Age | Commit message (Collapse) | Author | Files | Lines |
|
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
|
|
Report errors when writing or closing a capture file.
Clean up some I/O error messages.
svn path=/trunk/; revision=3011
|
|
svn path=/trunk/; revision=2982
|
|
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
|
|
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2950
|
|
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
|
|
files from being #included in epan/packet.c.
Fix the other files that need either "gtk/colors.h" or <gtk/gtk.h> #included
as a result of not pulling in gtk/colors.h automatically because of file.h.
svn path=/trunk/; revision=2519
|
|
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478
|
|
svn path=/trunk/; revision=2458
|
|
attempt to read from a capture file is to check whether the error
returned was 0 - if it is, it's an EOF. We no longer guarantee that the
data offset supplied will be negative on an error and 0 on an EOF.
svn path=/trunk/; revision=2445
|
|
svn path=/trunk/; revision=2417
|
|
re-dissected on a rescan.
svn path=/trunk/; revision=2416
|
|
seemed to be ...
svn path=/trunk/; revision=2412
|
|
called packet_init_proto, which blows away the items the list points to.
svn path=/trunk/; revision=2408
|
|
just in case time goes backwards (yes, it sometimes does happen in
captures).
svn path=/trunk/; revision=2407
|
|
may be redrawing a packet window that displays a frame other than the
current frame; give it arguments to specify the raw frame data and
"frame_data" structure for the frame.
This requires that each packet window have, associated with it, a
pointer to the "frame_data" structure; that replaces the "cap_len" and
"encoding" fields in a "PacketWinData" structure, as those are just
copies of fields from the frame's "frame_data" structure.
"packet_hex_print()" needn't be passed both the start and length values
from a "field_info" structure - just pass it a pointer to that
structure, or NULL for "no field is selected in the packet". It also
needn't, any longer, be passed the "cap_len" and "flags.encoding" fields
of a "frame_data" structure - just pass it a pointer to that structure.
In "redraw_hex_dump_all()", don't redraw the hex dump pane of the main
window if there is no current frame.
svn path=/trunk/; revision=2404
|
|
the text in all "Follow TCP Stream" windows;
the text in the help window if we have one up;
all hex dump windows;
when GUI preference changes are to be applied, so that font changes and
"Follow TCP Stream" color changes show up.
Update both the Roman and bold font when the font is changed.
Don't decrement the reference counts on the old Roman and bold fonts
until that's all done.
svn path=/trunk/; revision=2401
|
|
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
|
|
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
|
|
capture, clear the per-frame data pointers of all frames in the capture,
as those pointers now refer to data that's been freed.
Do that to all frames even if the user stops the rescan in the middle -
and clear the "visited" flag for all frames as well.
svn path=/trunk/; revision=2361
|
|
redissecting the packets due to some preference changing, as the
preference may affect what state information gets constructed as a
result of some particular frame being dissected.
We don't have to do it when filtering the packets, or colorizing them,
however.
svn path=/trunk/; revision=2359
|
|
number of replies seen, keep the frame number of the first request seen
for that call and the first reply seen for that call. Use that to
determine whether a request or reply is a duplicate or not.
That means that we don't have to reset the table of RPC calls on a
rescan of the capture (which didn't even fix all the cases where we'd
have misreported the original call or reply as a duplicate due to having
seen it once on the initial pass through the file and once again when,
for example, the user clicked on the packet); doing so causes plenty of
other problems, so don't do that - and don't clear the "visited" flag on
frames on a rescan, either, as that's only done because we were clearing
out conversations and calling all protocols' "init" routines.
As a free bonus, this means that, for a reply, we know what frame the
request was in; put that information into the protocol tree for the
reply, snoop-style.
Make the table of RPC call information, and the routines that manipulate
it, static to "packet-rpc.c"; nobody outside "packet-rpc.c" uses them.
svn path=/trunk/; revision=2358
|
|
color of marked frames.
They are currently only available from preferences file,
but I will add the color selection in GUI later.
svn path=/trunk/; revision=2327
|
|
the middle mouse button. The marked packets are displayed in
reverse video but this should change in the future (the color
should be configurable via the GUI).
Then, the marked packets can be saved (via the "Save as"
window dialog).
Other features will be added in the future (I am waiting for
your comments and wishes).
svn path=/trunk/; revision=2322
|
|
svn path=/trunk/; revision=2298
|
|
svn path=/trunk/; revision=2277
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
svn path=/trunk/; revision=2237
|
|
file to a user-specified file.
Move the file-copy routine in save_cap_file() to an indepenent
function in file.c (copy_binary_file()) so that follow_dlg.c can use it.
Remove #include "follow.h" from the C files that don't need it.
svn path=/trunk/; revision=2200
|
|
as a long filename may overflow the buffer.
svn path=/trunk/; revision=2199
|
|
been deleted. So we have to set fdata->flags.visited to 0 for each frame,
denoting a "fresh" scan.
svn path=/trunk/; revision=2161
|
|
When capturing, report errors trying to create the output file
with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
When checking whether an "open()" of a capture file succeeded, check
whether "open()" returns a negative number, not whether it returns 0.
In "wtap_open_offline()", if the file to be opened is a directory,
return EISDIR, not WTAP_ERR_NOT_REGULAR_FILE, so that the error message
can say "that's a directory, not a file".
If "wtap_open_offline()" returns WTAP_ERR_NOT_REGULAR_FILE, don't just
say the file is "invalid", say it's a "special file" or socket or some
other weird type of file.
svn path=/trunk/; revision=2144
|
|
to use "warning" dialog boxes only to warn the user "if you do that, bad
things may happen" *and* to offer them the option either to drive on or
quit, so perhaps ESD_TYPE_CRIT should be used for all errors).
However, put "Ethereal: Error" rather than "Ethereal: Critical" in the
title bar, in the hopes that it'll make it clearer that Something Bad
Happened.
If the user specifies that captures should be saved to a user-specified
file rather than a temporary file, report errors trying to create that
file with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
svn path=/trunk/; revision=2143
|
|
long time on a large capture.
If the user is changing the setting of "Display TOS as DiffServ" *and*
the time stamp format, don't bother doing the time display update -
we'll regenerate the entire display anyway because we changed the
setting of "Display TOS as DiffServ".
svn path=/trunk/; revision=2130
|
|
a word to use in the progress dialog, and a flag indicating whether the
display filter is to be reevaluated or not, and:
have "colorize_packet()" call that routine with "Colorizing" and
FALSE as those arguments;
have the filtering code call that routine with "Filtering" and
TRUE as those arguments;
add an exported routine to call that routine with "Reprocessing"
and TRUE as those arguments, to use to re-generate the packet
list and to re-filter the packets if a protocol preference has
been changed.
Keep track of whether preferences are changed from their initial value
by a preferences file or a command-line option, or from their previous
value by the "Preferences" dialog box; have "prefs_apply_all()" only
call the "apply" callback for a module if they have.
Call "prefs_apply_all()" after the command-line arguments have been
parsed and after "OK" has been clicked in the "Preferences" dialog box,
to notify modules of preference changes if they've registered a callback
for that.
After "OK" has been clicked in the "Preferences" dialog box, if any
preferences have changed, call the reprocessing routine, as the summary
line for some frames and/or the current display filter's value when
applied to some frames may have changed as a result of a preference
change. Do the same after "OK" or "Apply" has been clicked in the
"Display Options" dialog box (as it controls a protocol preferences
item.
svn path=/trunk/; revision=2126
|
|
TRUE, meaning "don't delete this", and if its "stop this operation"
button gets clicked, don't have its handler delete the progress dialog;
instead, leave the deletion of the window up to the code using the
dialog, as it'll do so when it stops the operation.
Make the "read file" operation destroy the dialog; all the other
operations already did so (as they just broke out of the loop doing the
operation, rather than returning).
Don't catch the "destroy" operation on the dialog box - its handler
appeared never to get called; we can just free the "progdlg_t" for the
dialog in "destroy_progress_dlg()", right after destroying the dialog
box widget.
svn path=/trunk/; revision=2122
|
|
dialog box; that lets us do some type-checking, but we can still typedef
it to an incompletely-defined structure to hide the implementation
details from the caller.
Make "create_progress_dlg()" take, as an argument, the title to put in
the "stop the operation" button, and use "Stop" rather than "Cancel" if
stopping the operation doesn't undo all the work it's done.
Thaw the clist if we break out of a "read the file" operation, as we
freeze it before the operation.
Have the handler for the "delete" event on the progress dialog box
return FALSE, to let GTK+ know that it should, in fact, delete the
window. ("delete" event handlers should return TRUE if the window
shouldn't actually be deleted, FALSE if it should; they should not
return "void".)
svn path=/trunk/; revision=2120
|
|
reading a capture file, we should just clean up and return so that
Ethereal continues running with no capture file loaded, unless the read
is being done as a result of Ethereal being run with the "-r" flag, in
which case we still exit (although we may eventually choose to continue
running with no capture file loaded even in that case).
svn path=/trunk/; revision=2104
|
|
potentially long-running operation that has a progress indicator, pop up
a modal dialog box with
an indication of what is being done;
a progress bar;
a "Cancel" button to stop the operation.
This:
leaves more room on the status line for a filter expression;
provides a mechanism to allow the user to cancel long-running
operations (although the way we do so may not back out of them
as nicely as the user might like, if it's not obvious what the
"right" way is or if the "right" way is difficult to implement
or involves doing as much work as letting the operation
continue);
means that, because the dialog box is modal, we don't have to
worry about the user performing arbitrary UI operations out from
under the operation and changing arbitrary bits of state being
used by that operation.
svn path=/trunk/; revision=2103
|
|
it, rather than its callers, get that pointer from "cf->wth".
svn path=/trunk/; revision=2096
|
|
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
|
|
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
doing something that requires that the text for protocol tree entries be
generated, i.e.
1) initialize it to FALSE;
2) have every routine that sets it clear it when it's done;
3) when printing packets, set it to TRUE only if we're not just
printing packet summary lines;
and then get rid of settings to FALSE made unnecessary as a result of
those changes.
This makes sure it's not set when it doesn't have to be (which causes
the protocol tree code to format the text when it doesn't have to,
wasting CPU time).
svn path=/trunk/; revision=1973
|
|
selected before we started re-colorizing or re-filtering the display, as
when the first row is added to the clist, that may be selected and thus
made the current frame.
This means that we can't find the row corresponding to the
previously-selected frame, if any, by checking as each packet is
colorized/filtered and see whether its "frame_data" structure is equal
to "cf->current_frame", as that'll always say that the first frame in
the display is the selected frame.
Instead, we recored the value of "cf->current_frame" before we do
anything to the clist, have "add_packet_to_packet_list()" return either
the row number of the frame (if it passed the filter and thus was added
to the clist) or -1 (if it didn't pass the filter and thus wasn't added
to the clist), and, after "add_packet_to_packet_list()", if the current
frame is the one that was the selected row, remember its row number (if
any), and, when we're finished colorizing/filtering the display, make
that row the current row if it's not -1 (-1 means that the selected row
didn't pass the filter).
Also, don't do that until after we've thawed the clist, as the vertical
adjustment for the clist doesn't reflect reality until then, and
attempting to go to a given row won't work right until the vertical
adjustment for the clist reflects reality.
Shove all the code to set the selected and focus rows, and to make said
row visible, into a routine, so the "Find Frame" and "Go To Frame" code
can use it as well.
svn path=/trunk/; revision=1959
|
|
svn path=/trunk/; revision=1952
|
|
that being the UNIX default.
svn path=/trunk/; revision=1911
|
|
but will be in the future, and it's easier for me to keep my local branch
in sync with the source with the calls to dfilter_apply() already modified
tothe 4-arg format.
Add a CPP macro to ipv4.h to define ipv4_addr_ne(). Use it in dfilter.c
svn path=/trunk/; revision=1854
|