[Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Semjon 
Hello,

I maintain a dissector for a proprietary protocol of my employer and now
and then I grab me some current wireshark-sources and check if my
dissector code is still compatible which - in recent times-
unfortunately often it is not due to changes in the wireshark lib / API.

So everytime my code fails to compile/link I have to check which
functions were removed and which new functions do I have to use now.
One of my current problems is with

tvb_get_faked_unicode(...)

which isn't available anymore.
In my Protocol I have some Ascii-encoded String but which comes as two
bytes per character. Example:
{0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
GUI/Tree/PacketList as "1234"
I used to call:

tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)

and display result as %s in col_append_fstr() or as FT_STRING in
proto_tree_add_string().

So could anyone give me a hint, is there a function still available for
this type of encoding or do I have to write something.

In general is there a fast/convenient way - other than manually looking
through the sources after functions that might do what i want - to check
if this function X is now replaced by function Y.

Other examples I need to replace are:
abs_time_to_ep_str()
nstime_delta()

Maybe there's some changelog containing this info?

Thanks in advance.

SemGo
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Guy Harris 

On Nov 21, 2014, at 12:48 AM, Semjon  wrote:

> One of my current problems is with
> 
> tvb_get_faked_unicode(...)
> 
> which isn't available anymore.
> In my Protocol I have some Ascii-encoded String but which comes as two
> bytes per character. Example:
> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
> GUI/Tree/PacketList as "1234"

If that's truly ASCII-encoded, that would be a significant waste of bytes - you 
could just use one byte per character for ASCII; if the second byte is always 
zero, that byte serves no useful purpose.

So I'll assume it's a *superset* of ASCII, and that you mean either "UTF-16 
encoded string" or "UCS-2 encoded string" rather than "ASCII-encoded string 
which comes as two bytes per character".

So:

> I used to call:
> 
> tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
> 
> and display result as %s in col_append_fstr() or as FT_STRING in
> proto_tree_add_string().
> 
> So could anyone give me a hint, is there a function still available for
> this type of encoding

tvb_get_string_enc(tvb, {offset}, {length of string}, 
ENC_UTF_16|ENC_BIG_ENDIAN)

or

tvb_get_string_enc(tvb, {offset}, {length of string}, 
ENC_UCS_2|ENC_BIG_ENDIAN)

depending on whether it's UTF-16 (with surrogate pairs to handle Unicode 
characters that don't fit in 16 bits) or UCS-2 (supporting only characters in 
the Unicode Basic Multilingual Plane, without surrogate pairs).

Note that tvb_get_string_enc() returns a UTF-8-encoded string; octet sequences 
that can't be mapped to UTF-8 strings will be replaced by the Unicode 
"replacement character".

> In general is there a fast/convenient way - other than manually looking
> through the sources after functions that might do what i want - to check
> if this function X is now replaced by function Y.

No.  You could check doc/README.developer, etc. to see if anything is mentioned.

> Other examples I need to replace are:
> abs_time_to_ep_str()

abs_time_to_str({wmem scope}, ...)

The old "ephemeral" and "session" memory mechanisms are deprecated in favor of 
the new wmem mechanisms.  The scope that's equivalent to "ephemeral" scope is, 
I think, packet scope (right, Evan?), so you'd want

abs_time_to_str(wmem_packet_scope(), ...)

> nstime_delta()

Its replacement is called nstime_delta() and has the exact same arguments. :-)

However, you need to include  to get it declared.

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 1.99 Qt - Display Filter Auto complete feature gone forever?

2014-11-21 Thread Semjon 
Hello,

I just tried the new 1.99 version with Qt which I find over all has a
nicer, more modern look&feel than the gtk version.
But one thing I realised is not so good I think.
In Gtk versions in the display filter field I could start to write my
filter and with every separation via the "." after a known
protocol/field it would suggest me all possible fields to use as a
filter (e.g. if I type "ip." it would open all possible options in the
dropdown menu for the ip-protocol addr, dst, len etc...).
This was very comfortable specially if You don't know exactly how to
write if you want to for example filter the TCP destination port. Now in
the QT version it seems that this dropdown select has the function to
show the last entered filter values which (at least for me) is quite
useless.

Is this going to stay like this or is this functionality just not ported
from the gtk version yet?

Thanks & Regards

SemGo
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Anders Broman 


-Original Message-
From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Semjon
Sent: den 21 november 2014 09:48
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] removed functions fast way to find substitutes?

>Hello,
>
>I maintain a dissector for a proprietary protocol of my employer and now and 
>then I grab me some current wireshark-sources and check if my dissector code 
>is still compatible which - in recent times- unfortunately often it is >not 
>due to changes in the wireshark lib / API.
>
>So everytime my code fails to compile/link I have to check which functions 
>were removed and which new functions do I have to use now.
>One of my current problems is with
>
>tvb_get_faked_unicode(...)

