| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
doesn't work like the read timeout in BPF - the timer doesn't start
until at least one packet has arrived.
I think that's the way read timeouts should work on *all* packet capture
mechanisms, but it does mean that Solaris will, on a quiet net, exhibit
the same symptoms that Linux used to exhibit before we put in a
"select()" call to wait until either packets arrive or a timer expires -
the "pcap_dispatch()" call blocks until a packet arrives, so the display
doesn't get updated and Ethereal doesn't respond to user input until a
packet arrives.
Furthermore, Linux isn't the only OS that lacks any read timeout
on its packet capture mechanism; the others will also have that problem.
We therefore do the "select()" on *all* platforms other than the BSDs
(where the timer starts when the read is done, and can be used for
polling); I don't know whether it's necessary on Digital UNIX, but I
suspect it's necessary on SunOS 4.x (as the 5.x "bufmod" is probably
derived from the 4.x one, and the 5.x one, as per the above, starts the
timer when a packet arrives), and it may even be necessary on 3.x, those
(BSD, SunOS including 5.x, and Digital UNIX) apparently being the only
UNIXes that appear to have such a read timeout.
svn path=/trunk/; revision=2790
|
|
on it, such as the exit status if it exited "normally" but unexpectedly.
On UNIX systems, #define the various POSIX <sys/wait.h> macros (and the
non-POSIX WCOREDUMP()" macro) if they're not defined by <sys/wait.h> (or
if we don't have <sys/wait.h>), and use them to dissect the exit status.
svn path=/trunk/; revision=2788
|
|
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
|
|
we're capturing, just use a netmask of 0, and warn the user in Tethereal
(doing it in Ethereal would be more disruptive, and doing so only once
per interface in a session is a bit of work, as, in an "Update list of
packets in real time" capture the child process would have to tell the
parent that it couldn't get the netmask).
svn path=/trunk/; revision=2546
|
|
svn path=/trunk/; revision=2521
|
|
you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
|
|
svn path=/trunk/; revision=2481
|
|
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
|
|
as far as I know, the only way to get IFF_UP, IFF_LOOPBACK, "struct
ifreq", and "struct ifconf" defined, and those are required in order to
get, via SIOCGIFCONF, the interface list, and to exclude interfaces that
aren't up and handle loopback interfaces differently from other
interfaces.
If we're on UNIX and have libpcap, we should do the same; that way, if
the system doesn't have <net/if.h> installed, the compile will fail with
an "I can't find <net/if.h>" error, rather than the configure indicating
that <net/if.h> can't be found, causing "util.c" not to include it,
causing it to fail with complaints about IFF_UP, IFF_LOOPBACK, and
various structures not being defined - the former tells you the root
cause, the latter doesn't.
svn path=/trunk/; revision=2442
|
|
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
|
|
work
svn path=/trunk/; revision=2438
|
|
svn path=/trunk/; revision=2434
|
|
the influenza virus, if "wtap_pcap_encap_to_wtap_encap()" returns
WTAP_ENCAP_UNKNOWN, indicating that the libpcap encapsulation type can't
be mapped to a Wiretap encapsulation type, include the data link type in
the message, so the user can at least give us a clue as to what type it
is that we don't support (or, at least, the DLT_ value for that type -
it could well be some standard type whose value just got gratuitously
changed).
svn path=/trunk/; revision=2333
|
|
generate the name of the boldface font from the Roman font; if the two
fonts don't have the same widths, the display will look weird when a
field is selected, and it's a bit of a pain for the user to have to
select *two* fonts.
On UNIX/X, default to
"-*-fixed-medium-r-semicondensed-*-*-120-*-*-*-*-*-" rather than to
"-*-lucidatypewriter-medium-r-normal-*-*-120-*-*-*-*-iso8859-1" - some
Linux distributions appear to lack the Lucida typewriter font.
Add a "gui.font_name" preference to the preferences file, specifying the
normal-weight font to use. Have it settable from the "GUI" tab in the
Preferences dialog box - the "Font..." button, when clicked, pops up a
font selection dialog box.
