[Wireshark-dev] Packaging for MacOS

[Simon Barber]

Hi,

I am successfully building from source (macossetup script, not homebrew) on
MacOS Yosemite. I would like to package my binary for distribution - how do
I do that?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Some planned cleanups of the 802.11 dissector

[Simon Barber]

great idea. I'll wait for your changes before adding a feature - I'd like
to be able to filter out beacons by writing wlan.beacon, probes by
wlan.probe_request, etc.

Simon

On Sun, Jun 26, 2016 at 3:07 PM, Joerg Mayer  wrote:

> Hello,
>
> I plan to do some cleanups to
> - somewhat improve the readability of the code
>   1) Get rid of reduntant author entries and code comments, see
>  https://code.wireshark.org/review/16154
>   2) Get rid of those fixed field functions that only add one of two items.
>  Call the remaining functions directly (without the indirection of
>  add_fixed_field()).
> - make the use of filters more straight forward: We currently register the
>   following top level filters within the file:
>   wlan_aggregate
>   wlan
>   wlan_mgt
>   wlan_rsna_eapol
>   I'd like to merge at least wlan_mgt into wlan. I don't see the gain in
> the
>   separation and it definitely confuses me:
>   a) wlan_mgt is not only managemnt frames but also control frames while
>  data frames are just wlan.
>   b) The addresses inside wlan_mgt frames are addressed via wlan.xxx
>
> Let me know what you think about these things.
>
> Thanks
>Jörg
>
> --
> Joerg Mayer   
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] [Wireshark-commits] buildbot failure in Wireshark (development) on OSX 10.6 x64

[Simon Barber]

Yes please!

On Mon, Jun 27, 2016 at 12:20 AM, Dario Lombardo <
dario.lombardo...@gmail.com> wrote:

>
>
> On Mon, Jun 27, 2016 at 3:16 AM, Jim Young  wrote:
>
>>
>> Time for a Petri Dish for OS X?
>>
>> Jim Y.
>>
>
> Giant +1 for this.
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Some planned cleanups of the 802.11 dissector

[Simon Barber]

On Mon, Jun 27, 2016 at 1:59 AM, Alexis La Goutte  wrote:

> Hi Joerg,
>
>
> On Mon, Jun 27, 2016 at 12:07 AM, Joerg Mayer  wrote:
>
>> Hello,
>>
>> I plan to do some cleanups to
>> - somewhat improve the readability of the code
>>   1) Get rid of reduntant author entries and code comments, see
>>  https://code.wireshark.org/review/16154
>
> Mixed opinion about this change... (but to last already merged)
> But i think we can remove all authors info (or add online by author like
> already on the top
>  Credits:
>  *
> <= Add list of contributor (from shortlog ?)
>
>
>>   2) Get rid of those fixed field functions that only add one of two
>> items.
>>  Call the remaining functions directly (without the indirection of
>>  add_fixed_field()).
>>
> if i remember, it is add because more easy to "maintain" this code...
>
>
>> - make the use of filters more straight forward: We currently register the
>>   following top level filters within the file:
>>   wlan_aggregate
>>   wlan
>>   wlan_mgt
>>   wlan_rsna_eapol
>>   I'd like to merge at least wlan_mgt into wlan. I don't see the gain in
>> the
>>   separation and it definitely confuses me:
>>   a) wlan_mgt is not only managemnt frames but also control frames while
>>  data frames are just wlan.
>>   b) The addresses inside wlan_mgt frames are addressed via wlan.xxx
>>
> Good idea but..
> it will break all filter... (and wireless is often use...)
>
> Can be wait after 2.2.0 ? (planned to this summer)
>

How about supporting a new syntax all under wlan. now, and removing the old
syntax later (2.2.0)?


>
> Cheers
>
>
>>
>> Let me know what you think about these things.
>>
>> Thanks
>>Jörg
>>
>> --
>> Joerg Mayer   
>> We are stuck with technology when what we really want is just stuff that
>> works. Some say that should read Microsoft instead of technology.
>>
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Release package for Mac

[Simon Barber]

How do I build an installer for Mac?

make package generates something weird, and make dmg_package requires
PackageMaker

What is used for official builds?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Release package for Mac

[Simon Barber]

What is the 'package_prep' stage?

Simon

On Sun, Feb 12, 2017 at 10:18 AM, Jaap Keuter  wrote:

>
> > On 10 Feb 2017, at 21:07, Simon Barber  wrote:
> >
> > How do I build an installer for Mac?
> >
> > make package generates something weird, and make dmg_package requires
> PackageMaker
> >
> > What is used for official builds?
> >
>
> You can always have a look at the buildbot to see how it’s done:
> https://buildbot.wireshark.org/wireshark-master/builders
>
> Thanks,
> Jaap
>
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] TCP reassembly slow

[Simon Barber]

When loading a large file (0.5M packets) with a large single TCP stream in
it, wireshark gets very slow. I did some profiling and found 90% of the CPU
time was spent in epan/reassemble.c LINK_FRAG() - scanning through a long
singly linked list and adding to the end of it.

As a work around I disabled 'allow subdissector to reassemble TCP streams'
in the TCP protocol preferences. This makes loading this file much faster.

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Release package for Mac

[Simon Barber]

My build produced with make dmg_package seem to produce something that
requires Mac OS Sierra to install. (I am building on Mac OS Sierra). How
can I generate a package that will install on something older?