Google says https://www.wireshark.org/lists/wireshark-bugs/201401/msg00446.html 
:-)

>which isn't available anymore.
>In my Protocol I have some Ascii-encoded String but which comes as two bytes 
>per character. Example:
>{0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in 
>GUI/Tree/PacketList as "1234"
>I used to call:
>
>tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>
>and display result as %s in col_append_fstr() or as FT_STRING in 
>proto_tree_add_string().
>
>So could anyone give me a hint, is there a function still available for this 
>type of encoding or do I have to write something.
>
>In general is there a fast/convenient way - other than manually looking 
>through the sources after functions that might do what i want - to check if 
>this function X is now replaced by function Y.
>
>Other examples I need to replace are:
>abs_time_to_ep_str()

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=237669a35deacbead9346234019c2e50544c8534

>nstime_delta()

Wsutil/nstime.h as this symbol perhaps you need to change your include ?

>
>Maybe there's some changelog containing this info?
>
>Thanks in advance.
>
>SemGo

Regards
Anders
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Graham Bloice 
On 21 November 2014 08:48, Semjon  wrote:

> Hello,
>
> I maintain a dissector for a proprietary protocol of my employer and now
> and then I grab me some current wireshark-sources and check if my
> dissector code is still compatible which - in recent times-
> unfortunately often it is not due to changes in the wireshark lib / API.
>
> So everytime my code fails to compile/link I have to check which
> functions were removed and which new functions do I have to use now.
> One of my current problems is with
>
> tvb_get_faked_unicode(...)
>
> which isn't available anymore.
> In my Protocol I have some Ascii-encoded String but which comes as two
> bytes per character. Example:
> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
> GUI/Tree/PacketList as "1234"
> I used to call:
>
> tvb_get_faked_unicode(NULL,tvb, 20,
> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>
> and display result as %s in col_append_fstr() or as FT_STRING in
> proto_tree_add_string().
>
> So could anyone give me a hint, is there a function still available for
> this type of encoding or do I have to write something.
>
> In general is there a fast/convenient way - other than manually looking
> through the sources after functions that might do what i want - to check
> if this function X is now replaced by function Y.
>
>
No changelog as such, but there is the git log that details all committed
changes, and the Wireshark Gerrit that has all changes often with some
discussion about them.

You can also use git blame at the place where the old function was to find
the change that removed it.

Finally, it sounds as though you're tracking trunk which is truly living on
the bleeding edge.  You may be better off tracking the stable branch,
currently 1.12.x, as there's much less change in the API there, although
when that branch is replaced by the new release you'll get all the API
changes, but they should mostly be in one big hit.

-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireshark 1.99 Qt - Display Filter Auto complete feature gone forever?

2014-11-21 Thread Alexis La Goutte 
On Fri, Nov 21, 2014 at 10:08 AM, Semjon  wrote:
> Hello,
>
> I just tried the new 1.99 version with Qt which I find over all has a
> nicer, more modern look&feel than the gtk version.
> But one thing I realised is not so good I think.
> In Gtk versions in the display filter field I could start to write my
> filter and with every separation via the "." after a known
> protocol/field it would suggest me all possible fields to use as a
> filter (e.g. if I type "ip." it would open all possible options in the
> dropdown menu for the ip-protocol addr, dst, len etc...).
> This was very comfortable specially if You don't know exactly how to
> write if you want to for example filter the TCP destination port. Now in
> the QT version it seems that this dropdown select has the function to
> show the last entered filter values which (at least for me) is quite
> useless.
>
> Is this going to stay like this or is this functionality just not ported
> from the gtk version yet?
Hi SemGo,

I think, it is just not ported feature... ;-)

Regards,

>
> Thanks & Regards
>
> SemGo
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Alexis La Goutte 
On Fri, Nov 21, 2014 at 10:16 AM, Graham Bloice
 wrote:
> On 21 November 2014 08:48, Semjon  wrote:
>>
>> Hello,
>>
>> I maintain a dissector for a proprietary protocol of my employer and now
>> and then I grab me some current wireshark-sources and check if my
>> dissector code is still compatible which - in recent times-
>> unfortunately often it is not due to changes in the wireshark lib / API.
>>
>> So everytime my code fails to compile/link I have to check which
>> functions were removed and which new functions do I have to use now.
>> One of my current problems is with
>>
>> tvb_get_faked_unicode(...)
>>
>> which isn't available anymore.
>> In my Protocol I have some Ascii-encoded String but which comes as two
>> bytes per character. Example:
>> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
>> GUI/Tree/PacketList as "1234"
>> I used to call:
>>
>> tvb_get_faked_unicode(NULL,tvb, 20,
>> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>>
>> and display result as %s in col_append_fstr() or as FT_STRING in
>> proto_tree_add_string().
>>
>> So could anyone give me a hint, is there a function still available for
>> this type of encoding or do I have to write something.
>>
>> In general is there a fast/convenient way - other than manually looking
>> through the sources after functions that might do what i want - to check
>> if this function X is now replaced by function Y.
>>
>
> No changelog as such, but there is the git log that details all committed
> changes, and the Wireshark Gerrit that has all changes often with some
> discussion about them.

