Age | Commit message (Collapse) | Author | Files | Lines |
|
rewrite the tshark capture code almost completely, to use dumpcap instead of it's own pcap functionality.
This works on Win32 and should work on unix/linux (but I'm not sure here). Some stuff needs to be cleaned up, some more may need to be rewritten to specifically work with unix/win32. Futher work needs to be done at:
1. read filters (simply document current behaviour?)
2. event loop polling
3. privileges
4. code cleanup (e.g. in capture_loop.c)
Be prepared that tshark might not work as before / expected at least in the next days!
svn path=/trunk/; revision=22969
|
|
this in the GUI rather than calling pcap_stats() directly. This gets rid
of the last pcap_open_live() call in the GUI code. Update
README.packaging.
svn path=/trunk/; revision=22443
|
|
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
|
|
anywhere else). Instead of using getaddrinfo() and getnameinfo(),
promote inet_pton.c and inet_ntop.c to the top level and use those
routines instead.
(It's 2007, for crying out loud. Why is this even an issue?)
svn path=/trunk/; revision=22075
|
|
capture_interface_list() and sync_list_interface_open() fails.
svn path=/trunk/; revision=22073
|
|
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
|
|
valid.
svn path=/trunk/; revision=21810
|
|
svn path=/trunk/; revision=18235
|
|
svn path=/trunk/; revision=18197
|
|
transport failed between Ethereal and dumpcap.
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
|
|
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
|
|
In "capture_input_new_file()", don't call the callbacks unless we
succeed in opening the new file. Have "capture_info_new_file()" return
a success/failure indication.
Improve the message logged when we fail to open the new file if we're
only opening it for the quick packet counts. We really should put up an
alert box and give up on the capture at that point.
svn path=/trunk/; revision=17437
|
|
svn path=/trunk/; revision=17340
|
|
dumpcap in addition to the things already done now
various dumpcap related code cleanup: mainly #include's and capture engine related stuff
svn path=/trunk/; revision=17327
|
|
svn path=/trunk/; revision=17071
|
|
cable is unplugged)
problem found by Joerg Mayer
svn path=/trunk/; revision=16704
|
|
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
|
|
capture_loop.c to capture_info.c and call it from capture.c (instead of capture_loop.c).
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
|
|
svn path=/trunk/; revision=16667
|
|
capture_input_drops
capture_input_error_message
and move the functionality from capture_sync.c to capture.c (just where it belongs)
svn path=/trunk/; revision=16663
|
|
link to CaptureSetup wiki page
Win32 only: wireless: "try switch off promicuous mode"
This way we might get less user questions on the users-mailing list ...
Especially the second one hopefully could save us from a lot of support mails :-)
svn path=/trunk/; revision=16591
|
|
necessary for the switch to GTK 2.6 (at least on WIN32).
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
|
|
information about the file size is correct
svn path=/trunk/; revision=16148
|
|
cf_cb_file_closing (called before closing a capture file) cf_cb_file_closed will be called afterwards, but both only if a file is really closed as cf_close is called more often ...
If we are closing large capture files (~20MB), the screen looks ugly while the file is closed. Change this so the screen will immediately go back to initial state and a dialog (without buttons) is shown that the file is currently closed. As the operation which takes most of the time to close the file is a single eth_clist_clear call, we can't use a progress bar here.
cf_cb_live_capture_stopping: called when the user wants to stop the capture (toolbar or menu clicked). At least on Win32, the time between this and the actual stop completed can be noticeable (1-2 seconds), so the user doesn't know if the button press did anything at all. Do something similar as above, show a dialog box without buttons to inform that the close is in progress.
svn path=/trunk/; revision=15891
|
|
that the user directly triggered)
svn path=/trunk/; revision=14446
|
|
engine, e.g. GLib provides different domains for different submodules. Output more verbose than warning level will be disabled by default (just like before).
use the console_log_handler in main.c for win32 AND unix now
Currently use the log for the capturing engine (only), as I desperately needed a log output for debugging.
svn path=/trunk/; revision=14438
|
|
it will block, if no input coming from an input capture pipe (e.g. mkfifo) is coming in)
to prevent problems, bring the main GUI into "capture mode" right after successfully spawn/exec the capture child, without waiting for any response from it
svn path=/trunk/; revision=14436
|
|
svn path=/trunk/; revision=14246
|
|
svn path=/trunk/; revision=14241
|
|
engine
svn path=/trunk/; revision=14205
|
|
-show the current capture file size, if capturing in real time mode.
-move the packet "Drops" count (if available) from file to packets statusbar part
svn path=/trunk/; revision=14130
|
|
svn path=/trunk/; revision=14118
|
|
statusbar update should work now even in capture error case
svn path=/trunk/; revision=14105
|
|
svn path=/trunk/; revision=14104
|
|
svn path=/trunk/; revision=14060
|
|
add a new feature to clear the currently captured packets and restart the capture with the previous parameters
various code cleanup and minor bugfixes
Win32: use millisecond resolution in capture_loop, to smooth screen update a bit (500ms instead of 1000ms)
svn path=/trunk/; revision=14059
|
|
with one of the "Multiple files" option.
If this is used together with an option where input files changes too fast (e.g. new file every second), capturing will be (hopefully) stopped.
I've replaced the former capture pipe message format into a somewhat more general format to remove a lot of confusion.
svn path=/trunk/; revision=14054
|
|
display filename in statusbar while capturing
print_usage banner fixed
cf_cb_live_capture_prepare no longer needed
rename sync_pipe_do_capture -> sync_pipe_start
bugfix: sync_pipe_input_wait_for_start replaced by former implementation
fix cleanup of old file in capture_input_new_file
fix a tempfile detection bug (named file showed up as tempfile after capture)
svn path=/trunk/; revision=14053
|
|
svn path=/trunk/; revision=14045
|
|
capture and main
svn path=/trunk/; revision=14044
|
|
(hopefully it's working correct now...)
svn path=/trunk/; revision=14043
|
|
svn path=/trunk/; revision=14042
|
|
cf_cb_live_capture_finished after closing the capture file
svn path=/trunk/; revision=14039
|
|
svn path=/trunk/; revision=14036
|
|
svn path=/trunk/; revision=13962
|
|
fixes
svn path=/trunk/; revision=13961
|
|
svn path=/trunk/; revision=13957
|
|
rename sync_mode to real_time_mode, as we using sync_mode all the time now, so the name is misleading
svn path=/trunk/; revision=13956
|
|
svn path=/trunk/; revision=13954
|
|
most notably:
- moved opening of safe_file to the capture child (capture_loop.c)
- removed save_file_fd from capture_opts (no longer need to have it global)
svn path=/trunk/; revision=13953
|