Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Bill Meier 

On 11/11/2015 9:57 PM, Bill Meier wrote:

On 11/11/2015 1:24 PM, Bálint Réczey wrote:

It looks like Balint already sent a patch to Gtk:

https://www.wireshark.org/lists/wireshark-dev/201403/msg00042.html

It seems to be a new breakage, I have to check it.



Yep: from the gtk 3.18 repository: gtkstyle.h commit

2015-05-14Amend deprecation warnings for GtkStyle APIEmmanuele
Bassi1-28/+28


diff --git a/gtk/deprecated/gtkstyle.h b/gtk/deprecated/gtkstyle.h
index dbe83df..55b6934 100644
--- a/gtk/deprecated/gtkstyle.h
+++ b/gtk/deprecated/gtkstyle.h
@@ -451,7 +451,7 @@ GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext)
  void  gtk_style_set_background   (GtkStyle *style,
GdkWindow*window,
GtkStateType  state_type);
-GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext)
+GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
  void  gtk_style_apply_default_background (GtkStyle *style,
cairo_t  *cr,
GdkWindow*window,



I note that in the previous case the patch was to replace 'AND' with '&'



gtkstyle.h appears to be the only file in .../deprecated/*.h with problems.

grep ...

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_background)

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and a style class)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and a style class)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_icon)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_line)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_line)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_background)

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_arrow)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_icon)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_frame)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_background)

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_check)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_option)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_background)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_extension)

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_focus)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_focus)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_handle)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_render_expander)

gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_layout)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_handle)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_icon)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_style_context_get_property)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_style_context_get_property)
gtkstyle.h:GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and 
gtk_style_context_get_property)


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Bill Meier 

On 11/11/2015 1:24 PM, Bálint Réczey wrote:

It looks like Balint already sent a patch to Gtk:

https://www.wireshark.org/lists/wireshark-dev/201403/msg00042.html

It seems to be a new breakage, I have to check it.



Yep: from the gtk 3.18 repository: gtkstyle.h commit

2015-05-14	Amend deprecation warnings for GtkStyle API	Emmanuele 
Bassi	1	-28/+28



diff --git a/gtk/deprecated/gtkstyle.h b/gtk/deprecated/gtkstyle.h
index dbe83df..55b6934 100644
--- a/gtk/deprecated/gtkstyle.h
+++ b/gtk/deprecated/gtkstyle.h
@@ -451,7 +451,7 @@ GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext)
 void  gtk_style_set_background   (GtkStyle *style,
   GdkWindow*window,
   GtkStateType  state_type);
-GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext)
+GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
 void  gtk_style_apply_default_background (GtkStyle *style,
   cairo_t  *cr,
   GdkWindow*window,



I note that in the previous case the patch was to replace 'AND' with '&' 




___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark 2.0.0rc3 is now available

2015-11-11 Thread Gerald Combs 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm proud to announce the release of Wireshark 2.0.0rc3.


   This is the third release candidate for Wireshark 2.0.
 __

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
 __

What's New

   Wireshark 2.0 features a completely new user interface which should
   provide a smoother, faster user experience. The new interface should be
   familiar to current users of Wireshark but provide a faster workflow
   for many tasks.

   The Windows installer provides the option of installing either the new
   interface ("Wirehsark") or the old interface ("Wireshark Legacy"). Both
   are installed by default. Note that the legacy interface will be
   removed in Wireshark 2.2.

   The OS X installer only provides the new interface. If you need the old
   interface you can install it via Homebrew or MacPorts.

   Wireshark's Debian- and RPM-based package definitions provide the new
   interface in the "wireshark-qt" package and the old interface in the
   "wireshark-gtk" package. It is hoped that downstream distributions will
   follow this convention.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.0.0rc2:
 * "File->Merge" no longer crashes on Windows. Bug [1]Bug 11684.
 * Icons in the main toolbar obey magnification settings on Windows.
   Bug [2]Bug 11675.
 * The Windows installer does a better job of detecting WinPcap. Bug
   [3]Bug 10867.
 * The main window no longer appears off-screen on Windows. Bug [4]Bug
   11568.

   The following features are new (or have been significantly updated)
   since version 2.0.0rc1:
 * For new installations on UN*X, the directory for user preferences
   is $HOME/.config/wireshark rather than $HOME/.wireshark. If that
   directory is absent, preferences will still be found and stored
   under $HOME/.wireshark.
 * Qt port:
  + The SIP Statistics dialog has been added.
  + You can now create filter expressions from the display filter
toolbar.
  + Bugs in the UAT preferences dialog has been fixed.
 * Several dissector and Qt UI crash bugs have been fixed.
 * Problems with the OS X application bundle have been fixed.

   The following features are new (or have been significantly updated)
   since version 1.99.9:
 * Qt port:
  + The LTE RLC Graph dialog has been added.
  + The LTE MAC Statistics dialog has been added.
  + The LTE RLC Statistics dialog has been added.
  + The IAX2 Analysis dialog has been added.
  + The Conversation Hash Tables dialog has been added.
  + The Dissector Tables dialog has been added.
  + The Supported Protocols dialog has been added.
  + You can now zoom the I/O and TCP Stream graph X and Y axes
independently.
  + The RTP Player dialog has been added.
  + Several memory leaks have been fixed.

   The following features are new (or have been significantly updated)
   since version 1.99.8:
 * Qt port:
  + The MTP3 statistics and summary dialogs have been added.
  + The WAP-WSP statistics dialog has been added.
  + The UDP multicast statistics dialog has been added.
  + The WLAN statistics dialog has been added.
  + The display filter macros dialog has been added.
  + The capture file properties dialog now includes packet
comments.
  + Many more statistics dialogs can be opened from the command
line via -z 
  + Most dialogs now have a cancellable progress bar.
  + Many packet list and packet detail context menus items have
been added.
  + Lua plugins can be reloaded from the Analyze menu.
  + Many bug fixes and improvements.

   The following features are new (or have been significantly updated)
   since version 1.99.7:
 * Qt port:
  + The Enabled Protocols dialog has been added.
  + Many statistics dialogs have been added, including Service
response time, DHCP/BOOTP, and ANSI.
  + The RTP Analysis dialog has been added.
  + Lua dialog support has been added.
  + You can now manually resolve addresses.
  + The Resolved Addresses dialog has been added.
  + The packet list scrollbar now has a minimap.
  + The capture interfaces dialog has been updated.
  + You can now colorize conversations.
  + Welcome screen behavior has been improved.
  + Plugin support has been improved.
  + Many dialogs should now more correctly minimize and maximize.
  + The reload button has been added

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Jeff Morriss 

On 11/11/15 13:22, Guy Harris wrote:


On Nov 11, 2015, at 10:10 AM, Jeff Morriss  wrote:


On 11/11/15 12:28, Bill Meier wrote:


So: it seems we want to continue to support GTK3 ?


Yes, I think so.  At least RHEL 6 needs to continue to use the Gtk+ GUI (since 
its Qt isn't new enough).  (Though I still stick with Gtk2.)


Will RHEL 6 even bother to pick up 2.0?  Or do you mean "people who want to build 
Wireshark 2.0 themselves on RHEL 6, without having to build and install Qt themselves as 
well, will need to continue to use the GTK+ UI"?


No, RHEL won't upgrade.  But those who compile-their-own (because they 
want something newer than 1.8) will have to use the Gtk+ GUI.  (I roll 
my own--including some internal dissectors--and push it out to a few 
hundred machines via an (internal) yum repository.)


Gerald did mention that we'd only need to get rid of one thing to make 
the Qt GUI compatible with RHEL 6:


https://www.wireshark.org/lists/wireshark-dev/201510/msg00058.html

But that seems unlikely.

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Bálint Réczey 
2015-11-11 22:10 GMT+04:00 Jeff Morriss :
> On 11/11/15 12:28, Bill Meier wrote:
>>
>> When building GTK3 Wireshark on my Fedora system (after not having done
>> so for a while), I'm getting many warnings similar to the following:
>>
>>
>>   CC   libgtkui_a-about_dlg.o
>> In file included from /usr/include/gtk-3.0/gtk/gtk.h:263:0,
>>   from about_dlg.c:28:
>> /usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:454:43: error: identifier
>> "and" is a special operator name in C++ [-Werror=c++-compat]
>>   GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
>> ^
>>
>> [versions: Fedora 23; GCC 5.1.1; GTK3 3.18.2]
>>
>> -Wc++-compat seems to have been added in March 2013 (g557df88), so I
>> don't know why I'm now getting the warnings (although it's been some
>> number of months since I've built GTK3 Wireshark with GCC);
>>   Warnings didn't show with previous versions of GCC compiler ?
>>   GTK changes ??
>>   ???
>
>
> It looks like Balint already sent a patch to Gtk:
>
> https://www.wireshark.org/lists/wireshark-dev/201403/msg00042.html
It seems to be a new breakage, I have to check it.