It is no true ;-)
there is 
https://www.wireshark.org/docs/relnotes/wireshark-1.12.0.html#_major_api_changes
But yes, there is no the list of full change API... (May be need to
use check-abi or Debian symbol output for update this list before
major release...)




>
> You can also use git blame at the place where the old function was to find
> the change that removed it.
>
> Finally, it sounds as though you're tracking trunk which is truly living on
> the bleeding edge.  You may be better off tracking the stable branch,
> currently 1.12.x, as there's much less change in the API there, although
> when that branch is replaced by the new release you'll get all the API
> changes, but they should mostly be in one big hit.
>
> --
> Graham Bloice
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Can't get nsecs info form lua srcript ?

2014-11-21 Thread 徐鸿 
Thanks for the reply !
I got accurate result from string.format("%f",b)),   and got that precision
of floating point number.   Many thanks !

2014-11-21 6:55 GMT+08:00 Guy Harris :

>
> On Nov 20, 2014, at 2:43 PM, John Sullivan 
> wrote:
>
> > The second part of the answer involves the meaning of a nanosecond
> > precision packet timestamp.
>
> Especially given that there isn't necessarily a guarantee that the time
> stamps reflect the exact arrival time of the first bit - or the last bit -
> of the packet at the receiver's network adapter, or that it reflects
> *anything* other than the time when the hardware, software, or firmware
> that timestamps the packet first sees the packet (which could be at some
> point in the host networking stack).
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Semjon 



Am 21.11.2014 um 10:06 schrieb Guy Harris:
> 
> On Nov 21, 2014, at 12:48 AM, Semjon  
> wrote:
> 
>> One of my current problems is with
>>
>> tvb_get_faked_unicode(...)
>>
>> which isn't available anymore.
>> In my Protocol I have some Ascii-encoded String but which comes as two
>> bytes per character. Example:
>> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
>> GUI/Tree/PacketList as "1234"
> 
> If that's truly ASCII-encoded, that would be a significant waste of bytes - 
> you could just use one byte per character for ASCII; if the second byte is 
> always zero, that byte serves no useful purpose.
> 
> So I'll assume it's a *superset* of ASCII, and that you mean either "UTF-16 
> encoded string" or "UCS-2 encoded string" rather than "ASCII-encoded string 
> which comes as two bytes per character".
> 
> So:
> 
>> I used to call:
>>
>> tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>>
>> and display result as %s in col_append_fstr() or as FT_STRING in
>> proto_tree_add_string().
>>
>> So could anyone give me a hint, is there a function still available for
>> this type of encoding
> 
>   tvb_get_string_enc(tvb, {offset}, {length of string}, 
> ENC_UTF_16|ENC_BIG_ENDIAN)
> 
> or
> 
>   tvb_get_string_enc(tvb, {offset}, {length of string}, 
> ENC_UCS_2|ENC_BIG_ENDIAN)
> 
> depending on whether it's UTF-16 (with surrogate pairs to handle Unicode 
> characters that don't fit in 16 bits) or UCS-2 (supporting only characters in 
> the Unicode Basic Multilingual Plane, without surrogate pairs).
> 
> Note that tvb_get_string_enc() returns a UTF-8-encoded string; octet 
> sequences that can't be mapped to UTF-8 strings will be replaced by the 
> Unicode "replacement character".
> 
>> In general is there a fast/convenient way - other than manually looking
>> through the sources after functions that might do what i want - to check
>> if this function X is now replaced by function Y.
> 
> No.  You could check doc/README.developer, etc. to see if anything is 
> mentioned.
> 
>> Other examples I need to replace are:
>> abs_time_to_ep_str()
> 
>   abs_time_to_str({wmem scope}, ...)
> 
> The old "ephemeral" and "session" memory mechanisms are deprecated in favor 
> of the new wmem mechanisms.  The scope that's equivalent to "ephemeral" scope 
> is, I think, packet scope (right, Evan?), so you'd want
> 
>   abs_time_to_str(wmem_packet_scope(), ...)
> 
>> nstime_delta()
> 
> Its replacement is called nstime_delta() and has the exact same arguments. :-)
> 
> However, you need to include  to get it declared.
> 

Well thanks a lot everybody for helping. I could resolve almost all of
my Problems with Your help. In fact the "ASCII encoded 2-byte-string" is
a Unicode String shame on me :-)

Unfortunately no luck with nstime_delta().

I already had included  

My call looks like this:

proto_item *it;
nstime_t ns;

it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb, 0, 0,
xyz_trans->req_frame);
PROTO_ITEM_SET_GENERATED(it);

nstime_delta(&ns, &pinfo->fd->abs_ts, &xyz_trans->req_time);
it=proto_tree_add_time(xyz_tree, hf_xyz_response_time, tvb, 0,
0, &ns);
PROTO_ITEM_SET_GENERATED(it);

It always generates errors LNK2019/LNK1120 ... unresolved external
symbol "__imp__nstime_delta" in function ...

Hope You have an idea here. I'm not really good in finding the necessary
functions/files to include in such a big project and my search on the
www on this was not successful.