Simon

On Sun, Feb 12, 2017 at 11:25 AM, Alexis La Goutte <
alexis.lagou...@gmail.com> wrote:

>
>
> On Sun, Feb 12, 2017 at 7:18 PM, Jaap Keuter 
> wrote:
>
>>
>> > On 10 Feb 2017, at 21:07, Simon Barber  wrote:
>> >
>> > How do I build an installer for Mac?
>> >
>> > make package generates something weird, and make dmg_package requires
>> PackageMaker
>> >
>> > What is used for official builds?
>> >
>>
>> You can always have a look at the buildbot to see how it’s done:
>> https://buildbot.wireshark.org/wireshark-master/builders
>>
>> Hi Simon,
>
> Yes, i confirm, MacOS always use PackageMaker (and yes it is no longer
> supported...)
>
>
>> Thanks,
>> Jaap
>>
>> 
>> ___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscr
>> ibe
>
>
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] calling from UI to a dissector

[Simon Barber]

I have code in the wlan_radio dissector to track whether every frame in the
capture can provide the timing information for display of the packet. If
not, the timeline will not be shown. So I need a way to call from the UI to
the dissector. How should I do this?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] attribution/copyright

[Simon Barber]

I'd like to add my name to the authors list - should I do this in the
commit where I add the feature? What files should I add myself to?

Are there rules for the copyright message at the top of source files?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] buildbot down?

[Simon Barber]

I can't reach it by https - trying to check on a failed build.

This site can’t be reached

*buildbot.wireshark.org * refused to connect.

Try:

   - Checking the connection
   - Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] epan_t and capture_file

[Simon Barber]

Why are they loosely coupled?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] epan_t and capture_file

[Simon Barber]

I ask because I am working out how to connect the wlan_radio dissector with
the wireless timeline UI code. Right now the only use of the data field in
epan_t that I can find is as a link to the capture_file. Also the only link
from the capture_file->window field is to the QT MainWindow, so in theory I
can from the dissector test if the window is set, and if so access the
MainWindow, and thus the WirelessTimeline directly. OK, or should I find
another way?

On Thu, Apr 13, 2017 at 12:10 PM, Guy Harris  wrote:

> On Apr 13, 2017, at 10:52 AM, Simon Barber 
> wrote:
>
> > Why are they loosely coupled?
>
> In theory, libwireshark could be used in a program that doesn't have a
> "capture file" from which the packets come.
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] epan_t and capture_file

[Simon Barber]

The timeline needs to know whether every packet includes timing
information. If not, the timeline should be hidden. This is only determined
after all the packets have been through a first dissection pass.

On Thu, Apr 13, 2017 at 5:21 PM, Guy Harris  wrote:

> On Apr 13, 2017, at 4:40 PM, Simon Barber  wrote:
>
> > I ask because I am working out how to connect the wlan_radio dissector
> with the wireless timeline UI code.
>
> The answer to "how do I connect the XXX dissector with the YYY UI code?"
> is "very indirectly", as in "the XXX dissector is not guaranteed to have
> any particular UI code to depend on, so it can only throw out some data in
> the hopes that the UI code will capture it".
>
> That's what taps are for.  They provide data to a tap listener, which is
> what does UI stuff with it (printing it, displaying it in a window, handing
> it to a server, whatever).
>
> > Right now the only use of the data field in epan_t that I can find is as
> a link to the capture_file. Also the only link from the
> capture_file->window field is to the QT MainWindow, so in theory I can from
> the dissector test if the window is set,
>
> No, you can't.  You are not even guaranteed that there are any windows
> other than the glass tube of the VT100 connected to the box on which you're
> running TShark. :-)
>
> (If I still had my VT100, I'd get a USB-to-serial converter, plug it into
> my MacBook Pro, fire up a getty on the resulting serial port, hook up the
> VT100, log in, and run TShark from it, just for the lulz.  Doing it with a
> Model 33 Teletype would be even more fun, except that macOS's terminal
> driver doesn't support all the delay options that a Model 33 requires.)
>
> > OK
>
> No.
>
> > or should I find another way?
>
> Yes.  What is it you're *really* trying to do (described at a high level
> of the UI)?  What information does the timeline code need from the
> dissector that's not currently supplied through the tap mechanism?
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Architecture of wireless timeline viewer

[Simon Barber]

Currently the wireless timeline viewer is implemented as so:

1. patch to add single packet duration calculation to the wlan_radio
dissector (merged)
2. patch to enhance this to add aggregate detection, and calculation of
packet start and end times (not merged)
3. a patch to allow the GUI to call into the protocol
4. a patch to add a GUI that displays a timeline using the start and end
times calculated in 2. (not yet merged)

Currently 2. uses some protocol packet data to handle the state necessary
for tracking aggregate subframes from various generators that do not
include timing information in all frames. Also for storing the packet start
and end times, so that the GUI can access them quickly when rendering the
timeline at low zoom levels (where many packets may need to be accessed to
generate the display).

Currently 4. uses a new function to allow access to protocol data from the
frame number to get the packet start and end times.  - adds function
p_get_frame_data() to proto.c
This function used to exist, but was removed a while ago.

In addition 4. uses a new machanism introduced by 3. to allow the
wlan_radio protocol to track whether every frame in a capture has
sufficient information to determine both start and end time. If not then
the GUI will not display the capture. Some generators sometimes drop
essential timiing information perhaps from many or just a few packets.

The issue here is the fairly tight coupling between the GUI and the
wlan_radio protocol - this is new. The GUI must be able to addess packet
timing (start and end time) fast, for the display. The wlan_radio protocol
needs to track state to determine these times.

Sometimes the wlan_radio protocol goes back and changes packet timing
information from already dissected packets (e.g. when there is a generator
that only includes timing information on the last packet in an aggregate) -
so a tap to deliver timing information from protocol to GUI once on the
first dissection pass will not work.

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] 802.11 timeline view and aggregation

[Simon Barber]

A few years ago I wrote an extension for Wireshark that allows 802.11
frames to be viewed on a zoomable, scrollable timeline in a third pane
added to the main display.

https://github.com/parc-wifi/wireshark

I'm now working on updating and revamping that code to support 802.11n and
802.11ac, and porting it to the new QT UI.

802.11n added aggregation as a new feature. Most wireless cards do the
de-aggregation in the hardware, and deliver the individual MPDU frames to
the driver. As a result all the radiotap captures I have seen have multiple
frames in the capture where on the air there was only a single physical
layer aggregate frame (A-MPDU). Since this extension to wireshark is
calculating and exposing physical layer properties (inter frame spaces and
timings) it needs to work with physical layer frames. I have a design
question. Should I

1. pre-process the capture files to re-aggregate the MPDUs into single
A-MPDU frames (a single A-MPDU shows up in wireshark as a single packet,
containing multiple 802.11 MPDUs)
or
2. somehow track the A-MPDUs within wireshark, perhaps using the
'conversation' feature. (frames show up in the packet list as they do now -
each MPDU is a separate packet in wireshark, and the timeline view needs to
be smart as to how it displays them).

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] 802.11 timeline view and aggregation

[Simon Barber]

A few years ago I wrote an extension for Wireshark that allows 802.11
frames to be viewed on a zoomable, scrollable timeline in a third pane
added to the main display.

https://github.com/parc-wifi/wireshark

I'm now working on updating and revamping that code to support 802.11n and
802.11ac, and porting it to the new QT UI.

802.11n added aggregation as a new feature. Most wireless cards do the
de-aggregation in the hardware, and deliver the individual MPDU frames to
the driver. As a result all the radiotap captures I have seen have multiple
frames in the capture where on the air there was only a single physical
layer aggregate frame (A-MPDU). Since this extension to wireshark is
calculating and exposing physical layer properties (inter frame spaces and
timings) it needs to work with physical layer frames. I have a design
question. Should I

1. pre-process the capture files to re-aggregate the MPDUs into single
A-MPDU frames (a single A-MPDU shows up in wireshark as a single packet,
containing multiple 802.11 MPDUs)
or
2. somehow track the A-MPDUs within wireshark, perhaps using the
'conversation' feature. (frames show up in the packet list as they do now -
each MPDU is a separate packet in wireshark, and the timeline view needs to
be smart as to how it displays them).

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Problems building on Mac OS Yosemite

[Simon Barber]

I'm trying to build wireshark out of the git repository, master branch, on
my Mac OS Yosemite machine.

The build fails while running the macos-setup script, while building GTK,
with:


/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive

Making all in x11

make[4]: Nothing to be done for `all'.

Making all in .

/bin/sh ../libtool  --tag=CC   --mode=link gcc
-DGDK_PIXBUF_DISABLE_DEPRECATED -g -O2 -mmacosx-version-min=10.10 -isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk
-Wall  -version-info 2400:17:2400 -export-dynamic -rpath /usr/local/lib
-export-symbols-regex "^[^_].*" -mmacosx-version-min=10.10 -isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk
-o libgdk-x11-2.0.lagdk.lo gdkapplaunchcontext.lo gdkcairo.lo
gdkcolor.lo gdkcursor.lo gdkdisplay.lo gdkdisplaymanager.lo gdkdnd.lo
gdkdraw.lo gdkevents.lo gdkfont.lo gdkgc.lo gdkglobals.lo gdkimage.lo
gdkkeys.lo gdkkeyuni.lo gdkoffscreenwindow.lo gdkpango.lo
gdkpixbuf-drawable.lo gdkpixbuf-render.lo gdkpixmap.lo
gdkpolyreg-generic.lo gdkrectangle.lo gdkregion-generic.lo gdkrgb.lo
gdkscreen.lo gdkselection.lo gdkvisual.lo gdkwindow.lo gdkwindowimpl.lo
gdkenumtypes.lo gdkmarshalers.lo x11/libgdk-x11.la -L/usr/local/lib
-L/opt/X11/lib -lpangocairo-1.0 -lpango-1.0 -lgio-2.0 -lfontconfig
-lfreetype -lXrender -lXinerama -lXrandr -lXcursor -lXcomposite -lXdamage
-lXfixes -lgdk_pixbuf-2.0 -lgobject-2.0 -lglib-2.0 -lintl -lcairo -lX11
-lXext  -lm

grep: /usr/local/lib/libcairo.la: No such file or directory

sed: /usr/local/lib/libcairo.la: No such file or directory

libtool: link: `/usr/local/lib/libcairo.la' is not a valid libtool archive

make[4]: *** [libgdk-x11-2.0.la] Error 1

make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


If I change the macos-setup script to use GTK3, and update the PNG_VERSION
from 1.5.17 to 1.5.22 then the script runs OK, and I can produce a working
wireshark binary, but the resulting wireshark-gtk binary segfaults shortly
after startup.

Anyone run into this? Should the wireshark-gtk binary be working with GTK3?
Or does anyone know what magic is needed to get GTK2 to build on Yosemite?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problems building on Mac OS Yosemite

[Simon Barber]

Yes. xlogo runs OK.

