directly edit the capture preferences, rather than only being able to
set them implicitly from the values for the most recent capture.
Add a preferences item for the interface on which to capture.
Get rid of some unused variables.
svn path=/trunk/; revision=4510
"gboolean", as it's a Boolean value, and move it to the beginning of the
structure in Tethereal, as it is in Ethereal.
From Graeme Hewson:
Check for "pcap_dispatch()" returning -1, meaning an error
occurred; if it does, stop capturing, and report the error.
If we get a signal in tethereal, stop the capture with a
"longjmp()", rather than by clearning the "go" flag;
"pcap_dispatch()", on many platforms, keeps reading rather than
returning a captured packet count of 0 if the system call to
read packets returns -1 with an errno of EINTR, so the
"pcap_dispatch()" won't be broken out of if the signal handler
returns.
Fix a typo in an error message.
svn path=/trunk/; revision=4471
maximum size if there is no capture file; in fact, if you do, you get a
core dump. Skip the capture file size test if not capturing to a file.
svn path=/trunk/; revision=4434
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
obsolete; we silently ignore attempts to set those in a preferences
file, so that we don't spam the user with error messages caused by them
having saved preferences in an earlier release that contained those
preferences.
Make the Diameter and iSCSI dissectors register obsolete preferences.
Crash if some code tries to register a preferences module with a name
that contains something other than lower-case ASCII letters, numbers, or
underscores, or that has already been registered, or if some code tries
to register a preference with a name that contains something other than
lower-case ASCII letters, numbers, underscores, or periods, or that has
already been registered, so that we don't put code like that in a
release and have to shovel code into "prefs.c" to fix it up later. (The
problem with multiple modules or preferences with the same name should
be obvious; the problem with names with blanks, or upper-case letters,
or punctuation, is that they're a pain to type on the command line.)
svn path=/trunk/; revision=4148
reside. Use it, rather than concatenating the user's home directory and
".ethereal" in a number of files.
Fix up some additional places to use G_DIR_SEPARATOR_S as the pathname
separator.
svn path=/trunk/; revision=4061
buffered data is written out to the file;
headers are written if the capture file header depends on the
number or sizes of the packets;
etc..
svn path=/trunk/; revision=3909
"--with-pcap", it adds the "include" subdirectory of that directory to
the list of directories to search for include files, rather than adding
the directory itself.
Check whether libpcap defines "pcap_version", and define
HAVE_PCAP_VERSION if it does. Use "pcap_version" iff HAVE_PCAP_VERSION
is defined, rather than special-casing MacOS X.
Don't #define a string for the WinPcap version; just leave
HAVE_PCAP_VERSION undefined on Windows, as WinPcap 2.2beta is out, so we
can no longer assume that the Windows version of Ethereal is using
WinPcap 2.1.
svn path=/trunk/; revision=3792
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
allow you to suppress the printing of unmarked packets.
This allows a user to mark the packets they wish to print and
print ONLY those packets by suppressing all other unmarked packets.
This may seem like a bit of a convoluted way of expressing things,
as usually the desired behavior would be to print the marked packets.
However, we do NOT print marked packets that are not displayed under
the current filter. To be maximally explicite I've expressed this
as suppressing unmarked frames.
svn path=/trunk/; revision=3736
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
"main()", the program exits, and exits with an exit status equal to the
return value of "main()", so "return 0;" is sufficient at the end of
"main()".
svn path=/trunk/; revision=3350
and never was - there's only an Ethereal-wide "enable name resolution"
preference. Name it just "name_resolve".
Replace all tests of "g_resolving_actif" with tests of
"prefs.name_resolv", and replace all code that sets "g_resolving_actif"
with code that sets "prefs.name_resolv", so that the setting of
"prefs.name_resolv" actually affects whether names are resolved or not.
svn path=/trunk/; revision=3300
binaries, so users only need to make sure they have that version
installed in order to have Ethereal (and tcpdump, and snort, and so on)
accept "lanN"-style names (i.e., names of the sort reported by lanscan
and handled by ifconfig), rather than "dlpiN".
Get rid of the patches to update libpcap, get rid of the discussion in
"README.hpux" of patching libpcap and just say "get 0.6.2", and make the
notes on HP-UX kernel patches to fix problems with capturing outgoing
packets a separate item in the list of items in "README.hpux".
Also update the error messages Ethereal and Tethereal display if they
can't open a device and the error is "can't find PPA for XXX" to say
"get 0.6.2" rather than "patch libpcap and recompile.
svn path=/trunk/; revision=3288
for Win32, and show a slightly more informative (i.e., geared to the
user) help message when trying to capture without having WinPcap installed.
svn path=/trunk/; revision=3261
That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
"gtk/main.c" in Ethereal.
Add the GLib version to it in Ethereal, and put in the GLib version
rather than the GTK+ version in Tethereal (which isn't linked with
GTK+...).
Make it a GString; this makes the code to construct it slightly less
ugly, especially now that we're putting the GLib version in.
Fix the code for the "-D" flag in Tethereal to compile in a no-libpcap
version (in a no-libpcap version, it just says that this version of
Tethereal wasn't compiled with capture support).
svn path=/trunk/; revision=3196
prints a list of all network interfaces it found on which it can capture
(the same list as the one that shows up in the "Interface" combo box in
Ethereal's "Capture Preferences" dialog).
svn path=/trunk/; revision=3194
expect - it means "same as fully-buffered". This means that the "-l"
flag is a no-op on Windows.
Instead of setting line-buffered mode with "setvbuf()", set a flag and,
if that flag is set, flush the standard output after the information for
ever packet is printed; this isn't "line-buffered", either, but, as the
reason for doing line-buffering is to allow the output of Tethereal to
be piped to a program and to have that program see the output for a
packet as soon as the packet is seen and dissected, it should be just as
good as line-buffered.
svn path=/trunk/; revision=3047
Print the "Capturing on <interface>" message, the running count of
packets captured, and error messages to the standard error in Tethereal,
so that you can pipe the output of a live capture that's printing
packets to a program or script without that script having to worry about
parsing stuff other than dissected packet summaries or details (tcpdump
does the same).
svn path=/trunk/; revision=3017
Guy Harris