Thanks again & best regards

SemGo





___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Pascal Quantin 
2014-11-21 14:06 GMT+01:00 Semjon :

>
>
>
> Am 21.11.2014 um 10:06 schrieb Guy Harris:
> >
> > On Nov 21, 2014, at 12:48 AM, Semjon 
> wrote:
> >
> >> One of my current problems is with
> >>
> >> tvb_get_faked_unicode(...)
> >>
> >> which isn't available anymore.
> >> In my Protocol I have some Ascii-encoded String but which comes as two
> >> bytes per character. Example:
> >> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
> >> GUI/Tree/PacketList as "1234"
> >
> > If that's truly ASCII-encoded, that would be a significant waste of
> bytes - you could just use one byte per character for ASCII; if the second
> byte is always zero, that byte serves no useful purpose.
> >
> > So I'll assume it's a *superset* of ASCII, and that you mean either
> "UTF-16 encoded string" or "UCS-2 encoded string" rather than
> "ASCII-encoded string which comes as two bytes per character".
> >
> > So:
> >
> >> I used to call:
> >>
> >> tvb_get_faked_unicode(NULL,tvb, 20,
> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
> >>
> >> and display result as %s in col_append_fstr() or as FT_STRING in
> >> proto_tree_add_string().
> >>
> >> So could anyone give me a hint, is there a function still available for
> >> this type of encoding
> >
> >   tvb_get_string_enc(tvb, {offset}, {length of string},
> ENC_UTF_16|ENC_BIG_ENDIAN)
> >
> > or
> >
> >   tvb_get_string_enc(tvb, {offset}, {length of string},
> ENC_UCS_2|ENC_BIG_ENDIAN)
> >
> > depending on whether it's UTF-16 (with surrogate pairs to handle Unicode
> characters that don't fit in 16 bits) or UCS-2 (supporting only characters
> in the Unicode Basic Multilingual Plane, without surrogate pairs).
> >
> > Note that tvb_get_string_enc() returns a UTF-8-encoded string; octet
> sequences that can't be mapped to UTF-8 strings will be replaced by the
> Unicode "replacement character".
> >
> >> In general is there a fast/convenient way - other than manually looking
> >> through the sources after functions that might do what i want - to check
> >> if this function X is now replaced by function Y.
> >
> > No.  You could check doc/README.developer, etc. to see if anything is
> mentioned.
> >
> >> Other examples I need to replace are:
> >> abs_time_to_ep_str()
> >
> >   abs_time_to_str({wmem scope}, ...)
> >
> > The old "ephemeral" and "session" memory mechanisms are deprecated in
> favor of the new wmem mechanisms.  The scope that's equivalent to
> "ephemeral" scope is, I think, packet scope (right, Evan?), so you'd want
> >
> >   abs_time_to_str(wmem_packet_scope(), ...)
> >
> >> nstime_delta()
> >
> > Its replacement is called nstime_delta() and has the exact same
> arguments. :-)
> >
> > However, you need to include  to get it declared.
> >
>
> Well thanks a lot everybody for helping. I could resolve almost all of
> my Problems with Your help. In fact the "ASCII encoded 2-byte-string" is
> a Unicode String shame on me :-)
>
> Unfortunately no luck with nstime_delta().
>
> I already had included  
>
> My call looks like this:
>
> proto_item *it;
> nstime_t ns;
>
> it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb, 0, 0,
> xyz_trans->req_frame);
> PROTO_ITEM_SET_GENERATED(it);
>
> nstime_delta(&ns, &pinfo->fd->abs_ts, &xyz_trans->req_time);
> it=proto_tree_add_time(xyz_tree, hf_xyz_response_time, tvb, 0,
> 0, &ns);
> PROTO_ITEM_SET_GENERATED(it);
>
> It always generates errors LNK2019/LNK1120 ... unresolved external
> symbol "__imp__nstime_delta" in function ...
>
> Hope You have an idea here. I'm not really good in finding the necessary
> functions/files to include in such a big project and my search on the
> www on this was not successful.
>
>
Hi,

assuming that your proprietary dissector is a plugin, ensure that your
makefile indicates the path to libwsutil. I guess you are on Windows, so
your Makefile.nmake file should contain:

!IFDEF ENABLE_LIBWIRESHARK
LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib
CFLAGS=$(CFLAGS)
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Bill Meier 

On 11/21/2014 9:29 AM, Pascal Quantin wrote:



2014-11-21 14:06 GMT+01:00 Semjon mailto:se...@web.de>>:




Am 21.11.2014 um 10:06 schrieb Guy Harris:
 >
 > On Nov 21, 2014, at 12:48 AM, Semjon
mailto:gaf8t...@public.gmane.org>> wrote:
 >
 >> One of my current problems is with
 >>
 >> tvb_get_faked_unicode(...)
 >>
 >> which isn't available anymore.
 >> In my Protocol I have some Ascii-encoded String but which comes
as two
 >> bytes per character. Example:
 >> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
 >> GUI/Tree/PacketList as "1234"
 >
 > If that's truly ASCII-encoded, that would be a significant waste
of bytes - you could just use one byte per character for ASCII; if
the second byte is always zero, that byte serves no useful purpose.
 >
 > So I'll assume it's a *superset* of ASCII, and that you mean
either "UTF-16 encoded string" or "UCS-2 encoded string" rather than
"ASCII-encoded string which comes as two bytes per character".
 >
 > So:
 >
 >> I used to call:
 >>
 >> tvb_get_faked_unicode(NULL,tvb, 20,
((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
 >>
 >> and display result as %s in col_append_fstr() or as FT_STRING in
 >> proto_tree_add_string().
 >>
 >> So could anyone give me a hint, is there a function still
available for
 >> this type of encoding
 >
 >   tvb_get_string_enc(tvb, {offset}, {length of string},
ENC_UTF_16|ENC_BIG_ENDIAN)
 >
 > or
 >
 >   tvb_get_string_enc(tvb, {offset}, {length of string},
ENC_UCS_2|ENC_BIG_ENDIAN)
 >
 > depending on whether it's UTF-16 (with surrogate pairs to handle
Unicode characters that don't fit in 16 bits) or UCS-2 (supporting
only characters in the Unicode Basic Multilingual Plane, without
surrogate pairs).
 >
 > Note that tvb_get_string_enc() returns a UTF-8-encoded string;
octet sequences that can't be mapped to UTF-8 strings will be
replaced by the Unicode "replacement character".
 >
 >> In general is there a fast/convenient way - other than manually
looking
 >> through the sources after functions that might do what i want -
to check
 >> if this function X is now replaced by function Y.
 >
 > No.  You could check doc/README.developer, etc. to see if
anything is mentioned.
 >
 >> Other examples I need to replace are:
 >> abs_time_to_ep_str()
 >
 >   abs_time_to_str({wmem scope}, ...)
 >
 > The old "ephemeral" and "session" memory mechanisms are
deprecated in favor of the new wmem mechanisms.  The scope that's
equivalent to "ephemeral" scope is, I think, packet scope (right,
Evan?), so you'd want
 >
 >   abs_time_to_str(wmem_packet_scope(), ...)
 >
 >> nstime_delta()
 >
 > Its replacement is called nstime_delta() and has the exact same
arguments. :-)
 >
 > However, you need to include  to get it declared.
 >

Well thanks a lot everybody for helping. I could resolve almost all of
my Problems with Your help. In fact the "ASCII encoded 2-byte-string" is
a Unicode String shame on me :-)

Unfortunately no luck with nstime_delta().

I already had included  

My call looks like this:

 proto_item *it;
 nstime_t ns;

 it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb, 0, 0,
xyz_trans->req_frame);
 PROTO_ITEM_SET_GENERATED(it);

 nstime_delta(&ns, &pinfo->fd->abs_ts, &xyz_trans->req_time);
 it=proto_tree_add_time(xyz_tree, hf_xyz_response_time, tvb, 0,
0, &ns);
 PROTO_ITEM_SET_GENERATED(it);

It always generates errors LNK2019/LNK1120 ... unresolved external
symbol "__imp__nstime_delta" in function ...

Hope You have an idea here. I'm not really good in finding the necessary
functions/files to include in such a big project and my search on the
www on this was not successful.


Hi,

assuming that your proprietary dissector is a plugin, ensure that your
makefile indicates the path to libwsutil. I guess you are on Windows, so
your Makefile.nmake file should contain:

!IFDEF ENABLE_LIBWIRESHARK
LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib
CFLAGS=$(CFLAGS)





See plugins\ethercat for a dissector which uses nstime_delta()  [in 
packet-esl.c].


Also: proto.h (#included by packet.h) #includes nstime.h so you need not 
explicitly include same.