If we either can't open the selected font or the boldfaced version of
the font, default to "6x13" and "6x13bold" as fallbacks - the former
will probably be "fixed", and the latter would be "fixedbold" if X
actually created such an alias, but it doesn't so we use "6x13bold"
instead.
svn path=/trunk/; revision=2304
|
|
svn path=/trunk/; revision=2298
|
|
on NT/2000.
Refer to Tethereal, not to Ethereal, in the long explanations of capture
problems in Tethereal.
svn path=/trunk/; revision=2270
|
|
about checking permissions, as the capture devices are probably
available to all users, and talking about permissions will only confuse
the user. Do, however, warn that Ethereal can't capture on Token Ring
or PPP/WAN interfaces.
On UNIX, if the attempt to open the capture device fails, and the error
message starts with "can't find PPA for ", they are probably running on
HP-UX with a version of libpcap not patched to properly look up PPAs for
network interfaces given the interface name; give them a detailed
warning about this, telling them that they'll have to fix libpcap and
build Ethereal from source, and pointing them at the "README.hpux" file.
svn path=/trunk/; revision=2265
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
svn path=/trunk/; revision=2184
|
|
svn path=/trunk/; revision=2182
|
|
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
|
|
svn path=/trunk/; revision=2150
|
|
to use "warning" dialog boxes only to warn the user "if you do that, bad
things may happen" *and* to offer them the option either to drive on or
quit, so perhaps ESD_TYPE_CRIT should be used for all errors).
However, put "Ethereal: Error" rather than "Ethereal: Critical" in the
title bar, in the hopes that it'll make it clearer that Something Bad
Happened.
If the user specifies that captures should be saved to a user-specified
file rather than a temporary file, report errors trying to create that
file with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
svn path=/trunk/; revision=2143
|
|
"gtk_grab_add()"; the former makes it a bit clearer what's being done,
and I think it may be considered the right way to do it (GTK+ remembers
the state of the window and appears to add and remove the grab as
appropriate).
svn path=/trunk/; revision=2113
|
|
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
|
|
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
|
|
time" during captures on Win32.
svn path=/trunk/; revision=2074
|
|
Linux (call the until-now-unused "capture_clip()" routine for each
packet).
svn path=/trunk/; revision=2070
|
|
svn path=/trunk/; revision=2012
|
|
(the ip_tcp_options stuff is still non-tvbuff until I convert ip and tcp).
Add preliminary fix for Linux ISDN ippp devices (similar watch was posted
to ethereal-users, but did not use tvbuffs).
Change packet-raw.c to call capture_ppp()/dissect_ppp() in the case
where the frame starts with FF:03. We had been calling
capture_ip()/dissect_ip() at byte offset 4, but I think this is for
historical reasons of packet-raw.c and packet-ip.c existing before
packet-ppp.c.
svn path=/trunk/; revision=1998
|
|
"capture()" should ensure that it's closed before returning, but
it was only getting closed by "wtap_dump_close()" on success, so
close the raw FD on failure (no "wtap_dump" stream is opened on
failure, so we just close the raw FD);
in a "update the display as packets arrive" capture, we should
close the FD in the parent as soon as the fork is done, before
even testing whether the fork succeeded (and we might as well do
the same with the write side of the sync pipe).
svn path=/trunk/; revision=1988
|
|
From Mark Burton <markb@ordern.com>
svn path=/trunk/; revision=1986
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
doesn't.
svn path=/trunk/; revision=1912
|
|
child process send to the parent a message indicating why it failed, so
that the parent can report that, and then exit.
If the attempt to create the child process to run Ethereal fails, pop up
a dialog box indicating that this happened.
Change the fork code a bit, to make it easier to substitute, on Win32
systems, code that does a "CreateProcess()" for the small chunk of code
that does the fork and exec.
svn path=/trunk/; revision=1910
|
|
properly handle ASCII vs. Unicode in the list of interfaces;
initialize Winsock before starting a capture, so that the code
in the Win32 libpcap to get the IP address and netmask by
translating the host name to an IP address works.
svn path=/trunk/; revision=1737
|
|
routine to be called every time a new capture file is opened instead of
calling it in read_cap_file() and do_capture().
svn path=/trunk/; revision=1651
|
|
This function is used to re-initialize the hash table used by the X.25
dissector to record the upper layer protocol used by each VC. The hash
table should be re-initialized each time we read / start a new capture.