>
>> So: it seems we want to continue to support GTK3 ?
>
>
> Yes, I think so.  At least RHEL 6 needs to continue to use the Gtk+ GUI
> (since its Qt isn't new enough).  (Though I still stick with Gtk2.)
>
>> and thus it seems that the -Wc++-compat compile flag would need to be
>> removed when building GTK stuff or ??
>
>
> That's probably not unreasonable (as long as the rest of Wireshark still
> gets the flag).
As a workaround one can pass -Wno-c++-compat as an extra flag to build
local Wireshark versions without having to patch anything.

Cheers,
Balint
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Guy Harris 

On Nov 11, 2015, at 10:10 AM, Jeff Morriss  wrote:

> On 11/11/15 12:28, Bill Meier wrote:
> 
>> So: it seems we want to continue to support GTK3 ?
> 
> Yes, I think so.  At least RHEL 6 needs to continue to use the Gtk+ GUI 
> (since its Qt isn't new enough).  (Though I still stick with Gtk2.)

Will RHEL 6 even bother to pick up 2.0?  Or do you mean "people who want to 
build Wireshark 2.0 themselves on RHEL 6, without having to build and install 
Qt themselves as well, will need to continue to use the GTK+ UI"?
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GTP session plugin

2015-11-11 Thread Jeff Morriss 

On 11/11/15 07:36, POZUELO Gloria (BCS/PSD) wrote:

Hi,

I’ve almost finished the plugin I’m working on, but now I’m trying to
improve the performance. I’d like to ask you if there’s a way to know if
wireshark has dissected all packets of the pcap file, this way I could
avoid to calculate all the necessary things for getting the GTP session
every time I sort the pcap, for example. Now, what I’ve done, is that
every packet checks if it has a session ID or not, but for that, we have
to loop over all the existing sessions and if the pcap is bigger enough,
then the performance is not as good as expected. I think that knowing
when the first calculus has finished will improve the performance, since
we only have to show the corresponding session ID.


Hmm, there must be a better way.  For example, can you store, for each 
packet, which session it belongs to (i.e., trade memory usage for time)?


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Jeff Morriss 

On 11/11/15 12:28, Bill Meier wrote:

When building GTK3 Wireshark on my Fedora system (after not having done
so for a while), I'm getting many warnings similar to the following:


  CC   libgtkui_a-about_dlg.o
In file included from /usr/include/gtk-3.0/gtk/gtk.h:263:0,
  from about_dlg.c:28:
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:454:43: error: identifier
"and" is a special operator name in C++ [-Werror=c++-compat]
  GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
^

[versions: Fedora 23; GCC 5.1.1; GTK3 3.18.2]

-Wc++-compat seems to have been added in March 2013 (g557df88), so I
don't know why I'm now getting the warnings (although it's been some
number of months since I've built GTK3 Wireshark with GCC);
  Warnings didn't show with previous versions of GCC compiler ?
  GTK changes ??
  ???


It looks like Balint already sent a patch to Gtk:

https://www.wireshark.org/lists/wireshark-dev/201403/msg00042.html


So: it seems we want to continue to support GTK3 ?


Yes, I think so.  At least RHEL 6 needs to continue to use the Gtk+ GUI 
(since its Qt isn't new enough).  (Though I still stick with Gtk2.)



and thus it seems that the -Wc++-compat compile flag would need to be
removed when building GTK stuff or ??


That's probably not unreasonable (as long as the rest of Wireshark still 
gets the flag).


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread João Valverde 



On 11-11-2015 17:28, Bill Meier wrote:

When building GTK3 Wireshark on my Fedora system (after not having done
so for a while), I'm getting many warnings similar to the following:


  CC   libgtkui_a-about_dlg.o
In file included from /usr/include/gtk-3.0/gtk/gtk.h:263:0,
  from about_dlg.c:28:
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:454:43: error: identifier
"and" is a special operator name in C++ [-Werror=c++-compat]
  GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
^

[versions: Fedora 23; GCC 5.1.1; GTK3 3.18.2]

-Wc++-compat seems to have been added in March 2013 (g557df88), so I
don't know why I'm now getting the warnings (although it's been some
number of months since I've built GTK3 Wireshark with GCC);
  Warnings didn't show with previous versions of GCC compiler ?
  GTK changes ??
  ???


I note that configure.ac has the following code to default to build with
GTK3 in certain cases:

 #
 # No GUI toolkits were explicitly specified; pick Qt
 # and GTK+ 3.
 #
 with_qt=yes
 with_gtk3=yes
 elif test "x$with_gtk2" = "xunspecified" -a \
   "x$with_gtk3" = "xunspecified" -a \
   "x$with_qt" = "xno"; then
 #
 # Qt was explicitly disabled, and neither GTK+ 2 nor
 # GTK+ 3 were explicitly specified; pick GTK+ 3.
 #
 with_gtk3=yes
 fi

So: it seems we want to continue to support GTK3 ?

and thus it seems that the -Wc++-compat compile flag would need to be
removed when building GTK stuff or ??