___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Semjon 


Am 21.11.2014 um 15:42 schrieb Bill Meier:
> On 11/21/2014 9:29 AM, Pascal Quantin wrote:
>>
>>
>> 2014-11-21 14:06 GMT+01:00 Semjon > >:
>>
>>
>>
>>
>> Am 21.11.2014 um 10:06 schrieb Guy Harris:
>>  >
>>  > On Nov 21, 2014, at 12:48 AM, Semjon
>> > > wrote:
>>  >
>>  >> One of my current problems is with
>>  >>
>>  >> tvb_get_faked_unicode(...)
>>  >>
>>  >> which isn't available anymore.
>>  >> In my Protocol I have some Ascii-encoded String but which comes
>> as two
>>  >> bytes per character. Example:
>>  >> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display in
>>  >> GUI/Tree/PacketList as "1234"
>>  >
>>  > If that's truly ASCII-encoded, that would be a significant waste
>> of bytes - you could just use one byte per character for ASCII; if
>> the second byte is always zero, that byte serves no useful purpose.
>>  >
>>  > So I'll assume it's a *superset* of ASCII, and that you mean
>> either "UTF-16 encoded string" or "UCS-2 encoded string" rather than
>> "ASCII-encoded string which comes as two bytes per character".
>>  >
>>  > So:
>>  >
>>  >> I used to call:
>>  >>
>>  >> tvb_get_faked_unicode(NULL,tvb, 20,
>> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>>  >>
>>  >> and display result as %s in col_append_fstr() or as FT_STRING in
>>  >> proto_tree_add_string().
>>  >>
>>  >> So could anyone give me a hint, is there a function still
>> available for
>>  >> this type of encoding
>>  >
>>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
>> ENC_UTF_16|ENC_BIG_ENDIAN)
>>  >
>>  > or
>>  >
>>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
>> ENC_UCS_2|ENC_BIG_ENDIAN)
>>  >
>>  > depending on whether it's UTF-16 (with surrogate pairs to handle
>> Unicode characters that don't fit in 16 bits) or UCS-2 (supporting
>> only characters in the Unicode Basic Multilingual Plane, without
>> surrogate pairs).
>>  >
>>  > Note that tvb_get_string_enc() returns a UTF-8-encoded string;
>> octet sequences that can't be mapped to UTF-8 strings will be
>> replaced by the Unicode "replacement character".
>>  >
>>  >> In general is there a fast/convenient way - other than manually
>> looking
>>  >> through the sources after functions that might do what i want -
>> to check
>>  >> if this function X is now replaced by function Y.
>>  >
>>  > No.  You could check doc/README.developer, etc. to see if
>> anything is mentioned.
>>  >
>>  >> Other examples I need to replace are:
>>  >> abs_time_to_ep_str()
>>  >
>>  >   abs_time_to_str({wmem scope}, ...)
>>  >
>>  > The old "ephemeral" and "session" memory mechanisms are
>> deprecated in favor of the new wmem mechanisms.  The scope that's
>> equivalent to "ephemeral" scope is, I think, packet scope (right,
>> Evan?), so you'd want
>>  >
>>  >   abs_time_to_str(wmem_packet_scope(), ...)
>>  >
>>  >> nstime_delta()
>>  >
>>  > Its replacement is called nstime_delta() and has the exact same
>> arguments. :-)
>>  >
>>  > However, you need to include  to get it declared.
>>  >
>>
>> Well thanks a lot everybody for helping. I could resolve almost
>> all of
>> my Problems with Your help. In fact the "ASCII encoded
>> 2-byte-string" is
>> a Unicode String shame on me :-)
>>
>> Unfortunately no luck with nstime_delta().
>>
>> I already had included  
>>
>> My call looks like this:
>>
>>  proto_item *it;
>>  nstime_t ns;
>>
>>  it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb,
>> 0, 0,
>> xyz_trans->req_frame);
>>  PROTO_ITEM_SET_GENERATED(it);
>>
>>  nstime_delta(&ns, &pinfo->fd->abs_ts, &xyz_trans->req_time);
>>  it=proto_tree_add_time(xyz_tree, hf_xyz_response_time,
>> tvb, 0,
>> 0, &ns);
>>  PROTO_ITEM_SET_GENERATED(it);
>>
>> It always generates errors LNK2019/LNK1120 ... unresolved external
>> symbol "__imp__nstime_delta" in function ...
>>
>> Hope You have an idea here. I'm not really good in finding the
>> necessary
>> functions/files to include in such a big project and my search on the
>> www on this was not successful.
>>
>>
>> Hi,
>>
>> assuming that your proprietary dissector is a plugin, ensure that your
>> makefile indicates the path to libwsutil. I guess you are on Windows, so
>> your Makefile.nmake file should contain:
>>
>> !IFDEF ENABLE_LIBWIRESHARK
>> LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib
>> CFLAGS=$(CFLAGS)
>>
>>
> 
> 
> See plugins\ethercat for a dissector which uses nstime_delta()  [in
> packet-esl.c].
> 
> Also: proto.h (#included by packet

Re: [Wireshark-dev] Wireshark 1.99 Qt - Display Filter Auto complete feature gone forever?

2014-11-21 Thread Semjon 


Am 21.11.2014 um 10:18 schrieb Alexis La Goutte:
> On Fri, Nov 21, 2014 at 10:08 AM, Semjon  
> wrote:
>> Hello,
>>
>> I just tried the new 1.99 version with Qt which I find over all has a
>> nicer, more modern look&feel than the gtk version.
>> But one thing I realised is not so good I think.
>> In Gtk versions in the display filter field I could start to write my
>> filter and with every separation via the "." after a known
>> protocol/field it would suggest me all possible fields to use as a
>> filter (e.g. if I type "ip." it would open all possible options in the
>> dropdown menu for the ip-protocol addr, dst, len etc...).
>> This was very comfortable specially if You don't know exactly how to
>> write if you want to for example filter the TCP destination port. Now in
>> the QT version it seems that this dropdown select has the function to
>> show the last entered filter values which (at least for me) is quite
>> useless.
>>
>> Is this going to stay like this or is this functionality just not ported
>> from the gtk version yet?
> Hi SemGo,
> 
> I think, it is just not ported feature... ;-)
> 
> Regards,
> 
>>
>> Thanks & Regards
>>
>> SemGo
>> ___
>> Sent via:Wireshark-dev mailing list 
>> 
>> Archives:http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>  
>> mailto:wireshark-dev-request-IZ8446WsY0/dtawm4da...@public.gmane.org?subject=unsubscribe
> ___
> Sent via:Wireshark-dev mailing list 
> 
> Archives:http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  
> mailto:wireshark-dev-request-IZ8446WsY0/dtawm4da...@public.gmane.org?subject=unsubscribe
> 
Thank You for Info