Simon
On May 29, 2015 11:20 PM, "Guy Harris"  wrote:

>
> On May 29, 2015, at 9:16 PM, Simon Barber  wrote:
>
> > I'm trying to build wireshark out of the git repository, master branch,
> on my Mac OS Yosemite machine.
>
> You've installed XQuartz, right?
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] 802.11 timeline view and aggregation

[Simon Barber]

The main thing that is 802.11 specific is that it relies on the hardware
timestamps (radiotap.mactime) to have guaranteed accuracy. The 802.11 mac
relies heavily on frame timing, and the extension splits into 2 parts - 1
part that calculates frame durations and start and end times from the
available radiotap information, timestamps, and details of what physical
layer framing and headers are in use. It also calculated the inter-frame
spaces that are so important to the 802.11 MAC, and another part of the
code that uses all this data and provides the visualization. I imagine this
kind of display would be very useful for other, non 802.11 protocols as
well, although software based timestamps would mean that the display might
not be perfectly accurate. Also with software based timestamps sometimes
packets can appear to overlap, and that would need to be resolved.

No documentation was written, and I don't have any screenshots (although
the functionality worked very well the niceties of the GUI were never
finished). The packet timeline was rendered anti-aliased, so when zoomed
out you could see the density of traffic vary over a large period of time,
and when you zoomed in you could see single microseconds. I am currently
working to bring the code up to date and get it building on the master
branch. I can take some screenshots when I get the code running. This is
partly why I was asking questions about whether the gtk build is expected
to work in the current master branch - since all the visualization code was
gtk. I was also previously developing on Debian, but am now using Mac OS
(which I am not very familiar with), and have been having trouble with
getting the master branch to build. QT is working, but GTK is not yet for
me.

I imagine the code from github would build quite easily on a 2 or 3 year
old Debian or Ubuntu OS image. It does not display the timeline unless all
the required physical layer information is available from radiotap to
correctly calculate the packet durations. Also on github are patches to the
linux kernel to have the intel drivers include all the required information
in the radiotap captures.

On Mon, Jun 1, 2015 at 7:29 PM, Guy Harris  wrote:

>
> On May 29, 2015, at 9:04 PM, Simon Barber  wrote:
>
> > A few years ago I wrote an extension for Wireshark that allows 802.11
> frames to be viewed on a zoomable, scrollable timeline in a third pane
> added to the main display.
>
> Is there anything 802.11 specific about this - and, if so, are there parts
> that aren't 802.11-specific and that would be useful for other link layer
> types?
>
> Is there some documentation of what it does, preferably with a screenshot?
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problems building on Mac OS Yosemite

[Simon Barber]

Thanks - deleting my entire macos-support-libs and restarting did the
trick. I had tried to use the setup script a couple of months ago when it
was broken, and there was probably something left behind from that.

cmake didn't work but configure gets me a working wireshark-gtk.

Simon

On Mon, Jun 1, 2015 at 7:39 PM, Guy Harris  wrote:

>
> On May 29, 2015, at 11:23 PM, Simon Barber 
> wrote:
>
> > On May 29, 2015 11:20 PM, "Guy Harris"  wrote:
> >
> >> On May 29, 2015, at 9:16 PM, Simon Barber 
> wrote:
> >>
> >>> I'm trying to build wireshark out of the git repository, master
> branch, on my Mac OS Yosemite machine.
> >>
> >> You've installed XQuartz, right?
> >
> > Yes. xlogo runs OK.
>
> What does
>
> ls -ld /usr/X11
>
> print?  If it prints
>
> ls: /usr/X11: No such file or directory
>
> then you probably installed XQuartz on a machine running a pre-Yosemite
> version of OS X, and then upgraded to Yosemite, and the Yosemite installer
> proceeded to trash your XQuartz installation.  Do
>
> sudo ln -s /opt/X11 /usr/X11
>
> to fix the XQuartz installation, and then, in your source directory, do
>
> rm -rf macosx-support-libs
>
> and re-run the macosx-setup.sh script.
>
> If "ls -ld /usr/X11" doesn't print "ls: /usr/X11: No such file or
> directory", what does
>
> ls -l /usr/X11/lib/libcairo.la
>
> print?
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] wtap.h / struct ieee802_11n & ac presence_flags

[Simon Barber]

Is there any reason that the presence_flags in these structs are done as a
single flags field, requiring separate #defines to define the individual
flags, rather than individual single bit members of the struct?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] wtap.h / struct ieee802_11n & ac presence_flags

[Simon Barber]

I am porting my radiotap only timeline code over to use the new radio
dissector, and found the use of the flags aesthetically unpleasing (since I
refer to them a lot). Would you object to me converting them to single bit
fields, and memsetting the whole union to 0 to clear them?

On Thu, Sep 24, 2015 at 11:03 AM, Guy Harris  wrote:

>
> > On Sep 24, 2015, at 10:53 AM, Simon Barber 
> wrote:
> >
> > Is there any reason that the presence_flags in these structs are done as
> a single flags field, requiring separate #defines to define the individual
> flags, rather than individual single bit members of the struct?
>
> (Presumably the single-bit members would all be at the beginning of the
> structure, so that they get packed into a single word.)
>
> The reason I went that way was to let all the bits be cleared with a
> single assignment.  I suppose we could memset the entire union.
>
> (BTW, it's not as if the only ones are for 11n and 11ac; each PHY that has
> additional information to provide has a member of the union.)
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] ui/gtk/pixbuf-csource not linked in

[Simon Barber]

