the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
to return a pointer to the merge_in_file_t that got the error. Set *err
to 0 on success and an error code on an err, treat a null return as an
EOF indication, and if we don't get a null return check for a non-zero
error code and treat that as an I/O error.
svn path=/trunk/; revision=39964
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
Make the loops that scan through all the packets do so by frame number,
to abstract away the "next" and "previous" pointers in the frame_data
structure. Add a routine to cfile.c to map frame numbers to frame_data
structures, and put in some special case handling so scanning forward or
backward through the packets is O(N) rather than O(N^2).
svn path=/trunk/; revision=36846
so get rid of the select_flag argument, and rename it
new_packet_list_select_row_from_data().
It's also always passed a frame_data *, so make its argument a
frame_data *.
Its return value is used only to detect whether the packet was found in
the display or not, so make it a gboolean. Check it in *all* cases
where it's called, and change the dialog message a bit (the most likely
cause is that the user cancelled a redissection of the packets, so not
all packets in the capture file are in the display.
Also, in the find case, pass it the new packet we found.
svn path=/trunk/; revision=36839
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointers, as there's code that assumes that if they're not set to null
pointers, they're set correctly, and doesn't bother setting them to the
right value.
svn path=/trunk/; revision=36252
pointers to null strings, rather than a bunch of null pointers, so that
if an exception is thrown before we set any of the columns, or some
other problem occurs, we don't end up with null pointers that could
later cause a crash.
Fix indentation.
svn path=/trunk/; revision=36234
In convert_string_case() use g_utf8_strup() instead of converting each
character by hand. Hopefully this won't cause any unexpected changes in
behavior.
svn path=/trunk/; revision=36006
use GTK+ data types, so, at least in theory, it could be implemented
atop another toolkit.
Make statusbar_push_temporary_msg() take a format string and format
arguments. Use it instead of simple_status(), and change one call to
just take a format string and arguments rather than to take the result
of using that format string and arguments with g_strdup_printf() and
passing the result to statusbar_push_temporary_msg().
svn path=/trunk/; revision=35041
Continue to use the data offset ((uncompressed) bytes read) as our progress
indicator, at least until we get a progress value greater than 1.0. Then,
in addition to checking if the size of the file changed, check our position in
the file and use that as our progress indicator.
This optimizes uncompressed file accesses (avoiding an lseek()) at the "expense"
of switching progress measures (from data read to position in the file) while
loading a file. Tests have shown that the progress bar never shows the data
offset number when loading a compressed file, so this should be okay.
svn path=/trunk/; revision=34563
1. Restore the functionality of <Ctrl>A and <Ctrl>X to the filter textbox.
2. Assign intuitive shortcuts without consuming any new shortcut letters.
3. Add 'Un-Time Reference All Packets' to the menu.
4. Disallow the marking or ignoring of all packets in the capture.
5. Make the Mark/Ignore/Time Reference-related menu items context sensitive.
6. Add 'ref_time_count' to the capture_file structure
7. Utilize marked/ignored/ref_time_count vars to prevent needless looping thru
the entire packet list by exiting the loop when it becomes zero.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5115
svn path=/trunk/; revision=33817
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
updates are off and which sets the capture file state to a value that
won't cause an assertion when the user stops capturing. Fixes bug 4035.
svn path=/trunk/; revision=33005
we can use it in the main window title during and after capture. Add a
"-X" option for providing a description for stdin.
svn path=/trunk/; revision=32357
As now, when Wireshark save capture files, it show "Loading" in status bar and
in the dialog box, warning many users of lost them packets. Saving work as expected.
Is simply a GUI use interaction problem.
svn path=/trunk/; revision=31269
statusbar. This lets us notify the user about something significant
without having to pop up an annoying window. Replace a few dialogs with
statusbar messages.
svn path=/trunk/; revision=30810
Seting focus in new_packet_list_moveto_end() seems also to be needed to make it work properly I'm not 100% sure if it should be done differently.
svn path=/trunk/; revision=30074
cleanup_dissection() calls se_free_all(); And after that fdata->col_text (which is allocated using se_alloc0()) no longer points to valid memory.
svn path=/trunk/; revision=29920
- Calculate the progess before checking if progress bar should be
created or not.
- Dont update the progress to often on small files.
- Use data_offset rather than reading file_pos.
svn path=/trunk/; revision=29648
This patch fixes the "Decode as" crash. We now freeze the packetlist before
attempting to clear it. This way we don't have to issue a row deleted signal
either.
svn path=/trunk/; revision=29238
to store (most) of the underlying data rather than the strings in the store and render it when we need it, thuss saving storage space and loading time.
Idealy we should not store the complete fdata or pinfo structures
but rather just the data relevant to the currently selected/used columns. I'm not entierly sure how to accomplish that however.
Dynamically allocated array to hold pointers to the actual data?
svn path=/trunk/; revision=29237
enabling/disabling the coloring of the packet list from the menus, the user
has to drag the mouse cursor over each displayed row to take away/add the
coloring. Dragging the scroll bar up or down will also take care of this as
only the displayed rows are colored.
svn path=/trunk/; revision=29142
To use the GTK2 based packet list, define NEW_PACKET_LIST when compiling.
To do this with gcc, set the environment variable CPPFLAGS to
"-DNEW_PACKET_LIST" and re-run configure.
Many features do not yet work. This work began with prototypes by Ulf
quite a while back. I've put quite a bit of work into this so far and
as discussed with a few of the core team members at Sharkfest09 and it was
decided that it would be best to commit what I have so far to allow others to
help work on this.
svn path=/trunk/; revision=28892
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
This patch downgrades the g_assert() to a proper if statement. This is needed
because we can end up with a match but _without_ any valid row attached to it.
This is the case when the user has aborted while dissecting.
svn path=/trunk/; revision=28555
when loading files > 50 MB wireshark redraws the first pane on each
update_progress_dlg(). If auto_scroll_live is not set that's mean it redraws
the same rows again and again.
The patch attached only redraws it once or if cf->displayed_count < 1000, in
case you have a very big screen.
svn path=/trunk/; revision=28475
up (99 44/100% of which were assignments of double-precision
floating-point constants to floats). Hopefully this will catch at least
some P64 issues on UN*X.
svn path=/trunk/; revision=28108
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
Up till now every packet in the packet list got a copy of the pointer to the filter expressions for
the last packets' columns. Hence any 'Copy as Filter" on a column got the expression of the last
packet in the packet list. Instead every packet needs to get a pointer to the filter expressions
for its own columns. This requires making a copy of the filter expressions themselves.
Since this is a bug in 1.0 as well the GLIB1 code is provided for backporting, which can later be dropped from the development tree.
svn path=/trunk/; revision=27396
We might receive new packets while redissecting and don't want to
dissect those before the packet-list is fully rebuilt.
svn path=/trunk/; revision=26309
capture callbacks the capture_options * as its second argument in all
cases. This makes it a bit clearer what arguments callbacks take, and
means we can get rid of all global_capture_opts references in
gtk/main_statusbar.c.
Put the interface between gtk/main.c and gtk/main_statusbar.c into a
private header.
svn path=/trunk/; revision=25576
Not implemented for conversation relative and delta time yet, because this
will need a reload as they are set by the dissectors and does not exist in
the frame data.
svn path=/trunk/; revision=25452
g_mallocated string, so it's not const.
Fix a comment to reflect reality (err_info is some additional
information about the error returned by Wiretap, e.g. some gory details
about the error, mainly useful to developers and support people).
svn path=/trunk/; revision=25401
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
correctly reflect the auto scroll state. Re-enable the ability to use
the auto scroll toolbar button and menu item during a live capture.
svn path=/trunk/; revision=23777
"Automatic scrolling in live capture" are both enabled, make the scroll
bar behavior more natural. If the packet list is scrolled to the
bottom, scroll automatically. If the user scrolls back, keep the packet
list scrolled at that point instead of jumping back to the end.
svn path=/trunk/; revision=22277
These changes allow the packet list clist to be destroyed and recreated
with the new column titles/values/order that the user changed in the
preferences without restarting Wireshark.
svn path=/trunk/; revision=22038
routines and routines using those routines. GLib might use different
modifiers for 64-bit quantities than the platform's C library does.
svn path=/trunk/; revision=21990