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Pascal Quantin 
2014-11-21 17:34 GMT+01:00 Semjon :

>
>
> Am 21.11.2014 um 15:42 schrieb Bill Meier:
> > On 11/21/2014 9:29 AM, Pascal Quantin wrote:
> >>
> >>
> >> 2014-11-21 14:06 GMT+01:00 Semjon  >> >:
> >>
> >>
> >>
> >>
> >> Am 21.11.2014 um 10:06 schrieb Guy Harris:
> >>  >
> >>  > On Nov 21, 2014, at 12:48 AM, Semjon
> >>  >> > wrote:
> >>  >
> >>  >> One of my current problems is with
> >>  >>
> >>  >> tvb_get_faked_unicode(...)
> >>  >>
> >>  >> which isn't available anymore.
> >>  >> In my Protocol I have some Ascii-encoded String but which comes
> >> as two
> >>  >> bytes per character. Example:
> >>  >> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should display
> in
> >>  >> GUI/Tree/PacketList as "1234"
> >>  >
> >>  > If that's truly ASCII-encoded, that would be a significant waste
> >> of bytes - you could just use one byte per character for ASCII; if
> >> the second byte is always zero, that byte serves no useful purpose.
> >>  >
> >>  > So I'll assume it's a *superset* of ASCII, and that you mean
> >> either "UTF-16 encoded string" or "UCS-2 encoded string" rather than
> >> "ASCII-encoded string which comes as two bytes per character".
> >>  >
> >>  > So:
> >>  >
> >>  >> I used to call:
> >>  >>
> >>  >> tvb_get_faked_unicode(NULL,tvb, 20,
> >> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
> >>  >>
> >>  >> and display result as %s in col_append_fstr() or as FT_STRING in
> >>  >> proto_tree_add_string().
> >>  >>
> >>  >> So could anyone give me a hint, is there a function still
> >> available for
> >>  >> this type of encoding
> >>  >
> >>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
> >> ENC_UTF_16|ENC_BIG_ENDIAN)
> >>  >
> >>  > or
> >>  >
> >>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
> >> ENC_UCS_2|ENC_BIG_ENDIAN)
> >>  >
> >>  > depending on whether it's UTF-16 (with surrogate pairs to handle
> >> Unicode characters that don't fit in 16 bits) or UCS-2 (supporting
> >> only characters in the Unicode Basic Multilingual Plane, without
> >> surrogate pairs).
> >>  >
> >>  > Note that tvb_get_string_enc() returns a UTF-8-encoded string;
> >> octet sequences that can't be mapped to UTF-8 strings will be
> >> replaced by the Unicode "replacement character".
> >>  >
> >>  >> In general is there a fast/convenient way - other than manually
> >> looking
> >>  >> through the sources after functions that might do what i want -
> >> to check
> >>  >> if this function X is now replaced by function Y.
> >>  >
> >>  > No.  You could check doc/README.developer, etc. to see if
> >> anything is mentioned.
> >>  >
> >>  >> Other examples I need to replace are:
> >>  >> abs_time_to_ep_str()
> >>  >
> >>  >   abs_time_to_str({wmem scope}, ...)
> >>  >
> >>  > The old "ephemeral" and "session" memory mechanisms are
> >> deprecated in favor of the new wmem mechanisms.  The scope that's
> >> equivalent to "ephemeral" scope is, I think, packet scope (right,
> >> Evan?), so you'd want
> >>  >
> >>  >   abs_time_to_str(wmem_packet_scope(), ...)
> >>  >
> >>  >> nstime_delta()
> >>  >
> >>  > Its replacement is called nstime_delta() and has the exact same
> >> arguments. :-)
> >>  >
> >>  > However, you need to include  to get it
> declared.
> >>  >
> >>
> >> Well thanks a lot everybody for helping. I could resolve almost
> >> all of
> >> my Problems with Your help. In fact the "ASCII encoded
> >> 2-byte-string" is
> >> a Unicode String shame on me :-)
> >>
> >> Unfortunately no luck with nstime_delta().
> >>
> >> I already had included  
> >>
> >> My call looks like this:
> >>
> >>  proto_item *it;
> >>  nstime_t ns;
> >>
> >>  it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb,
> >> 0, 0,
> >> xyz_trans->req_frame);
> >>  PROTO_ITEM_SET_GENERATED(it);
> >>
> >>  nstime_delta(&ns, &pinfo->fd->abs_ts,
> &xyz_trans->req_time);
> >>  it=proto_tree_add_time(xyz_tree, hf_xyz_response_time,
> >> tvb, 0,
> >> 0, &ns);
> >>  PROTO_ITEM_SET_GENERATED(it);
> >>
> >> It always generates errors LNK2019/LNK1120 ... unresolved external
> >> symbol "__imp__nstime_delta" in function ...
> >>
> >> Hope You have an idea here. I'm not really good in finding the
> >> necessary
> >> functions/files to include in such a big project and my search on
> the
> >> www on this was not successful.
> >>
> >>
> >> Hi,
> >>
> >> assuming that your proprietary dissector is a plugin, ensure that your
> >> makefile indicates the path to libwsutil.