(I do note that there's been a submission in Gerritt to fix a GDK/GTK
deprecation; Is this the only deprecation which needs to be fixed so
that GDK/GTK DISABLE_DEPRECATED can be usued again?

Fromconfigure.ac:

 CPPFLAGS="-DGDK_DISABLE_DEPRECATED $CPPFLAGS"
 if test \( $gtk_config_major_version -eq 3 -a
$gtk_config_minor_version -ge 10 \) ; then
 ## Allow use of deprecated & disable deprecated warnings if Gtk
 >= 3.10;
 ##  The deprecations in Gtk 3.10 will not be fixed ...
 CPPFLAGS="-DGDK_DISABLE_DEPRECATION_WARNINGS $CPPFLAGS"
 else
 CPPFLAGS="-DGTK_DISABLE_DEPRECATED $CPPFLAGS"
 fi


Comments ?


IMO it's a bug in GTK 3.18.


Bill
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] GCC GTK3 Wireshark build warnings ?

2015-11-11 Thread Bill Meier 
When building GTK3 Wireshark on my Fedora system (after not having done 
so for a while), I'm getting many warnings similar to the following:



 CC   libgtkui_a-about_dlg.o
In file included from /usr/include/gtk-3.0/gtk/gtk.h:263:0,
 from about_dlg.c:28:
/usr/include/gtk-3.0/gtk/deprecated/gtkstyle.h:454:43: error: identifier 
"and" is a special operator name in C++ [-Werror=c++-compat]

 GDK_DEPRECATED_IN_3_0_FOR(GtkStyleContext and gtk_render_background)
   ^

[versions: Fedora 23; GCC 5.1.1; GTK3 3.18.2]

-Wc++-compat seems to have been added in March 2013 (g557df88), so I 
don't know why I'm now getting the warnings (although it's been some 
number of months since I've built GTK3 Wireshark with GCC);

 Warnings didn't show with previous versions of GCC compiler ?
 GTK changes ??
 ???


I note that configure.ac has the following code to default to build with 
GTK3 in certain cases:


#
# No GUI toolkits were explicitly specified; pick Qt
# and GTK+ 3.
#
with_qt=yes
with_gtk3=yes
elif test "x$with_gtk2" = "xunspecified" -a \
  "x$with_gtk3" = "xunspecified" -a \
  "x$with_qt" = "xno"; then
#
# Qt was explicitly disabled, and neither GTK+ 2 nor
# GTK+ 3 were explicitly specified; pick GTK+ 3.
#
with_gtk3=yes
fi

So: it seems we want to continue to support GTK3 ?

and thus it seems that the -Wc++-compat compile flag would need to be 
removed when building GTK stuff or ??


(I do note that there's been a submission in Gerritt to fix a GDK/GTK 
deprecation; Is this the only deprecation which needs to be fixed so 
that GDK/GTK DISABLE_DEPRECATED can be usued again?


Fromconfigure.ac:

CPPFLAGS="-DGDK_DISABLE_DEPRECATED $CPPFLAGS"
	if test \( $gtk_config_major_version -eq 3 -a $gtk_config_minor_version 
-ge 10 \) ; then

## Allow use of deprecated & disable deprecated warnings if Gtk 
>= 3.10;
##  The deprecations in Gtk 3.10 will not be fixed ...
CPPFLAGS="-DGDK_DISABLE_DEPRECATION_WARNINGS $CPPFLAGS"
else
CPPFLAGS="-DGTK_DISABLE_DEPRECATED $CPPFLAGS"
fi


Comments ?

Bill
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Graham Bloice 
On 11 November 2015 at 13:38, Jo  wrote:

> Hello,
>
> I did this now for the functions in my other question
> (http://seclists.org/wireshark/2015/Nov/78) but I have no idea how to
> get this working for val_to_str() in my plugin file.
>
> In my source file, i include  and Visual Studio does
> only complain at compile time about unresolved external symbols
> (LNK2001). Can someone please help me on how to access ipproto_val_ext
> from a plugin?
>
> No plugin from the Wireshark sources seem to use external val_to_str()
> calls as of now.
>
>
>
I just tested with a quick hack to the plugin packet-wimaxasncp that
compiled and linked without errors:

diff --git a/epan/ipproto.h b/epan/ipproto.h
index 3477507..ba15f93 100644
--- a/epan/ipproto.h
+++ b/epan/ipproto.h
@@ -191,7 +191,7 @@
 #define IP_PROTO_AX4000 173 /* AX/4000 Testblock - non IANA */
 #define IP_PROTO_NCS_HEARTBEAT  224 /* Novell NCS Heartbeat -
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10071158.htm */

