- when in a live capture mode no packet is received
during a timeout, the displayer process is notified
about any remaining captured packets. Note that this
fix works on Linux only with a patched libpcap.
- remove unnecessary time() call and sync_time
loop_data field.
Thanks to John McDermott for his help during fixing
and testing.
svn path=/trunk/; revision=464
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag). Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.
When reading a temporary capture file after a live capture, don't apply
any filter.
Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.
Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.
svn path=/trunk/; revision=460
call to pcap_dump_open. This allows us to control the readability of the
temporary trace file, and avoid a race condition in which a user could
open the trace file after the pcap_dump_open() call and the subsequent
chmod() call.
Thanks to Jeorg for pointing for pointing out the race condition.
svn path=/trunk/; revision=421
read the trace. We chmod() after pcap creates the file, but before it actually
writes data there. Thanks to Frederic Peters <fpeters@multimania.com>,
the Debian maintainer of Ethereal, for pointing this out.
svn path=/trunk/; revision=413
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
capture to a file or printer. This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.
Get rid of "cur" member of "capture_file" structure; nobody used it.
There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"
button.
Put the declaration of "prefs" into "prefs.h".
svn path=/trunk/; revision=378
(this assumes that "libpcap" writes out the header as soon as that
happens, which is the case for "libpcap" 0.4), we sync it out (to make
sure said header is in the file), and signal the parent process, so that
it opens the capture file and updates its windows to indicate that the
capture is in progress.
svn path=/trunk/; revision=371
display filter code, which uses features in GLIB-1.2.x), I removed
the vestigial code supporting old 1.0.x and 1.1.x GTK+ versions.
svn path=/trunk/; revision=360
doesn't link with libpcap, so no packet captures can be made. The
"--disable-pcap" option has been added to the configure script. Docs
have been updated. And the string buffer size in the simple_dialog()
has been doubled so that Johan's e-mail address in the "About" dialogue
window doesn't get chopped off.
svn path=/trunk/; revision=351
NetMon statistic packets for now. We might fix that problem with wiretap,
either filtering out those packets, and/or providing the summary
information through a new wiretap API.
svn path=/trunk/; revision=326
why I had to swap fields (data = w) in some of the callback functions when
I added support for gtk+-1.1. Because of the use of gtk_signal_connect_object,
the wrong value was being sent to the callback function. We were just lucky
that with gtk+-1.0 it worked.
gtk_signal_connect_object is for use with callbacks that take one argument.
gtk_signal_connect is for use with callbacks that take two arguments.
svn path=/trunk/; revision=324
is the same as "Tools/Capture", and "Display" has an "Options" item,
which pops up a dialog box to let you change the "default" time-stamp
column display format on the fly (the "default" is what the "-t"
command-line option sets), and have the display change when you do that.
Made infrastructure changes to make the immediate display update work.
Removed some unused functions, declared some functions used only in the
file in which they're defined "static", and removed some unnecessary
#includes.
svn path=/trunk/; revision=317
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
of the packet count combo box; there's no need to do so (we don't
remember the string, just its value when converted to a number), and, as
we don't free what "g_strdup()" returns, and don't remember it to save
it later, we leak memory.
svn path=/trunk/; revision=302
dialog box, put "0 (Infinite)" first, so that we default to that rather
than to the number of packets in the last capture we read.
svn path=/trunk/; revision=300
a random name chosen by tempnam(), unknown to the user. If the user decides to save that
trace, he then uses File | Save to save it to a file. File | Save As lets him make a copy
of his named trace file as well. I also updated my e-mail address in the various credit
locations.
svn path=/trunk/; revision=242
wiretap and gtk+-1.1.x. I also added an #include to util.c to keep
it from complaining about a lack of a definition of vsnprintf when
compiling with gtk+-1.1.x.
svn path=/trunk/; revision=136
Tests for GTK versions are done during compilation, not during "./configure".
The big problems have been taken care of in this patch (functional change
in the packet clist and conversion of menu_factory to item_factory), but
plenty of smaller problems with dialogue boxes abound. I have fixed
a small problem with file_open*(), but have left 2 comments in just in case
I'm not going about this the right way. Can someone verify?
svn path=/trunk/; revision=127
macro (modeled after similar macros provided with "autoconf") to check
whether "struct sockaddr" has an "sa_len" member, and defines or
undefines "HAVE_SA_LEN" appropriately. Use it instead of
"AC_LBL_SOCKADDR_SA_LEN", and use "HAVE_SA_LEN" instead of
"HAVE_SOCKADDR_SA_LEN".
svn path=/trunk/; revision=96
forgot that CVS, unlike Perforce, doesn't let you edit the list of files
it gives you in the editor and cause those files *not* to be committed,
it requires you to specify the files to be committed if you only want
some files committed.
svn path=/trunk/; revision=92
That requires that, in the packet-reading loop, we pass to the callback
routine the offset in the file of a packet's data, because we can no
longer compute that offset by subtracting the size of the captured
packet data from the offset in the file after the data was read -
"snoop" may stick padding in after the packet data to align packet
headers on 4-byte boundaries.
Doing that required that we arrange that we do that for "libpcap"
capture files as well; the cleanest way to do that was to write our own
code for reading "libpcap" capture files, rather than using the
"libpcap" code to do it.
Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c",
as they're not used elsewhere.
If we're using wiretap, don't define in "file.h" stuff used only when
we're not using wiretap.
Update the wiretap README to reflect Gilbert's and my recent changes.
Clean up some memory leaks in "wiretap/lanalyzer.c" and
"wiretap/ngsniffer.c", where the capture-file-format-specific data
wasn't freed if the open failed.
svn path=/trunk/; revision=91
1) renaming "snprintf.h" to "snprintf-imp.h" (it contains stuff
used by the "snprintf()" *implementation*, but not stuff it
*exports*);
2) creating a new "snprintf.h" to declare "vsnprintf()" and
"snprintf()";
3) removing an unused variable;
4) fixing a call to "add_item_to_tree()" to handle the
possibility of "ntohl()" returning a "long" rather than an
"int".
svn path=/trunk/; revision=47
- Separated display and capture filters; rearranged some of the look and feel
- Lots of other miscellaneous fixes and updates
svn path=/trunk/; revision=38
window. Added basic counter (%) hooks for all currently supported base protocols.
OSPF Counter added as an example.
All of this has mainly cosmetic purposes.
svn path=/trunk/; revision=34
generalizes the column printing code, adds a "frame" tree item to
the tree view, and fixes a bunch of miscellaneous coding bugs.
svn path=/trunk/; revision=31
Guy Harris