Re: [Wireshark-dev] removed functions fast way to find substitutes?

2014-11-21 Thread Semjon 


Am 21.11.2014 um 23:24 schrieb Pascal Quantin:
> 
> 
> 2014-11-21 17:34 GMT+01:00 Semjon  >:
> 
> 
> 
> Am 21.11.2014 um 15:42 schrieb Bill Meier:
> > On 11/21/2014 9:29 AM, Pascal Quantin wrote:
> >>
> >>
> >> 2014-11-21 14:06 GMT+01:00 Semjon
>  
> >>  /gaf8tv78-xmd5yjdbdmrexy1tmh2...@public.gmane.org
> >>:
> >>
> >>
> >>
> >>
> >> Am 21.11.2014 um 10:06 schrieb Guy Harris:
> >>  >
> >>  > On Nov 21, 2014, at 12:48 AM, Semjon
> >>  
> 
> >>   
>  
>  
> >>
> wrote:
> >>  >
> >>  >> One of my current problems is with
> >>  >>
> >>  >> tvb_get_faked_unicode(...)
> >>  >>
> >>  >> which isn't available anymore.
> >>  >> In my Protocol I have some Ascii-encoded String but which
> comes
> >> as two
> >>  >> bytes per character. Example:
> >>  >> {0x0031, 0x0032, 0x0033, 0x0034, 0x} in tvb should
> display in
> >>  >> GUI/Tree/PacketList as "1234"
> >>  >
> >>  > If that's truly ASCII-encoded, that would be a significant
> waste
> >> of bytes - you could just use one byte per character for
> ASCII; if
> >> the second byte is always zero, that byte serves no useful
> purpose.
> >>  >
> >>  > So I'll assume it's a *superset* of ASCII, and that you mean
> >> either "UTF-16 encoded string" or "UCS-2 encoded string"
> rather than
> >> "ASCII-encoded string which comes as two bytes per character".
> >>  >
> >>  > So:
> >>  >
> >>  >> I used to call:
> >>  >>
> >>  >> tvb_get_faked_unicode(NULL,tvb, 20,
> >> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
> >>  >>
> >>  >> and display result as %s in col_append_fstr() or as
> FT_STRING in
> >>  >> proto_tree_add_string().
> >>  >>
> >>  >> So could anyone give me a hint, is there a function still
> >> available for
> >>  >> this type of encoding
> >>  >
> >>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
> >> ENC_UTF_16|ENC_BIG_ENDIAN)
> >>  >
> >>  > or
> >>  >
> >>  >   tvb_get_string_enc(tvb, {offset}, {length of string},
> >> ENC_UCS_2|ENC_BIG_ENDIAN)
> >>  >
> >>  > depending on whether it's UTF-16 (with surrogate pairs to
> handle
> >> Unicode characters that don't fit in 16 bits) or UCS-2
> (supporting
> >> only characters in the Unicode Basic Multilingual Plane, without
> >> surrogate pairs).
> >>  >
> >>  > Note that tvb_get_string_enc() returns a UTF-8-encoded string;
> >> octet sequences that can't be mapped to UTF-8 strings will be
> >> replaced by the Unicode "replacement character".
> >>  >
> >>  >> In general is there a fast/convenient way - other than
> manually
> >> looking
> >>  >> through the sources after functions that might do what i
> want -
> >> to check
> >>  >> if this function X is now replaced by function Y.
> >>  >
> >>  > No.  You could check doc/README.developer, etc. to see if
> >> anything is mentioned.
> >>  >
> >>  >> Other examples I need to replace are:
> >>  >> abs_time_to_ep_str()
> >>  >
> >>  >   abs_time_to_str({wmem scope}, ...)
> >>  >
> >>  > The old "ephemeral" and "session" memory mechanisms are
> >> deprecated in favor of the new wmem mechanisms.  The scope that's
> >> equivalent to "ephemeral" scope is, I think, packet scope (right,
> >> Evan?), so you'd want
> >>  >
> >>  >   abs_time_to_str(wmem_packet_scope(), ...)
> >>  >
> >>  >> nstime_delta()
> >>  >
> >>  > Its replacement is called nstime_delta() and has the exact
> same
> >> arguments. :-)
> >>  >
> >>  > However, you need to include  to get it
> declared.
> >>  >
> >>
> >> Well thanks a lot everybody for helping. I could resolve almost
> >> all of
> >> my Problems with Your help. In fact the "ASCII encoded
> >> 2-byte-string" is
> >> a Unicode String shame on me :-)
> >>
> >> Unfortunately no luck with nstime_delta().
> >>
> >> I already had included  
> >>
> >>