-extern value_string_ext ipproto_val_ext;
+WS_DLL_PUBLIC value_string_ext ipproto_val_ext;
 WS_DLL_PUBLIC const char *ipprotostr(const int proto);

 #endif /* ipproto.h */
diff --git a/plugins/wimaxasncp/packet-wimaxasncp.c
b/plugins/wimaxasncp/packet-wimaxasncp.c
index 64c5cb3..08dffbf 100644
--- a/plugins/wimaxasncp/packet-wimaxasncp.c
+++ b/plugins/wimaxasncp/packet-wimaxasncp.c
@@ -1328,10 +1328,13 @@ static void wimaxasncp_dissect_tlv_value(
 {
 guint16  protocol;
 const gchar *protocol_name;
+const char *s;

 protocol = tvb_get_ntohs(tvb, offset);
 protocol_name = ipprotostr(protocol);

+   s = try_val_to_str_ext(protocol, &ipproto_val_ext);
+
 proto_tree_add_uint_format(
 protocol_list_tree, tlv_info->hf_protocol,
 tvb, offset, 2, protocol,

This was on the master branch, building with VS2013 using CMake.

As you can see, I added the WS_DLL_PUBLIC def to ipproto_val_ext, and then
used that in the plugin.

-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Anders Broman 
Hi,
If I remember correctly there is a problem to use data between .dlls on 
Windows. You can copy the value string to your plugin I suppose.
Regards
Anders

-Original Message-
From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Jo
Sent: den 11 november 2015 14:39
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissect using val_to_str from external file

Hello,

I did this now for the functions in my other question
(http://seclists.org/wireshark/2015/Nov/78) but I have no idea how to get this 
working for val_to_str() in my plugin file.

In my source file, i include  and Visual Studio does only 
complain at compile time about unresolved external symbols (LNK2001). Can 
someone please help me on how to access ipproto_val_ext from a plugin?

No plugin from the Wireshark sources seem to use external val_to_str() calls as 
of now.

Bye,
Jo

2015-11-11 12:20 GMT+01:00 Graham Bloice :
>
>
> On 11 November 2015 at 10:33, Jo  wrote:
>>
>> Hello Graham,
>>
>> Thank you.
>>
>> Is this set of exported symbols meant to be extended on user request?
>> Or what is the correct way to gain access to symbols that are not yet 
>> marked for export?
>>
>
> If you can manage with local changes, edit away.
>
> If you want to push those changes back to Wireshark so you don't have 
> to apply your local change every time you update your sources then 
> submit a change (https://wiki.wireshark.org/Development/SubmittingPatches).
>
> --
> Graham Bloice
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Jo 
Hello,

I did this now for the functions in my other question
(http://seclists.org/wireshark/2015/Nov/78) but I have no idea how to
get this working for val_to_str() in my plugin file.

In my source file, i include  and Visual Studio does
only complain at compile time about unresolved external symbols
(LNK2001). Can someone please help me on how to access ipproto_val_ext
from a plugin?

No plugin from the Wireshark sources seem to use external val_to_str()
calls as of now.

Bye,
Jo

2015-11-11 12:20 GMT+01:00 Graham Bloice :
>
>
> On 11 November 2015 at 10:33, Jo  wrote:
>>
>> Hello Graham,
>>
>> Thank you.
>>
>> Is this set of exported symbols meant to be extended on user request?
>> Or what is the correct way to gain access to symbols that are not yet
>> marked for export?
>>
>
> If you can manage with local changes, edit away.
>
> If you want to push those changes back to Wireshark so you don't have to
> apply your local change every time you update your sources then submit a
> change (https://wiki.wireshark.org/Development/SubmittingPatches).
>
> --
> Graham Bloice
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] GTP session plugin

2015-11-11 Thread Pascal Quantin 
2015-11-11 13:36 GMT+01:00 POZUELO Gloria (BCS/PSD) :

> Hi,
>
>
>
> I’ve almost finished the plugin I’m working on, but now I’m trying to
> improve the performance. I’d like to ask you if there’s a way to know if
> wireshark has dissected all packets of the pcap file, this way I could
> avoid to calculate all the necessary things for getting the GTP session
> every time I sort the pcap, for example. Now, what I’ve done, is that every
> packet checks if it has a session ID or not, but for that, we have to loop
> over all the existing sessions and if the pcap is bigger enough, then the
> performance is not as good as expected. I think that knowing when the first
> calculus has finished will improve the performance, since we only have to
> show the corresponding session ID.
>
>
>

Hi,

have a look at PINFO_FD_VISITED(pinfo) flag: it is set to FALSE the first
time a packet is dissected, and set to TRUE afterwards. Thi is how request
/ response tracking is done for example (see
doc\README.request_response_tracking).

