieson wrote: > packet-sdp.c:1302 'data_tvb' might get clobbered by 'longjmp' or > 'vfork' > > Making 'data_tvb' volatile doesn't work as I then get warnings about > discarding the volatile qualifier by passing data_tvb to the various > sub-dissectors. I've never been sure of the best way to resolve this, > other than changing my compiler, which isn't an easy option right now. Using volatile has always worked for me, but only if I put it in the right place, such as "gchar *volatile string;" instead of "volatile gchar *string;" ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] include "tvbuff.h" failed
On Tue, Oct 11, 2011 at 02:02:48PM +0200, Marcel Haas wrote: > > i want to include the tvbuff.h to my code so i can make own tvbs > > with tvbuff_t* my code lies at wireshark/epan so as tvbuff.h. > > except.h:97: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ > > before ‘void’ > Problem solved ! I'm not sure how you solved this, but for the mailing list archives: these errors usually happen because necessary include files were not included before this one. Wireshark header files don't typically include every header file they require, relying on (in this case) the dissector writer to include them first. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] include "tvbuff.h" failed
On Tue, 11 Oct 2011 10:32:33 +0200, Marcel Haas wrote: Hey, i want to include the tvbuff.h to my code so i can make own tvbs with tvbuff_t* my code lies at wireshark/epan so as tvbuff.h. My code : #include "tvbuff.h" ... when i am running make i get that failure In file included from exceptions.h:29, from tvbuff.h:41, from list_mh.c:4: except.h:97: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:98: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:99: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:100: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ What doing iam wrong ?? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Problem solved ! ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] NULL encrypted ESP(IPsec) payloads
Hi, I'm looking at en NULL encrypted ESP payload, trying to display it in Wireshark, in order to do so The preferences "Attempt to detect/decode NULL encrypted ESP payloads" must be "ticked" ( No supprise) "Attempt to detect/decode encrypted ESP payloads" must be "un-ticked" is that realy corrrect? Or should this patch be applied? C:\wireshark\trunk>svn diff Index: epan/dissectors/packet-ipsec.c === --- epan/dissectors/packet-ipsec.c (revision 889) +++ epan/dissectors/packet-ipsec.c (working copy) @@ -1099,8 +1099,7 @@ #ifdef HAVE_LIBGCRYPT /* The SAD is not activated */ - if(g_esp_enable_null_encryption_decode_heuristic && -!g_esp_enable_encryption_decode) + if(g_esp_enable_null_encryption_decode_heuristic) null_encryption_decode_heuristic = TRUE; if(g_esp_enable_encryption_decode || g_esp_enable_authentication_check) ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] include "tvbuff.h" failed
Hey, i want to include the tvbuff.h to my code so i can make own tvbs with tvbuff_t* my code lies at wireshark/epan so as tvbuff.h. My code : #include "tvbuff.h" ... when i am running make i get that failure In file included from exceptions.h:29, from tvbuff.h:41, from list_mh.c:4: except.h:97: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:98: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:99: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:100: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ What doing iam wrong ?? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] query on adding new field in trace record...
On Oct 11, 2011, at 12:13 AM, Krishna Khanal wrote: > Yes, its "trace record" in .cap file format. There is no such thing as ".cap file format"; there are at least two different capture file types for which the extension ".cap" is used - the NetXRay/Windows Sniffer format and the Microsoft Network Monitor format. There are probably more, as the authors of network analyzers have not been as creative as they perhaps should have been when choosing extensions, so they just chose ".cap" for "capture". To which of those formats are you referring? ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] query on adding new field in trace record...
Thanks for quick reply. Yes, its "trace record" in .cap file format. Already there are 6 header fields in this record and i m adding 7th one. Just to make it generic, lets say i want to add one new field in tcp header to dump "ssthresh" in trace record and dissecting/displaying it using wireshark. On Tuesday, October 11, 2011, Guy Harris wrote: > > On Oct 10, 2011, at 7:55 AM, Krishna Khanal wrote: > >> When i add a new field in trace record header, > > To what "trace record header" are you referring? Are these "trace records" in some protocol? If so, what protocol is it? Or are they "trace records" in some capture file format? If so, what file format is it? > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > -- Regards, Krishna Khanal Citrix R&D India Pvt. Ltd., Bangalore Mob.: 9738147827 ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