I'm building wireshark_gtk on MacOS 10.10 using cmake, with GTK2, and I'm
not seeing pixbuf-csource being linked in. Here's the AR command:

ar cru libgtkui.a libgtkui_a-about_dlg.o libgtkui_a-addr_resolution_dlg.o
libgtkui_a-bytes_view.o libgtkui_a-capture_dlg.o
libgtkui_a-capture_file_dlg.o libgtkui_a-capture_if_dlg.o
libgtkui_a-capture_info_dlg.o libgtkui_a-color_dlg.o
libgtkui_a-color_edit_dlg.o libgtkui_a-color_utils.o
libgtkui_a-conversation_hastables_dlg.o libgtkui_a-conversations_table.o
libgtkui_a-decode_as_dlg.o libgtkui_a-dfilter_expr_dlg.o
libgtkui_a-dissector_tables_dlg.o libgtkui_a-dlg_utils.o
libgtkui_a-drag_and_drop.o libgtkui_a-edit_packet_comment_dlg.o
libgtkui_a-expert_comp_table.o libgtkui_a-export_object_dlg.o
libgtkui_a-export_sslkeys.o libgtkui_a-extcap_gtk.o
libgtkui_a-filter_autocomplete.o libgtkui_a-file_dlg.o
libgtkui_a-file_import_dlg.o libgtkui_a-fileset_dlg.o
libgtkui_a-filter_dlg.o libgtkui_a-filter_expression_save_dlg.o
libgtkui_a-filter_utils.o libgtkui_a-find_dlg.o libgtkui_a-firewall_dlg.o
libgtkui_a-follow_ssl.o libgtkui_a-follow_stream.o libgtkui_a-follow_tcp.o
libgtkui_a-follow_udp.o libgtkui_a-font_utils.o libgtkui_a-goto_dlg.o
libgtkui_a-graph_analysis.o libgtkui_a-gtk_iface_monitor.o
libgtkui_a-gui_stat_util.o libgtkui_a-gui_utils.o libgtkui_a-help_dlg.o
libgtkui_a-hostlist_table.o libgtkui_a-macros_dlg.o libgtkui_a-main.o
libgtkui_a-main_80211_toolbar.o libgtkui_a-main_filter_toolbar.o
libgtkui_a-main_menubar.o libgtkui_a-manual_addr_resolv.o
libgtkui_a-packet_panes.o libgtkui_a-main_statusbar.o
libgtkui_a-main_titlebar.o libgtkui_a-main_toolbar.o
libgtkui_a-main_welcome.o libgtkui_a-packet_history.o
libgtkui_a-packet_list_store.o libgtkui_a-packet_list.o
libgtkui_a-packet_win.o libgtkui_a-pixmap_save.o libgtkui_a-plugins_dlg.o
libgtkui_a-prefs_capture.o libgtkui_a-prefs_column.o libgtkui_a-prefs_dlg.o
libgtkui_a-prefs_filter_expressions.o libgtkui_a-prefs_gui.o
libgtkui_a-prefs_layout.o libgtkui_a-prefs_font_color.o
libgtkui_a-print_dlg.o libgtkui_a-profile_dlg.o libgtkui_a-progress_dlg.o
libgtkui_a-proto_dlg.o libgtkui_a-proto_help.o
libgtkui_a-proto_hier_stats_dlg.o libgtkui_a-proto_hier_tree_model.o
libgtkui_a-proto_tree_model.o libgtkui_a-range_utils.o
libgtkui_a-response_time_delay_table.o libgtkui_a-rtp_player.o
libgtkui_a-sctp_byte_graph_dlg.o libgtkui_a-sctp_error_dlg.o
libgtkui_a-sctp_graph_dlg.o libgtkui_a-service_response_time_table.o
libgtkui_a-simple_dialog.o libgtkui_a-simple_stattable.o
libgtkui_a-stock_icons.o libgtkui_a-summary_dlg.o
libgtkui_a-supported_protos_dlg.o libgtkui_a-tap_param_dlg.o
libgtkui_a-text_page_utils.o libgtkui_a-time_shift_dlg.o
libgtkui_a-uat_gui.o libgtkui_a-webbrowser.o  libgtkui_a-compare_stat.o
libgtkui_a-dcerpc_stat.o libgtkui_a-expert_comp_dlg.o
libgtkui_a-export_pdu_dlg.o libgtkui_a-flow_graph.o
libgtkui_a-funnel_stat.o libgtkui_a-gsm_map_summary.o
libgtkui_a-iax2_analysis.o libgtkui_a-io_stat.o libgtkui_a-lbm_stream_dlg.o
libgtkui_a-lbm_uimflow_dlg.o libgtkui_a-mac_lte_stat_dlg.o
libgtkui_a-mcast_stream_dlg.o libgtkui_a-mtp3_summary.o
libgtkui_a-rlc_lte_graph.o libgtkui_a-rlc_lte_stat_dlg.o
libgtkui_a-rpc_stat.o libgtkui_a-rtp_analysis.o libgtkui_a-rtp_stream_dlg.o
libgtkui_a-sctp_assoc_analyse.o libgtkui_a-sctp_chunk_stat.o
libgtkui_a-sctp_chunk_stat_dlg.o libgtkui_a-sctp_stat_dlg.o
libgtkui_a-stats_tree_stat.o libgtkui_a-tcp_graph.o
libgtkui_a-voip_calls_dlg.o libgtkui_a-wlan_stat_dlg.o
libgtkui_a-wireshark-tap-register.o libgtkui_a-wireshark-gresources.o

What do I need to change to fix this?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] ui/gtk/pixbuf-csource not linked in