Regards,
Pascal.

Thank you very much.
>
>
>
> Regards.
>
>
>
> *From:* wireshark-dev-boun...@wireshark.org [mailto:
> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Pascal Quantin
> *Sent:* Monday 2 November 2015 17:11
>
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] GTP session plugin
>
>
>
>
>
>
>
> 2015-11-02 17:07 GMT+01:00 POZUELO Gloria (BCS/PSD) <
> gloria.pozu...@bics.com>:
>
> Thank you very much! It worked! I don’t know the utility of the scope
> parameter, I’ve set it  to NULL, is it correct?
>
>
>
> Setting it to NULL means that you need to manually free the memory (using
> wmem_free function) when you are done with it. Other scopes (like packet
> scope or file scope for example) are freed automatically when the lifetime
> of the pool expires. The validity of the scope depends where you are
> putting your code (and you will get an assert if you try to use a memory
> scope outside of its valid context). See doc/README.wmem for more
> information.
>
> BR,
>
> Pascal.
>
>
>
>
>
> *From:* wireshark-dev-boun...@wireshark.org [mailto:
> wireshark-dev-boun...@wireshark.org] *On Behalf Of *Pascal Quantin
> *Sent:* Monday 2 November 2015 16:29
> *To:* Developer support list for Wireshark
>
> *Subject:* Re: [Wireshark-dev] GTP session plugin
>
>
>
>
>
>
>
> 2015-11-02 16:20 GMT+01:00 POZUELO Gloria (BCS/PSD) <
> gloria.pozu...@bics.com>:
>
> Hello!
>
> I would like to ask you about a problem that I encountered while working
> in this development. I need to get the IP dst from the packet information
> and convert it to string (char *), but by inspecting the type _address I
> can see the data pointer, which I thought it would be the memory address of
> the final IP data, but I've checked if this integer correspond with the IP
> dst and turned out not to be the expected address. Could you help me with
> this matter? Is there a better way to get the IP address from pinfo and
> convert it to string?
>
> Thank you very much in advance,
>
> Regards.
>
>
>
> Hi Gloria,
>
> you did not indicate us which Wireshark version you are using, but
> assuming it's a recent one you are probably interested by the
> address_to_str() function found in epan/to_str.h file.
>
> Best regards,
>
> Pascal.
>
> -Original Message-
> From: Jeff Morriss [mailto:jeff.morriss...@gmail.com]
> Sent: Friday 23 October 2015 20:56
> To: Developer support list for Wireshark; POZUELO Gloria (BCS/PSD)
> Subject: Re: [Wireshark-dev] GTP session plugin
>
> On 10/22/15 03:43, POZUELO Gloria (BCS/PSD) wrote:
> > Hi all,
> >
> > I get in touch with you, since I would like to develop a new plugin
> > for GTP protocol (V1 and V2 versions). This functionality would
> > consists of looking for all messages that belongs to the same session.
> > For
> > instance: you select from 1 to N Create Session Request or Create PDP
> > Context and all the information about those sessions will be shown,
> > this way you could export those specific packets.
>
> It sounds like what you're describing is similar to what another of other
> dissectors (like TCP, SCTP, and I think SCCP).  You would basically need to
> modify the GTP dissector to build up state which includes information about
> each GTP session (similar to the way the TCP dissector builds up state
> information about each TCP connection).
>
> I can't really offer any specific advice other than to look at how other
> dissectors do it.  If you want a starting point, look at the "tcp.stream"
> field (which uniquely identifies a TCP connection that the TCP dissector
> has found).  Also you need to be aware that dissectors usually build up
> this state only on the first pass through the packets (when
> pinfo->fd->flags.visited is FALSE).
>
>
> 
>
>  DISCLAIMER
> http://www.bics.com/maildisclaimer/
>
> ___
> Sent via:Wireshark-dev mailing list 
>

Re: [Wireshark-dev] GTP session plugin

2015-11-11 Thread POZUELO Gloria (BCS/PSD) 
Hi,

I’ve almost finished the plugin I’m working on, but now I’m trying to improve 
the performance. I’d like to ask you if there’s a way to know if wireshark has 
dissected all packets of the pcap file, this way I could avoid to calculate all 
the necessary things for getting the GTP session every time I sort the pcap, 
for example. Now, what I’ve done, is that every packet checks if it has a 
session ID or not, but for that, we have to loop over all the existing sessions 
and if the pcap is bigger enough, then the performance is not as good as 
expected. I think that knowing when the first calculus has finished will 
improve the performance, since we only have to show the corresponding session 
ID.

Thank you very much.

Regards.

From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Pascal Quantin
Sent: Monday 2 November 2015 17:11
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] GTP session plugin



2015-11-02 17:07 GMT+01:00 POZUELO Gloria (BCS/PSD) 
mailto:gloria.pozu...@bics.com>>:
Thank you very much! It worked! I don’t know the utility of the scope 
parameter, I’ve set it  to NULL, is it correct?

Setting it to NULL means that you need to manually free the memory (using 
wmem_free function) when you are done with it. Other scopes (like packet scope 
or file scope for example) are freed automatically when the lifetime of the 
pool expires. The validity of the scope depends where you are putting your code 
(and you will get an assert if you try to use a memory scope outside of its 
valid context). See doc/README.wmem for more information.
BR,
Pascal.


From: 
wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org]
 On Behalf Of Pascal Quantin
Sent: Monday 2 November 2015 16:29
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] GTP session plugin



2015-11-02 16:20 GMT+01:00 POZUELO Gloria (BCS/PSD) 
mailto:gloria.pozu...@bics.com>>:
Hello!

I would like to ask you about a problem that I encountered while working in 
this development. I need to get the IP dst from the packet information and 
convert it to string (char *), but by inspecting the type _address I can see 
the data pointer, which I thought it would be the memory address of the final 
IP data, but I've checked if this integer correspond with the IP dst and turned 
out not to be the expected address. Could you help me with this matter? Is 
there a better way to get the IP address from pinfo and convert it to string?

Thank you very much in advance,

Regards.

Hi Gloria,
you did not indicate us which Wireshark version you are using, but assuming 
it's a recent one you are probably interested by the address_to_str() function 
found in epan/to_str.h file.
Best regards,
Pascal.
-Original Message-
From: Jeff Morriss 
[mailto:jeff.morriss...@gmail.com]
Sent: Friday 23 October 2015 20:56
To: Developer support list for Wireshark; POZUELO Gloria (BCS/PSD)
Subject: Re: [Wireshark-dev] GTP session plugin

On 10/22/15 03:43, POZUELO Gloria (BCS/PSD) wrote:
> Hi all,
>
> I get in touch with you, since I would like to develop a new plugin
> for GTP protocol (V1 and V2 versions). This functionality would
> consists of looking for all messages that belongs to the same session.
> For
> instance: you select from 1 to N Create Session Request or Create PDP
> Context and all the information about those sessions will be shown,
> this way you could export those specific packets.

It sounds like what you're describing is similar to what another of other 
dissectors (like TCP, SCTP, and I think SCCP).  You would basically need to 
modify the GTP dissector to build up state which includes information about 
each GTP session (similar to the way the TCP dissector builds up state 
information about each TCP connection).

I can't really offer any specific advice other than to look at how other 
dissectors do it.  If you want a starting point, look at the "tcp.stream" field 
(which uniquely identifies a TCP connection that the TCP dissector has found).  
Also you need to be aware that dissectors usually build up this state only on 
the first pass through the packets (when pinfo->fd->flags.visited is FALSE).




 DISCLAIMER
http://www.bics.com/maildisclaimer/
___
Sent via:Wireshark-dev mailing list 
mailto:wireshark-dev@wireshark.org>>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


___
Sent via:Wireshark-dev mailing list 
mailto:wireshark-dev@wir

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Graham Bloice 
On 11 November 2015 at 10:33, Jo  wrote:

> Hello Graham,
>
> Thank you.
>
> Is this set of exported symbols meant to be extended on user request?
> Or what is the correct way to gain access to symbols that are not yet
> marked for export?
>
>
If you can manage with local changes, edit away.

If you want to push those changes back to Wireshark so you don't have to
apply your local change every time you update your sources then submit a
change (https://wiki.wireshark.org/Development/SubmittingPatches).

-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Jo 
Hello Graham,

Thank you.

Is this set of exported symbols meant to be extended on user request?
Or what is the correct way to gain access to symbols that are not yet
marked for export?

Bye,
jo

2015-11-11 11:25 GMT+01:00 Graham Bloice :
> See ws_symbol_export.h for the details.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Graham Bloice 
On 11 November 2015 at 10:11, Jo  wrote:

> Hello Bill,
>
> thank you for your quick answer.
>
> I am developing a plugin. Am I on my windows development machine
> limited to the Wireshark API exposed to plugins (aka
> libwireshark.def)?
>
> Can I somewhere request that ipproto_val_ext is exported for plugins?
>
>
>
Recent versions of Wireshark no longer use libwireshark.def to control the
export of symbols, instead the symbol is marked for export in its
declaration by the use of WS_DLL_PUBLIC, e.g.

