| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=635
|
|
preferences, and menus to gtk subdirectory.
svn path=/trunk/; revision=623
|
|
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
|
|
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
|
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.
svn path=/trunk/; revision=580
|
|
that it can pop up a message box; have it do so.
Make the "Can't open file" message boxes in "colors.c" include the
"errno" error message in the message they put up.
Don't complain about being unable to open the color filter file if it
doesn't exist (perhaps the user just never made one).
Make the message for a failure to open the preferences file resemble
that for a failure to open a color filter file.
svn path=/trunk/; revision=575
|
|
svn path=/trunk/; revision=565
|
|
debug printf's in there.
svn path=/trunk/; revision=562
|
|
with "-W" unless we actually support "libpcap", as "fork_mode" isn't
defined unless HAVE_LIBPCAP is defined.
svn path=/trunk/; revision=548
|
|
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
|
|
svn path=/trunk/; revision=534
|
|
dfilter_compile, and removed debug printf that I left in match_selected.
svn path=/trunk/; revision=532
|
|
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).
svn path=/trunk/; revision=530
|
|
that use display filters, TCP follow and Match Selected.
In Match Selected, I made it put the display filter that it creates
in the text entry widget. The code was already there, but it didn't work
because code was missing in the GUI initialization routine that runs
when Ethereal starts. The text entry widget pointer was not being passed
to the Match Selected menu item.
In TCP follow, I made it _not_ put the display filter that it creates
in the text entry widget. I find it annoying that a really long
display filter is left in the widget, and others have voiced their
opinion on this too. In addition, after applying the display filter
and retreiving the TCP data, the display filter (if any) that the user
had in place _before_ running TCP follow is put back and the packet
list is set back to the way it was before TCP follow is run. I think this
is more expected. The drawback is that display filtering is run twice,
once to retreive the TCP data and once to reset the display.
svn path=/trunk/; revision=529
|
|
capture file succeeds, so that it cleans out any state in the
"capture_file" structure it was handed before filling it in with new
state for the new capture file.
This means it destroys any read filter associated with the
"capture_file" structure it was handed, so the "rfcode" field must be
set *after* calling "open_cap_file()" but *before* calling
"read_cap_file()". Do so for the "capture file (and possibly read
filter) supplied on the command line" case.
svn path=/trunk/; revision=520
|
|
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
|
|
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
|
|
used by "mkstemp()" into a buffer supplied as an argument, trying
several directories for the tempfile, in the same fashion that the BSD
(and probably other) "tempnam()" routines do.
Have that routine cope with temporary-file directory names that don't
end with "/", as "P_tmpdir" doesn't necessarily end with "/" (and
doesn't, in GNU "libc" 2.x, at least on Linux); thanks to Gilbert
Ramirez for catching this one, and supplying the code to cope with that.
Have the code that creates the temporary file for the "Follow TCP
Stream" text use it.
svn path=/trunk/; revision=507
|
|
svn path=/trunk/; revision=504
|
|
Check for errors reading the "Follow TCP Stream" temporary file.
Unlink the temporary file after attempting to open and read the file,
even if the attempt to open it failed.
svn path=/trunk/; revision=503
|
|
to create the temporary file to which the "Follow TCP Stream" code
writes the contents of the TCP stream; this was presumably done to close
a potential security hole opened by the possibility of somebody
replacing the file referred to by the name generated by "tmpnam()"
before we open it.
(We may have to provide our own version of "mkstemp()" if there are any
platforms on which we run that lack it. Note that Solaris 2.5.1 has it,
even though it's not documented and isn't declare in its "stdlib.h".)
Have the "Follow TCP Stream" code put up a dialog box, rather than
spitting a message out to the standard error, if the attempt to create
the temporary file fails.
Check also whether the attempt to open the "Follow TCP Stream" temporary
file for reading fails, and put up a dialog box for that as well.
svn path=/trunk/; revision=502
|
|
want to read the next file with the same filter that you used on the
last file.
In the "File/Open" dialog box, parse the read filter before trying to
open the file, and if the parse fails, leave the dialog box up so the
user still has the filter and file name around and can try to fix the
problem.
Keep the compiled read filter attached to the "capture_file" structure,
so you don't have to reparse it on a "File/Reload".
svn path=/trunk/; revision=497
|
|
selecting a field from more than one protocol tree. It turns out that
gtktree.c doesn't clear the tree-item selection list when you use
gtk_tree_clear_items() (which calls gtk_tree_remove_items() ). So the next
time a tree item is selected in a new protocol tree (which is our old
protocol tree, with everything removed, and new things added), gtk_tree
tries to _deselect_ our old selection. But that tree-item which is trying
to be deselected is long gone, resulting in the assert because widget == NULL.
A function needs to be added to gtk_tree to deselect the tree-item selection
for us. (or we need to go through the hassle of creating a new gtk_tree
instead of recycling tree_view over and over).
I stole some code from another section of gtktree.c which lets us clear
the selection in clear_tree_and_hex_views().
Also, I modified the argument to gtk_tree_set_view_mode. We were using
"TRUE", when really we should have used a member of the GtkTreeViewMode
enumeration, namely GTK_TREE_VIEW_ITEM ( which is 1, which is TRUE :-)
svn path=/trunk/; revision=496
|
|
reason for the failure, and have it do the checks to make sure the file
being opened is a plain file or a pipe.
Have "open_cap_file()" make use of that.
Don't automatically set "last_open_dir" if a "-r" flag was specified on
the command line - do so only if the file in question could actually be
opened.
svn path=/trunk/; revision=495
|
|
it's called after "open_cap_file()" has been called, and is always
passed the file name passed to "open_cap_file()", and that file name is
stored as "cf->filename", so "read_cap_file()" can just use
"cf->filename" as the pathname of the file.
svn path=/trunk/; revision=494
|
|
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
|
|
Ethereal now remembers the directory where it last opened a file, either
via the GUI File|Open or command-line '-r' option. The next time File|Open
is used, browsing starts from that directory.
svn path=/trunk/; revision=490
|
|
and File | Open option.
svn path=/trunk/; revision=489
|
|
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.
svn path=/trunk/; revision=480
|
|
rename it to "file_open_ok_cb()", move it next to the routine to create
that dialog box, and make it static.
svn path=/trunk/; revision=476
|
|
LLC, the original NetBIOS encapsulation).
svn path=/trunk/; revision=466
|
|
svn path=/trunk/; revision=461
|
|
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag). Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.
When reading a temporary capture file after a live capture, don't apply
any filter.
Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.
Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.
svn path=/trunk/; revision=460
|
|
N^2 in the ultimate size of the list (as "g_list_append()" is linear in
the size of the list, at least when used in the way the GLib
documentation says to use it); instead, maintain our own linked list of
"frame_data" structures for all packets read, including a pointer to the
last element.
"gtk_clist_set_row_data()" is linear in the row number, so if it's used
to attach a pointer to the "frame_data" structure for a packet to the
packet list GtkClist row for each packet, that's also N^2 in the number
of packets in that packet list; instead, store the row number in the
"frame_data" structure, and find the packet for a given row by scanning
the list for it (we were already scanning the list linearly to find that
packet's index in the list of all packets; that's only done when a
packet's selected, so it's not *too* bad, but it might be nice to avoid
having to do that scan).
svn path=/trunk/; revision=457
|
|
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.
svn path=/trunk/; revision=454
|
|
before the last component; thanks to Laurent Deniel for catching that one.
svn path=/trunk/; revision=450
|
|
try as I might, I couldn't get gtk_timeout_add to work. I read all the docs,
but no luck. So for now I call dfilter_progress_cb for every 20 packets
that are filtered. I'd rather have *something* for the next Ethereal
release than nothing.
I also modified file_progress_cb to use it's local copy of cf rather
than the global copy.
svn path=/trunk/; revision=447
|
|
glossary of display filter symbols, just as it does with "-G", except
that, as it can discover that it was so invoked before even looking at
the command-line arguments, it needn't even bother calling "gtk_init()"
to process those command-line arguments GTK+ cares about, and thus
needn't do any X stuff at all when so invoked.
That allows Ethereal to be built in an environment where you don't have
an X server, and, if your connection to your X server is slow, allows
you to built it faster.
Get rid of the "-G" flag, as it had only a somewhat specialized use.
svn path=/trunk/; revision=444
|
|
"frame[x:y]" in the display filte that it creates so that it works with
any datalink type.
svn path=/trunk/; revision=431
|
|
svn path=/trunk/; revision=420
|
|
Selected", use "filter_packets()" to filter the packets we currently
have, rather than re-reading the capture file.
svn path=/trunk/; revision=412
|
|
- call reset_tcp_reassembly before build_follow_filter
- modify reassemble_tcp so that packet validity is
checked before processing it.
svn path=/trunk/; revision=410
|
|
implicitly calls it
- compute the filter in follow_stream_cb since load_cap_file
does not honor the display filter if the dfcode is non already set
- Follow TCP stream is still buggy however (incorrect saved TCP data due
to the fact that dissect_tcp is called even if the filter applies).
svn path=/trunk/; revision=409
|
|
string pointer from the result of ip_to_str (statically allocated string).
Use the ip_src and the new field ip_dst in follow.c to build a correct
string display filter.
svn path=/trunk/; revision=408
|
|
with the ATM on Linux software from <http://lrcwww.epfl.ch/linux-atm/>.
svn path=/trunk/; revision=401
|
|
COL_INFO columns resize automatically even during a live
capture;
columns showing network addresses never resize automatically;
other columns resize only when a capture is done;
and make all columns resizeable by hand (once they've resized, for
auto-resizeable columns).
svn path=/trunk/; revision=394
|
|
svn path=/trunk/; revision=390
|
|
"-F" - you do a File/Reload to see any new packets that showed up since
the last time the file was loaded.
svn path=/trunk/; revision=387
|
|
fill in the display filter text entry box and hit <Enter> - so remove
it.
svn path=/trunk/; revision=386
|
|
"capture_file" structure, make a "select_packet()" routine to parallel
"unselect_packet()", and have "unselect_packet()" free the protocol tree
that the "protocol_tree" member of the "capture_file" passed to it
points to.
It should now be impossible to do a "Print Packet" operation if no
packet has been selected, so remove the check for that (we'll probably
just blow up if it happens; if it does, that means we probably forgot to
gray out "/File/Print Packet" somewhere, so we should fix that).
svn path=/trunk/; revision=385
|
