Check the environment variables SSH_CONNECTION, SSH_CLIENT, REMOTEHOST,

DISPLAY, and CLIENTNAME (in that order).  If any of them are set, create
a capture filter that excludes their traffic and set it as the default.
The longer filters should be efficient without being overly long; they
may need some tweaking.

svn path=/trunk/; revision=8994

3 files changed, 62 insertions, 3 deletions

diff --git a/gtk/main.c b/gtk/main.c
index 36c2908ac0..318bff5377 100644
--- a/gtk/main.c
+++ b/gtk/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * $Id: main.c,v 1.329 2003/11/02 19:31:20 gerald Exp $
+ * $Id: main.c,v 1.330 2003/11/18 04:16:28 gerald Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -2227,6 +2227,7 @@ main(int argc, char *argv[])
     free_pcap_linktype_list(lt_list);
     exit(0);
   }
+
 #endif
 
   /* Notify all registered modules that have had any of their preferences
@@ -2546,6 +2547,12 @@ main(int argc, char *argv[])
   set_menus_for_capture_in_progress(FALSE);
 #endif
 
+  if (!start_capture && (cfile.cfilter == NULL || strlen(cfile.cfilter) == 0)) {
+    if (cfile.cfilter) {
+      g_free(cfile.cfilter);
+    }
+    cfile.cfilter = g_strdup(get_conn_cfilter());
+  }
   gtk_main();
 
   /* If the last opened directory, or our geometry, has changed, save
diff --git a/util.c b/util.c
index 5254386956..e91120b7ef 100644
--- a/util.c
+++ b/util.c
@@ -1,7 +1,7 @@
 /* util.c
  * Utility routines
  *
- * $Id: util.c,v 1.71 2003/11/02 23:12:32 gerald Exp $
+ * $Id: util.c,v 1.72 2003/11/18 04:16:28 gerald Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -663,3 +663,52 @@ size_t base64_decode(char *s)
 
 	return n;
 }
+
+/* Try to figure out if we're remotely connected, e.g. via ssh or
+   Terminal Server, and create a capture filter that matches aspects of the
+   connection.  We match the following environment variables:
+   
+   SSH_CONNECTION (ssh): <remote IP> <remote port> <local IP> <local port>
+   SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
+   REMOTEHOST (tcsh, others?): <remote name>
+   DISPLAY (x11): [remote name]:<display num>
+   CLIENTNAME (terminal server): <remote name>
+ */
+
+gchar *get_conn_cfilter(void) {
+	static GString *filter_str = NULL;
+	gchar *env, **tokens;
+	
+	if (filter_str == NULL) {
+		filter_str = g_string_new("");
+	}
+	if ((env = getenv("SSH_CONNECTION")) != NULL) {
+		tokens = g_strsplit(env, " ", 4);
+		if (tokens[3]) {
+			g_string_sprintf(filter_str, "not (tcp port %s and ip host %s "
+				"and tcp port %s and ip host %s)", tokens[1], tokens[0],
+				tokens[3], tokens[2]);
+			return filter_str->str;
+		}
+	} else if ((env = getenv("SSH_CLIENT")) != NULL) {
+		tokens = g_strsplit(env, " ", 3);
+		g_string_sprintf(filter_str, "not (tcp port %s and ip host %s "
+			"and tcp port %s)", tokens[1], tokens[0], tokens[2]);
+		return filter_str->str;
+	} else if ((env = getenv("REMOTEHOST")) != NULL) {
+		g_string_sprintf(filter_str, "not ip host %s", env);
+		return filter_str->str;
+	} else if ((env = getenv("DISPLAY")) != NULL) {
+		tokens = g_strsplit(env, ":", 2);
+		if (tokens[0] && tokens[0][0] != 0) {
+			g_string_sprintf(filter_str, "not ip host %s", 
+				tokens[0]);
+			return filter_str->str;
+		}
+	} else if ((env = getenv("CLIENTNAME")) != NULL) {
+		g_string_sprintf(filter_str, "not ip host %s", env);
+		return filter_str->str;
+	}
+	return "";
+}		
+
diff --git a/util.h b/util.h
index 496e084ea3..6a36487fb2 100644
--- a/util.h
+++ b/util.h
@@ -1,7 +1,7 @@
 /* util.h
  * Utility definitions
  *
- * $Id: util.h,v 1.29 2003/05/23 05:25:19 tpot Exp $
+ * $Id: util.h,v 1.30 2003/11/18 04:16:28 gerald Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -59,6 +59,9 @@ void compute_timestamp_diff(gint *, gint *, guint32, guint32, guint32, guint32);
 /* In-place decoding of a base64 string. */
 size_t base64_decode(char *s);
 
+/* Create a capture filter for the connection */
+char *get_conn_cfilter(void);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */