in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
"from_filename" - are both null-terminated strings; compare them with
"strcmp", not "strncmp()". ("cf->filename" is a "char *", so
"sizeof(cf->filename)" is not the right third argument to "strncmp()" in
any case, as it's the size of a pointer, which is probably either 4 or 8
bytes.)
Make the dialog box for "Can't save over current capture file" an
ESD_TYPE_CRIT dialog box, as it's a fatal error.
svn path=/trunk/; revision=5526
Don't show progress bar for quick "Find Frame" searches
Add "Find Next" and "Find Previous" to repeat searches
Add documentation for "Find Next" and "Find Previous".
svn path=/trunk/; revision=5378
have "filter_packets()" make a copy of the filter string handed
to it, as it may save the filter string in the "capture_file"
structure, and the caller of "filter_packets()" shouldn't have
to worry about the string it passed to "filter_packets()" being
stashed away somewhere so that it can't just free that string or
change it;
have callers of "filter_packets()" free up the string they
handed to it, if the string was allocated and they're done with
it;
plug some memory leaks in "match_selected_cb_do()".
Check for an illegal "action" argument being passed to
"match_selected_cb_do()".
Move some keys out of "keys.h" into "gtk/main.c", as they're only used
in "gtk/main.c".
Make the pointer to the filter list a data item for the combo box, as
it's a copy of the list of strings for the combo box, rather than
attaching it to the widgets that activate the filter (a pointer to the
combo box *itself* is a data item for those widgets).
In "filter_activate_cb()", make a copy of the text from the text entry
field as soon as we fetch it, and use that copy. Free that copy if
we didn't add the filter to the filter list.
Don't make a copy of the entire filter list and use that to set the
combo box's list of items - just use the list itself. Also, when the
list is changed, make the new value the data for the combo box (the list
pointer will actually not be changed, because we happen to be using
"g_list_append()", but let's not rely on that).
svn path=/trunk/; revision=5368
the file grew while we were reading it, and re-fetch the size and try
again; if it's still > 1, give up and clamp it at 1 so that the GTK+
progress bar code doesn't complain.
svn path=/trunk/; revision=5232
be eliminated (because the function is called through a pointer, and
other functions called through the same pointer *do* use the argument)
as unused.
svn path=/trunk/; revision=5050
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
"init_dissection()" which calls "epan_conversation_init()", does the
work that "init_all_protocols()" did, and then calls
"reassemble_init()", so that the standard sequence of dissection
initialization is done in one place, rather than having multiple places
call the same sequence of routines.
svn path=/trunk/; revision=4797
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
and "Automatic scrolling in live capture" options from the preference
settings for them, so that the preference settings affect the initial
values of those options, but changing those values in a capture don't
affect the preferences, and don't automatically get saved when you save
the preferences.
If we're building without libpcap, don't have an "Automatic scrolling in
live capture" option anywhere.
svn path=/trunk/; revision=4514
variables wrap-around. Since the request/reply packets are related via
a hash based on these uniqueness variables, long NCP traces can
have mis-matches reqeust/reply records.
Thus, only do the hash-lookup for the reply packet during the first
sequential scan of the trace file. Once the pertinent info is found,
store it in the packet's private data area.
Since the memory allocated for the hash and for the structures that make
up the keys are no longer needed after the first sequential run through
the trace file, arrange to free that memory after the first sequential
run. Similar to the register_init_routine() that allows dissectors
to register callbacks for calling *before* a capture file is loaded,
set up a register_postseq_cleanup_routine() function that allows
dissectors to register callbacks for calling *after* the first
sequential run-through of the trace file is made. This is not
a *final* cleanup callback, since Ethereal will still have that trace file
open for random-access reading.
I didn't have tethereal call postseq_cleanup_all_protocols() since
tethereal doesn't keep the trace file open for random-access reading.
I could easily be swayed to make tethereal call that function, however.
svn path=/trunk/; revision=4484
there are any columns whose time formats will change, and just return if
there aren't.
We also, however, need to set the "writable" flag on the columns before
doing that check, as "check_col()" checks whether the column in question
is writable; in this context, all columns are writable.
svn path=/trunk/; revision=4472
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
and call it both from "select_packet()" and "create_new_window()",
rather than having two similar loops in both places.
svn path=/trunk/; revision=4233
directory in which global data files are stored. If an installed binary
is being run, that's the correct directory for them; if a build-tree
binary is being run, the "manuf" file will be there, and you can put
other data files there as well, if necessary.
Do the same with plugins, except that, if there's no
"plugins\\{version}" subdirectory of that directory, fall back on the
default installation directory, so you at least have a place where you
can put plugins for use by build-tree binaries. (Should we, instead,
have the Windows build procedure create a subdirectory of the "plugins"
source directory, with the plugin version number as its name, and copy
the plugins there, so you'd use the build-tree plugin binaries?)
Move "test_for_directory()" out of "util.c" and into
"epan/filesystem.c", with the other file system access portability
wrappers and convenience routines. Fix "util.h" not to declare it - or
other routines moved to "epan/filesystem.c" a while ago.
svn path=/trunk/; revision=3858
allow you to suppress the printing of unmarked packets.
This allows a user to mark the packets they wish to print and
print ONLY those packets by suppressing all other unmarked packets.
This may seem like a bit of a convoluted way of expressing things,
as usually the desired behavior would be to print the marked packets.
However, we do NOT print marked packets that are not displayed under
the current filter. To be maximally explicite I've expressed this
as suppressing unmarked frames.
svn path=/trunk/; revision=3736
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
by the "edt" member of a "capture_file" structure if we were selecting a
new frame, we were just overwriting that pointer).
Update Gerald's e-mail address.
svn path=/trunk/; revision=3470
control whether we have a child process do the capturing; a user might
want the packet list to be updated as packets arrive but *not* want it
to scroll so that the most recently arrived packets are shown.
"prefs.capture_auto_scroll", not "auto_scroll_live", should control
whether we scroll a real-time-update capture's packet list;
"auto_scroll_live" isn't set by the capture dialog box,
"prefs_capture_auto_scroll" is.
svn path=/trunk/; revision=3388
as, on a large capture, it could take a significant amount of time.
Let the user stop the computation and, if they do, don't pop up the
statistics dialog box.
Create a new header file declaring the routines to create, update, and
destroy progress dialog boxes; those routines' APIs don't depend on
GTK+, but others declared in "ui_util.h" do, and we don't want to oblige
a source file to depend on GTK+ headers unless it uses a GTK+ API or an
API that depends on GTK+.
svn path=/trunk/; revision=3179
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2950
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
Guy Harris