[Simon Barber]

"_expert_none_pb_data", referenced from:

  _statusbar_new in libgtkui.a(libgtkui_a-main_statusbar.o)

  "_expert_note_pb_data", referenced from:

  _statusbar_new in libgtkui.a(libgtkui_a-main_statusbar.o)

  _expert_comp_init in libgtkui.a(libgtkui_a-expert_comp_dlg.o)

  "_expert_ok_pb_data", referenced from:

  _add_page in libgtkui.a(libgtkui_a-capture_dlg.o)

  "_expert_warn_pb_data", referenced from:

  _statusbar_new in libgtkui.a(libgtkui_a-main_statusbar.o)

  _expert_comp_init in libgtkui.a(libgtkui_a-expert_comp_dlg.o)

  "_gnome_emblem_web_16_pb_data", referenced from:

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_gnome_emblem_web_24_pb_data", referenced from:

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_layout_1_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_layout_2_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_layout_3_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_layout_4_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_layout_5_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_layout_6_pb_data", referenced from:

  _layout_prefs_show in libgtkui.a(libgtkui_a-prefs_layout.o)

  "_network_bluetooth_pb_data", referenced from:

  _capture_get_if_icon in libgtkui.a(libgtkui_a-capture_if_dlg.o)

  "_network_usb_pb_data", referenced from:

  _capture_get_if_icon in libgtkui.a(libgtkui_a-capture_if_dlg.o)

  "_network_wired_pb_data", referenced from:

  _capture_get_if_icon in libgtkui.a(libgtkui_a-capture_if_dlg.o)

  "_network_wireless_pb_data", referenced from:

  _capture_get_if_icon in libgtkui.a(libgtkui_a-capture_if_dlg.o)

  "_pipe_pb_data", referenced from:

  _capture_get_if_icon in libgtkui.a(libgtkui_a-capture_if_dlg.o)

  "_toolbar_wireshark_file_16_pb_data", referenced from:

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_toolbar_wireshark_file_24_pb_data", referenced from:

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_wsicon_16_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  _window_icon_realize_cb in libgtkui.a(libgtkui_a-gui_utils.o)

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_wsicon_24_pb_data", referenced from:

  _stock_icons_init.pixbufs in libgtkui.a(libgtkui_a-stock_icons.o)

  "_wsicon_32_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  _window_icon_realize_cb in libgtkui.a(libgtkui_a-gui_utils.o)

  "_wsicon_48_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  _window_icon_realize_cb in libgtkui.a(libgtkui_a-gui_utils.o)

  "_wsicon_64_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  _window_icon_realize_cb in libgtkui.a(libgtkui_a-gui_utils.o)

  "_wsiconcap_16_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  "_wsiconcap_32_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  "_wsiconcap_48_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  "_wsiconcap_64_pb_data", referenced from:

  _main_capture_callback in libgtkui.a(libgtkui_a-main.o)

  "_wssplash_pb_data", referenced from:

  _about_wireshark in libgtkui.a(libgtkui_a-about_dlg.o)

  _welcome_new in libgtkui.a(libgtkui_a-main_welcome.o)

ld: symbol(s) not found for architecture x86_64

clang: error: linker command failed with exit code 1 (use -v to see
invocation)

make[2]: *** [wireshark-gtk] Error 1

make[1]: *** [all-recursive] Error 1

make: *** [all] Error 2

On Fri, Dec 4, 2015 at 4:46 PM, João Valverde <
joao.valve...@tecnico.ulisboa.pt> wrote:

>
>
> On 05-12-2015 00:29, Simon Barber wrote:
>
>> I'm building wireshark_gtk on MacOS 10.10 using cmake, with GTK2, and
>> I'm not seeing pixbuf-csource being linked in. Here's the AR command:
>>
>> ar cru libgtkui.a libgtkui_a-about_dlg.o
>> libgtkui_a-addr_resolution_dlg.o libgtkui_a-bytes_view.o
>> libgtkui_a-capture_dlg.o libgtkui_a-capture_file_dlg.o
>> libgtkui_a-capture_if_dlg.o libgtkui_a-capture_info_dlg.o
>> libgtkui_a-color_dlg.o libgtkui_a-color_edit_dlg.o
>> libgtkui_a-color_utils.o libgtkui_a-con

Re: [Wireshark-dev] ui/gtk/pixbuf-csource not linked in

[Simon Barber]