I moved the definition of the function from packet.h to packet-x25.h, and
added calls to reinit_x25_hashtable() in read_cap_file (file.c) and
do_capture (capture.c).
svn path=/trunk/; revision=1644
|
|
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
|
|
from WinDump with Ethereal. We now have packet capturing on Win32. :)
svn path=/trunk/; revision=1612
|
|
this is needed to get the last message from the pipe.
svn path=/trunk/; revision=1595
|
|
svn path=/trunk/; revision=1586
|
|
timeval" (if, say, it's a "struct bpf_timeval", with member sizes wired
to 32 bits, as it appears to be in SuSE 6.3 and will, I think, be in the
0.5 release of libpcap), copy the members of that field to the "ts"
field of the Wiretap per-packet header (which also lets us make it not a
"struct timeval" as well).
svn path=/trunk/; revision=1572
|
|
whether we're building a protocol tree or not.
Make "dissect_eth()" use "BYTES_ARE_IN_FRAME()" to see if we have a full
Ethernet header - it can be called with a non-zero offset, if Ethernet
frames are encapsulated inside other frames (e.g., ATM LANE).
Make capture routines take an "offset" argument if the corresponding
dissect routine takes one (for symmetry, and for Cisco ISL or any other
protocol that encapsulates Ethernet or Token-Ring frames inside other
frames).
Pass the frame lengths to capture routines via the "pi" structure,
rather than as an in-line argument, so that they can macros such as
"BYTES_ARE_IN_FRAME()" the way the corresponding dissect routines do.
Make capture routines update "pi.len" and "pi.captured_len" the same way
the corresponding diseect routines do, if the capture routines then call
other capture routines.
Make "capture_vlan()" count as "other" frames that are too short, the
way other capture routines do.
svn path=/trunk/; revision=1525
|
|
above VINES.
svn path=/trunk/; revision=1514
|
|
update their libpcap probably isn't going to scale - the increasing
frequency with which "Ethereal hangs when I try to capture packets"
shows up on "ethereal-dev" suggests that, unless and until a libpcap
with the "select()" in it becomes ubiquitous on Linux, that'll be the
source of a constant support burden - so we'll just put the "select()"
in Ethereal if it's being built for Linux.
(Putting it in for platforms where the read timeout argument to
"pcap_open_live()" works adds an extra useless system call at best and,
at worst, could make Ethereal not work - "select()" doesn't work on
"/dev/bpf" devices on FreeBSD 3.3, at least, unless you're in "immediate
mode", and, whilst "immediate mode" would make Ethereal respond more
quickly when packets arrive, it might cause Ethereal to respond too
quickly, doing reads for every new packet rather than waiting for
multiple packets to arrive and reading them all with one "read()", which
appears to be at least part of the intent of the read timeout on
"/dev/bpf" devices in BSD.)
svn path=/trunk/; revision=1451
|
|
and move it to "simple_dialog.h" and "gtk/simple_dialog.c".
svn path=/trunk/; revision=1414
|
|
of routines to enable and disable various sets of menu items; call only
those routines, not routines to enable or disable particular menu items,
from files in the top-level directory, as other UIs may not refer to
menu items with path strings of the sort used in GTK+, and as this
buries knowledge of the menu items available in "gtk/menu.c" rather than
requiring stuff outside of "gtk/menu.c" to know what menu items exist.
svn path=/trunk/; revision=1410
|
|
into "gtk/ui_util.c", and move the declarations of those UI utilities
out of "util.h" into "ui_util.h". (The header file is in the top-level
directory, rather than the "gtk" directory, because it declares
window-system-independent interfaces to routines with
window-system-dependent implementations.)
Add to "gtk/ui_util.c" a routine to set the window and icon title.
Use that routine to make the title of an Ethereal top-level window be
{filename} - Ethereal
if there's a capture open, and have "{filename}" be "<capture>" if it's
a temporary capture file.
svn path=/trunk/; revision=1255
|
|
svn path=/trunk/; revision=1173
|
