| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
while capturing.
svn path=/trunk/; revision=10594
|
|
svn path=/trunk/; revision=10377
|
|
svn path=/trunk/; revision=10303
|
|
svn path=/trunk/; revision=10279
|
|
"Use ring buffer" switches between multiple single run and real ring buffer
svn path=/trunk/; revision=10257
|
|
svn path=/trunk/; revision=10169
|
|
explicit names and seperated functionality of do_capture(),
but no functional change!
svn path=/trunk/; revision=10168
|
|
svn path=/trunk/; revision=8968
|
|
link-layer type when capturing, using the "pcap_set_datalink()" and
related APIs.
svn path=/trunk/; revision=8848
|
|
capture file open.
svn path=/trunk/; revision=8480
|
|
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
|
|
shouldn't be declared in "capture.h".
svn path=/trunk/; revision=6886
|
|
Currently Ethereal sets and uses a default directory for reading
and writing, but only in some places. This set of patches extends
the setting of the default directory to the -w option as well as
the -r option, and causes all file dialogs to use and set the
default consistently. (I haven't changed the
Preferences/Printing/File dialog, though, as that's a special
case.)
There's also a fix for a bug where Ethereal was issuing the
message "Ring buffer requested, but capture isn't being saved to
a permanent file" even though a file was specified with -w.
There also appear to be some other cleanups in his patch.
svn path=/trunk/; revision=6238
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
|
|
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
|
|
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
|
|
and "Automatic scrolling in live capture" options from the preference
settings for them, so that the preference settings affect the initial
values of those options, but changing those values in a capture don't
affect the preferences, and don't automatically get saved when you save
the preferences.
If we're building without libpcap, don't have an "Automatic scrolling in
live capture" option anywhere.
svn path=/trunk/; revision=4514
|
|
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.
Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.
When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.
svn path=/trunk/; revision=4498
|
|
svn path=/trunk/; revision=3298
|
|
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
|
|
you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
|
|
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
|
|
instead of NULL.
svn path=/trunk/; revision=1422
|
|
Print a usage message if an illegal command-line flag is seen.
Clean up the usage message a bit.
svn path=/trunk/; revision=755
|
|
from "globals.h" to "capture.h".
Only "capture.c" needs to include <pcap.h>; move the include of <pcap.h>
from "capture.h" to "capture.c".
We no longer need any DLT_ defines (that's handled inside Wiretap);
remove the defines of DLT_ from "capture.h".
svn path=/trunk/; revision=753
|
|
file to which to write the capture; if it's NULL, create a temporary
file and use that.
Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.
This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".
svn path=/trunk/; revision=748
|
|
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.
"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.
svn path=/trunk/; revision=747
|
|
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
|
|
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
|
|
and to fork off and run a separate copy of "ethereal" for "-S" and "-F"
captures or just call "capture()" otherwise, out of "gtk/capture_dlg.c"
and into a routine in "capture.c".
If the attempt to create said temporary capture file fails, pop up a
dialog box and don't do the capture.
Have the child capture process send a message upstream after it either
successfully starts the capture and syncs out the header of the capture
file, or fails to start the capture; the message indicates whether it
succeeded or failed, and, if it failed, includes a failure message.
This:
avoids the use of a signal, and thus means we don't have to
worry about whether to capture the signal, or whether to start
or stop capturing depending on whether this particular capture
is in sync mode or not;
lets us pop up the message box for the error in the parent
process if we're in sync mode, rather than doing it in the
child, which didn't work well.
Add a check button to the Capture/Start dialog box, so that we can
control, for each capture, whether it's to be done in sync mode or not.
svn path=/trunk/; revision=708
|
|
svn path=/trunk/; revision=636
|
|
is the only file that uses them. I hope to avoid some compiler warnings
with this.
svn path=/trunk/; revision=512
|
|
definition from "capture.h" to "capture.c".
svn path=/trunk/; revision=499
|
|
- when in a live capture mode no packet is received
during a timeout, the displayer process is notified
about any remaining captured packets. Note that this
fix works on Linux only with a patched libpcap.
- remove unnecessary time() call and sync_time
loop_data field.
Thanks to John McDermott for his help during fixing
and testing.
svn path=/trunk/; revision=464
|
|
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
|
|
(this assumes that "libpcap" writes out the header as soon as that
happens, which is the case for "libpcap" 0.4), we sync it out (to make
sure said header is in the file), and signal the parent process, so that
it opens the capture file and updates its windows to indicate that the
capture is in progress.
svn path=/trunk/; revision=371
|
|
doesn't link with libpcap, so no packet captures can be made. The
"--disable-pcap" option has been added to the configure script. Docs
have been updated. And the string buffer size in the simple_dialog()
has been doubled so that Johan's e-mail address in the "About" dialogue
window doesn't get chopped off.
svn path=/trunk/; revision=351
|
|
is the same as "Tools/Capture", and "Display" has an "Options" item,
which pops up a dialog box to let you change the "default" time-stamp
column display format on the fly (the "default" is what the "-t"
command-line option sets), and have the display change when you do that.
Made infrastructure changes to make the immediate display update work.
Removed some unused functions, declared some functions used only in the
file in which they're defined "static", and removed some unnecessary
#includes.
svn path=/trunk/; revision=317
|
|
display of fully decoded packets at the same time.
Options added:
-F : fork capture process
-S : sync mode ala tail -f (implies -F)
-f : filter expression
-Q : exit after capture (implies -k)
svn path=/trunk/; revision=276
|
|
buffer. That is, it's
a random name chosen by tempnam(), unknown to the user. If the user decides to save that
trace, he then uses File | Save to save it to a file. File | Save As lets him make a copy
of his named trace file as well. I also updated my e-mail address in the various credit
locations.
svn path=/trunk/; revision=242
|
|
update the packet counts and percentages in the dialog box popped up
during a capture, even for non-Ethernet captures.
svn path=/trunk/; revision=184
|
|
window. Added basic counter (%) hooks for all currently supported base protocols.
OSPF Counter added as an example.
All of this has mainly cosmetic purposes.
svn path=/trunk/; revision=34
|
|
svn path=/trunk/; revision=7
|
|
svn path=/trunk/; revision=2
|