I don't see -DHAVE_GRESOURCE

Making all in ui/gtk

> gcc -DHAVE_CONFIG_H -I. -I../..  -I../.. -I../../wiretap
> -DG_DISABLE_DEPRECATED -DG_DISABLE_SINGLE_INCLUDES -DGSEAL_ENABLE
> -DGTK_DISABLE_SINGLE_INCLUDES -DGTK_DISABLE_DEPRECATED
> -DGDK_DISABLE_DEPRECATED  -D_FORTIFY_SOURCE=2 -I/usr/local/include
> '-DPLUGIN_INSTALL_DIR="/usr/local/lib/wireshark/plugins/2.1.0"' -Werror
> -Wno-error=deprecated-declarations -Wall -W -Wextra -Wendif-labels
> -Wpointer-arith -Warray-bounds -Wformat-security -fwrapv -Wvla -Waddress
> -Wattributes -Wdiv-by-zero -Wignored-qualifiers -Wpragmas
> -Wno-overlength-strings -Wwrite-strings -Wno-long-long -Wheader-guard
> -Wunused-const-variable -Wc++-compat -Wdeclaration-after-statement -Wshadow
> -Wno-pointer-sign -Wold-style-definition -Wstrict-prototypes
> -Wshorten-64-to-32 -fvisibility=hidden -mmacosx-version-min=10.10 -isysroot
> /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk
> -g -O2 -D_REENTRANT -isystem/usr/local/include/gtk-2.0
> -isystem/usr/local/lib/gtk-2.0/include -isystem/usr/local/include/pango-1.0
> -isystem/usr/local/include/atk-1.0 -isystem/usr/local/include/cairo
> -isystem/usr/local/include/pixman-1 -isystem/usr/local/include/libpng16
> -isystem/usr/local/include/gdk-pixbuf-2.0
> -isystem/usr/local/include/glib-2.0 -isystem/usr/local/lib/glib-2.0/include
> -isystem/opt/X11/include -isystem/opt/X11/include/freetype2
> -isystem/opt/X11/include -isystem/opt/X11/include/libpng15  -MT
> libgtkui_a-main_statusbar.o -MD -MP -MF .deps/libgtkui_a-main_statusbar.Tpo
> -c -o libgtkui_a-main_statusbar.o `test -f 'main_statusbar.c' || echo
> './'`main_statusbar.c

If I add

> if(GRESOURCE_FOUND AND NOT WIN32)
> message("gresource found")
> set(PIXBUF_SRC
> wireshark-gresources.c
> wireshark-gresources.h
> )
> add_definitions(-DHAVE_GRESOURCE)
> else()
> message("gresource not found")
> set(PIXBUF_SRC
> pixbuf-csource.c
> )
> endif()

I do see "gresource found".

Simon


On Fri, Dec 4, 2015 at 6:03 PM, João Valverde <
joao.valve...@tecnico.ulisboa.pt> wrote:

> 2d7b0fc
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] ui/gtk/pixbuf-csource not linked in

[Simon Barber]

Turns out cmake was erroring on a problem with help/faq.txt (recent build
on master), and not updating properly. Once I commented out the cmake rules
related to help/faq.txt cmake runs OK, and the problem is resolved.

Simon

On Mon, Dec 7, 2015 at 1:29 PM, João Valverde <
joao.valve...@tecnico.ulisboa.pt> wrote:

>
>
> On 07-12-2015 21:01, Simon Barber wrote:
>
>> I don't see -DHAVE_GRESOURCE
>>
>> Making all in ui/gtk
>>
>> gcc -DHAVE_CONFIG_H -I. -I../..  -I../.. -I../../wiretap
>> -DG_DISABLE_DEPRECATED -DG_DISABLE_SINGLE_INCLUDES -DGSEAL_ENABLE
>> -DGTK_DISABLE_SINGLE_INCLUDES -DGTK_DISABLE_DEPRECATED
>> -DGDK_DISABLE_DEPRECATED  -D_FORTIFY_SOURCE=2 -I/usr/local/include
>> '-DPLUGIN_INSTALL_DIR="/usr/local/lib/wireshark/plugins/2.1.0"'
>> -Werror -Wno-error=deprecated-declarations -Wall -W -Wextra
>> -Wendif-labels -Wpointer-arith -Warray-bounds -Wformat-security
>> -fwrapv -Wvla -Waddress -Wattributes -Wdiv-by-zero
>> -Wignored-qualifiers -Wpragmas -Wno-overlength-strings
>> -Wwrite-strings -Wno-long-long -Wheader-guard
>> -Wunused-const-variable -Wc++-compat -Wdeclaration-after-statement
>> -Wshadow -Wno-pointer-sign -Wold-style-definition
>> -Wstrict-prototypes -Wshorten-64-to-32 -fvisibility=hidden
>> -mmacosx-version-min=10.10 -isysroot
>>
>> /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk
>> -g -O2 -D_REENTRANT -isystem/usr/local/include/gtk-2.0
>> -isystem/usr/local/lib/gtk-2.0/include
>> -isystem/usr/local/include/pango-1.0
>> -isystem/usr/local/include/atk-1.0 -isystem/usr/local/include/cairo
>> -isystem/usr/local/include/pixman-1
>> -isystem/usr/local/include/libpng16
>> -isystem/usr/local/include/gdk-pixbuf-2.0
>> -isystem/usr/local/include/glib-2.0
>> -isystem/usr/local/lib/glib-2.0/include -isystem/opt/X11/include
>> -isystem/opt/X11/include/freetype2 -isystem/opt/X11/include
>> -isystem/opt/X11/include/libpng15  -MT libgtkui_a-main_statusbar.o
>> -MD -MP -MF .deps/libgtkui_a-main_statusbar.Tpo -c -o
>> libgtkui_a-main_statusbar.o `test -f 'main_statusbar.c' || echo
>> './'`main_statusbar.c
>>
>> If I add
>>
>> if(GRESOURCE_FOUND AND NOT WIN32)
>> message("gresource found")
>> set(PIXBUF_SRC
>> wireshark-gresources.c
>> wireshark-gresources.h
>> )
>> add_definitions(-DHAVE_GRESOURCE)
>> else()
>> message("gresource not found")
>> set(PIXBUF_SRC
>> pixbuf-csource.c
>> )
>> endif()
>>
>> I do see "gresource found".
>>
>
> I notice you were linking with wireshark-gresource.o. So why is cmake
> (apparently) setting PIXBUF_SRC correctly but not -DHAVE_GRESOURCE?
>
> Maybe try commenting out the add_definitions() command and just define it
> on the command line.
>
> cmake -DHAVE_GRESOURCE ... 
>
> See if that helps.
>
> And please give your cmake version. Also trying to build wireshark with
> autotools on OSX could also help in narrowing this to a cmake issue.
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] wtap.h / struct ieee802_11n & ac presence_flags

[Simon Barber]

Pushed as

https://code.wireshark.org/review/12511 Refactor 802.11 radio flags.