 WS_DLL_PUBLIC const char *ipprotostr(const int proto);

See ws_symbol_export.h for the details.


-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Alexis La Goutte 
Hi Jo,

The better is push a patch on code review for add ipproto_val_ext on
libwireshark.def

Regards,

On Wed, Nov 11, 2015 at 11:11 AM, Jo  wrote:

> Hello Bill,
>
> thank you for your quick answer.
>
> I am developing a plugin. Am I on my windows development machine
> limited to the Wireshark API exposed to plugins (aka
> libwireshark.def)?
>
> Can I somewhere request that ipproto_val_ext is exported for plugins?
>
> Bye,
> Jo
>
>
>
> 2015-11-09 17:59 GMT+01:00 Bill Meier :
> > On 11/9/2015 10:49 AM, Jo wrote:
> >>
> >> Hello,
> >>
> >> In my protocol, one TLV is called "proto" and contains the IANA number
> >> of a well-known protocol. How can I display the value together with the
> >> string and using the available data from , for example?
> >>
> >> I know how to do it via val_to_str() but I am failing on importing the
> >> existing definitions.
> >>
> >
> > See epan/dissectors/packet-rohc for 2 examples of how to access
> > ipproto_val_ext from your dissector. ( from an hf[] array entry or using
> > val_to_str_ext()).
> >
> >
> >
> >
> ___
> > Sent via:Wireshark-dev mailing list 
> > Archives:https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Dissect using val_to_str from external file

2015-11-11 Thread Jo 
Hello Bill,

thank you for your quick answer.

I am developing a plugin. Am I on my windows development machine
limited to the Wireshark API exposed to plugins (aka
libwireshark.def)?

Can I somewhere request that ipproto_val_ext is exported for plugins?

Bye,
Jo



2015-11-09 17:59 GMT+01:00 Bill Meier :
> On 11/9/2015 10:49 AM, Jo wrote:
>>
>> Hello,
>>
>> In my protocol, one TLV is called "proto" and contains the IANA number
>> of a well-known protocol. How can I display the value together with the
>> string and using the available data from , for example?
>>
>> I know how to do it via val_to_str() but I am failing on importing the
>> existing definitions.
>>
>
> See epan/dissectors/packet-rohc for 2 examples of how to access
> ipproto_val_ext from your dissector. ( from an hf[] array entry or using
> val_to_str_ext()).
>
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Determine address type of string

2015-11-11 Thread Jo 
Hello Chris,

I really like this idea but IIRC not the complete API is exposed to
plugins and so str_to_ip and str_to_ip6 are not available in a
standard installation for plugins (they are not included in the
libwireshark.def file which I do not have on my windows development
machine anyway but these entries are missing from a libwireshark.def
file I found on the internet).

Do you have any idea where I can request these two functions to be
added to plugin API?

Bye,
Jo

2015-11-09 15:12 GMT+01:00 Maynard, Chris :
> You could first call str_to_ip() and if it fails, call str_to_ip6(), and if 
> that too fails then assume it's a FQDN.  The str_to_ip() and str_to_ip6() 
> functions are just wrappers for inet_pton(); they are declared in 
> epan/addr_resolv.h.
>
> - Chris
>
> -Original Message-
> From: wireshark-dev-boun...@wireshark.org 
> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Jo
> Sent: Mon, November 09, 2015 4:14 AM
> To: wireshark-dev@wireshark.org
> Subject: [Wireshark-dev] Determine address type of string
>
> Hello,
>
> I am writing a custom dissector as a plugin. There I need to determine the 
> address type of a string in a TLV. It can be either an IPv4 address, IPv6 
> address or a FQDN.
>
> What is the best way to parse this string into the Wireshark data types?
>
> My idea was to check which delimieters occur ("." -> IPv4, ":" ->
> IPv6) iand if there dots, to check whether the parts between the dots are 
> numerical.
>
> Bye,
> Jo
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
> --
>
>
>
> CONFIDENTIALITY NOTICE: This message is the property of International Game 
> Technology PLC and/or its subsidiaries and may contain proprietary, 
> confidential or trade secret information.  This message is intended solely 
> for the use of the addressee.  If you are not the intended recipient and have 
> received this message in error, please delete this message from your system. 
> Any unauthorized reading, distribution, copying, or other use of this message 
> or its attachments is strictly prohibited.
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe