Age | Commit message (Collapse) | Author | Files | Lines |
|
the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
|
|
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
|
|
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
|
|
that cf_read_frame() and cf_read_frame_r() pop up an alert box on an
error, its callers no longer do so).
svn path=/trunk/; revision=33792
|
|
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
|
|
New functions: cf_read_frame_r, cf_read_frame
It's much easier to write:
cf_read_frame (cf, fdata, &err, &err_info)
Than:
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header, cf->pd,
fdata->cap_len, &err, &err_info)
svn path=/trunk/; revision=32980
|
|
svn path=/trunk/; revision=32312
|
|
with capture_file.plist_end
svn path=/trunk/; revision=30047
|
|
svn path=/trunk/; revision=29568
|
|
elsewhere.
svn path=/trunk/; revision=29490
|
|
initialise/cleanup stack allocated 'edt' structures. This should speed up dissection since we avoid some malloc traffic.
svn path=/trunk/; revision=29404
|
|
users (e.g. proto_hier_stats.c, others?) that relies on FT_PROTOCOL nodes being created they'll now need to call the newly introduced epan_dissect_fake_protocols() to disable this optimization.
Also make use of TRY_TO_FAKE_THIS_ITEM in proto_tree_add_text_node(), proto_tree_add_none_format() and proto_tree_add_protocol_format().
svn path=/trunk/; revision=29380
|
|
svn path=/trunk/; revision=29355
|
|
because proto_item is typedefed to proto_node. We shouldn't rely on this since this is an implementation detail.
svn path=/trunk/; revision=29354
|
|
up (99 44/100% of which were assignments of double-precision
floating-point constants to floats). Hopefully this will catch at least
some P64 issues on UN*X.
svn path=/trunk/; revision=28108
|
|
menu. Simplified getting the Display filter.
svn path=/trunk/; revision=23786
|
|
The Bytes and End Bytes columns will be wrong for reassembled protocols,
as they span across several packets, but I don't see any obvious way to
display such values. The correct values can be found by looking at the
parent protocols.
svn path=/trunk/; revision=23700
|
|
svn path=/trunk/; revision=23686
|
|
This fixes a bug where packets having toplevel tree items for desegmentation
(like [Reassembled TCP Segments]) are not added to the Protocol Hierarchy
Statistics "End Packets" and "End Bytes" columns.
svn path=/trunk/; revision=23667
|
|
the hop-by-hop option header tree in the main protocol tree. This fix skips
those entries that don't have a name assigned to them and goes on to the next
entry before adding it to the protocol hierarchy display.
svn path=/trunk/; revision=20558
|
|
svn path=/trunk/; revision=18197
|
|
button"; "Stop" should be used for operations that can only be stopped
(meaning that what it's already done isn't undone), not cancelled
(meaning that whatever it's already done *is* undone), for which
"Cancel" is used.
Allow the merging process to be cancelled.
Clean up indentation.
Update some comments.
svn path=/trunk/; revision=16489
|
|
Rename some variables to make the names used in progress bars more
common. (Should more of that functionality be moved into common
progress bar code?)
svn path=/trunk/; revision=16347
|
|
rather than checking only on every progress bar update quantum, so that
if the update quantum is *very* large, we don't end up waiting longer
than the standard time for a dialog box before checking.
svn path=/trunk/; revision=16327
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
we now put generated items as top-level items in the decode pane so
we should not check and abort if such are found.
svn path=/trunk/; revision=14819
|
|
desegmentation items "[Reassembled TCP Segments]"
svn path=/trunk/; revision=14549
|
|
optimization for COLUMNS to make ethereal faster when filtering
optimization to make the slow find_protocol_by_id() fast.
(idea from Didier, implementation modified by me to be less intrusive)
svn path=/trunk/; revision=14026
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
- store times of first and last packets in ph_stats_t
- add bandwidth columns in GUI
- miscellaneous code cleaning
svn path=/trunk/; revision=10398
|
|
"simple_dialog()"; NULL might be #defined to be a pointer expression on
some platforms, causing compiler warnings (and, on platforms where a
null pointer doesn't have all its bits 0, possibly causing misbehavior,
although I don't think there are any such platforms on which Ethereal
runs).
Don't allow 0 as button mask argument to "simple_dialog()".
Squelch a compiler warning.
Report fatal problems as errors, not warnings.
Report file I/O errors with "file_open_error_message()".
Report file write errors (including those reported by "close()", e.g.
some errors writing to an NFS server) when saving raw packet data to a
file.
svn path=/trunk/; revision=9915
|
|
better reflect the real error text
svn path=/trunk/; revision=9913
|
|
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
|
|
As this will always be a Cancel of a running operation, this parameter was removed.
This makes us also able to use a stock button for this.
svn path=/trunk/; revision=9774
|
|
capture_file structure - just make it local to the routine scanning
through the packets.
svn path=/trunk/; revision=9616
|
|
pointers to the first *and* last child, in the "proto_node" structure
itself. That saves us one level of indirection and memory allocation,
and lets us append to a tree by appending to the last child directly,
rather than having to scan through the list of siblings of the first
child to find the end of that list.
svn path=/trunk/; revision=9171
|
|
one member - or have one that's not used, so get rid of those unions.
svn path=/trunk/; revision=9151
|
|
svn path=/trunk/; revision=9075
|
|
svn path=/trunk/; revision=8364
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
information.
Fix the types of some variables (make the file position in
"read_cap_file()" a "long", as Wiretap supports "long" offsets, and make
processed-packet counts in packet-processing loops "int"s, as the total
packet count in a "capture_file" structure is an "int").
svn path=/trunk/; revision=6112
|
|
Ethereal sometimes creates a progress dialog bar and then, if
the processing is fast, quickly destroys it. The resulting
"flash" can be disconcerting. This set of patches ensures a
progress bar is either not created or is displayed for a minimum
time.
svn path=/trunk/; revision=5916
|
|
svn path=/trunk/; revision=5049
|
|
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
Gerald's fix wasn't the real problem; the original code was wrong in
treating a GNode containing a ph_stats_node_t as a GNode that is part
of a proto_tree; it worked because of the coincidental layout of the
two structs.
Now the code has been fixed, and some macros have been added for
accessing the GNodes and some variables renamed so that the code
is clearer.
svn path=/trunk/; revision=4464
|
|
Define a default width and maximum height for the stats dialog.
svn path=/trunk/; revision=4463
|
|
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
|
|
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|