On Thu, Sep 24, 2015 at 12:21 PM, Guy Harris  wrote:

>
> On Sep 24, 2015, at 11:42 AM, Simon Barber 
> wrote:
>
> > I am porting my radiotap only timeline code over to use the new radio
> dissector, and found the use of the flags aesthetically unpleasing (since I
> refer to them a lot). Would you object to me converting them to single bit
> fields, and memsetting the whole union to 0 to clear them?
>
> No, I'm OK with that.
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] radiotap_info

[Simon Barber]

Is this used by anyone? I don't see any reference to it. Any reason I can't
remove it?

Simon
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter expression aliases and parameterization ...

[Simon Barber via Wireshark-dev]

I'd love to be able to add these, for example instead of writing

wlan.fc.type_subtype == 0x19

write

wlan.beacon

Simon

On Wed, Nov 8, 2017 at 12:27 AM, Richard Sharpe  wrote:

> Hi folks,
>
> At SharkFest Europe someone asked me about the possibility of the
> filter expressions in the SMB2 dissector being prefixed with smb2 or
> smb3.
>
> That is: smb2.flags.replay or smb3.flags.replay.
>
> In addition, when I use dissector functions (through a dissector
> table) from another protocol, I would like to be able to replace some
> prefix of it's filter expressions.
>
> For example, in packet-ieee1905.c I call dissect_wps_tlvs but I would
> like to change the strings "wps.*" with "ieee1905.*".
>
> I am thinking of adding an ability to specify a replacement string in
> the handling of filter expressions.
>
> Can anyone think of another way of doing this?
>
> --
> Regards,
> Richard Sharpe
> (何以解憂？唯有杜康。--曹操)
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] IEEE802.11 Block Ack esoterica question

[Simon Barber via Wireshark-dev]

Can you post the code to gerrit (mark as WIP) so we can see exactly what
you've done?

Simon

On Mon, Feb 19, 2018 at 12:13 PM, Richard Sharpe <
realrichardsha...@gmail.com> wrote:

> Hi folks,
>
> In handling 802.11ax Trigger requests I have refactored the handling
> of block acks.
>
> In doing so I have eliminated the distinction between Block Ack
> Requests and Block Acks in the search filters.
>
> They used to be things like 'wlan.bar.blah-blah' and 'wlan.ba.blah-blah'.
>
> They are all no just 'wlan.ba.blah-blah'.
>
> Does anyone have an opinion on whether or not that is unreasonable?
>
> --
> Regards,
> Richard Sharpe
> (何以解憂？唯有杜康。--曹操)
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] IEEE802.11 Block Ack esoterica question

[Simon Barber via Wireshark-dev]

Looks OK to me - I'd want to see it as a separate change though.

On Mon, Feb 19, 2018 at 12:39 PM, Richard Sharpe <
realrichardsha...@gmail.com> wrote:

> On Mon, Feb 19, 2018 at 12:33 PM, Simon Barber via Wireshark-dev
>  wrote:
> > Can you post the code to gerrit (mark as WIP) so we can see exactly what
> > you've done?
>
> Well, it's already there ... have a bug fix though because I got a
> capture with block acks (but not HE block acks ...)
>
> It is, of course, mixed in with a lot of other changes:
>
> https://code.wireshark.org/review/#/c/25685
>
> > On Mon, Feb 19, 2018 at 12:13 PM, Richard Sharpe
> >  wrote:
> >>
> >> Hi folks,
> >>
> >> In handling 802.11ax Trigger requests I have refactored the handling
> >> of block acks.
> >>
> >> In doing so I have eliminated the distinction between Block Ack
> >> Requests and Block Acks in the search filters.
> >>
> >> They used to be things like 'wlan.bar.blah-blah' and
> 'wlan.ba.blah-blah'.
> >>
> >> They are all no just 'wlan.ba.blah-blah'.
> >>
> >> Does anyone have an opinion on whether or not that is unreasonable?
> >>
> >> --
> >> Regards,
> >> Richard Sharpe
> >> (何以解憂？唯有杜康。--曹操)
> >>
> >> 
> ___
> >> Sent via:Wireshark-dev mailing list 
> >> Archives:https://www.wireshark.org/lists/wireshark-dev
> >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >>
> >> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
> >
> >
> >
> > 
> ___
> > Sent via:Wireshark-dev mailing list 
> > Archives:https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
>
>
> --
> Regards,
> Richard Sharpe
> (何以解憂？唯有杜康。--曹操)
> 
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org?subject=
> unsubscribe
>
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireless Timeline?

[Simon Barber via Wireshark-dev]

The timeline will not show up unless hardware timestamps are present for
*all* frames in the capture, and there are no large negative jumps in time.
Where does the capture file you are using come from?

Simon

On Wed, Apr 3, 2019 at 1:17 PM Do m  wrote:

> Greetings...
>
> I came across this:
> https://meraki.cisco.com/blog/2019/02/wireshark-where-did-the-time-go/
>
> Running wireshark 3.0 on Win10... can't seem to get the wireless timeline
> to show up.  Am I missing something obvious (apart from configuring the
> dissector preferences to enable the experimental feature?)
>
> --
> regards,
> -doug
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe