the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
to return a pointer to the merge_in_file_t that got the error. Set *err
to 0 on success and an error code on an err, treat a null return as an
EOF indication, and if we don't get a null return check for a non-zero
error code and treat that as an I/O error.
svn path=/trunk/; revision=39964
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
Make the loops that scan through all the packets do so by frame number,
to abstract away the "next" and "previous" pointers in the frame_data
structure. Add a routine to cfile.c to map frame numbers to frame_data
structures, and put in some special case handling so scanning forward or
backward through the packets is O(N) rather than O(N^2).
svn path=/trunk/; revision=36846
so get rid of the select_flag argument, and rename it
new_packet_list_select_row_from_data().
It's also always passed a frame_data *, so make its argument a
frame_data *.
Its return value is used only to detect whether the packet was found in
the display or not, so make it a gboolean. Check it in *all* cases
where it's called, and change the dialog message a bit (the most likely
cause is that the user cancelled a redissection of the packets, so not
all packets in the capture file are in the display.
Also, in the find case, pass it the new packet we found.
svn path=/trunk/; revision=36839
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointers, as there's code that assumes that if they're not set to null
pointers, they're set correctly, and doesn't bother setting them to the
right value.
svn path=/trunk/; revision=36252
pointers to null strings, rather than a bunch of null pointers, so that
if an exception is thrown before we set any of the columns, or some
other problem occurs, we don't end up with null pointers that could
later cause a crash.
Fix indentation.
svn path=/trunk/; revision=36234
In convert_string_case() use g_utf8_strup() instead of converting each
character by hand. Hopefully this won't cause any unexpected changes in
behavior.
svn path=/trunk/; revision=36006
use GTK+ data types, so, at least in theory, it could be implemented
atop another toolkit.
Make statusbar_push_temporary_msg() take a format string and format
arguments. Use it instead of simple_status(), and change one call to
just take a format string and arguments rather than to take the result
of using that format string and arguments with g_strdup_printf() and
passing the result to statusbar_push_temporary_msg().
svn path=/trunk/; revision=35041
Continue to use the data offset ((uncompressed) bytes read) as our progress
indicator, at least until we get a progress value greater than 1.0. Then,
in addition to checking if the size of the file changed, check our position in
the file and use that as our progress indicator.
This optimizes uncompressed file accesses (avoiding an lseek()) at the "expense"
of switching progress measures (from data read to position in the file) while
loading a file. Tests have shown that the progress bar never shows the data
offset number when loading a compressed file, so this should be okay.
svn path=/trunk/; revision=34563
1. Restore the functionality of <Ctrl>A and <Ctrl>X to the filter textbox.
2. Assign intuitive shortcuts without consuming any new shortcut letters.
3. Add 'Un-Time Reference All Packets' to the menu.
4. Disallow the marking or ignoring of all packets in the capture.
5. Make the Mark/Ignore/Time Reference-related menu items context sensitive.
6. Add 'ref_time_count' to the capture_file structure
7. Utilize marked/ignored/ref_time_count vars to prevent needless looping thru
the entire packet list by exiting the loop when it becomes zero.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5115
svn path=/trunk/; revision=33817
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
updates are off and which sets the capture file state to a value that
won't cause an assertion when the user stops capturing. Fixes bug 4035.
svn path=/trunk/; revision=33005
we can use it in the main window title during and after capture. Add a
"-X" option for providing a description for stdin.
svn path=/trunk/; revision=32357
As now, when Wireshark save capture files, it show "Loading" in status bar and
in the dialog box, warning many users of lost them packets. Saving work as expected.
Is simply a GUI use interaction problem.
svn path=/trunk/; revision=31269
statusbar. This lets us notify the user about something significant
without having to pop up an annoying window. Replace a few dialogs with
statusbar messages.
svn path=/trunk/; revision=30810
Seting focus in new_packet_list_moveto_end() seems also to be needed to make it work properly I'm not 100% sure if it should be done differently.
svn path=/trunk/; revision=30074
cleanup_dissection() calls se_free_all(); And after that fdata->col_text (which is allocated using se_alloc0()) no longer points to valid memory.
svn path=/trunk/; revision=29920
- Calculate the progess before checking if progress bar should be
created or not.
- Dont update the progress to often on small files.
- Use data_offset rather than reading file_pos.
svn path=/trunk/; revision=29648
This patch fixes the "Decode as" crash. We now freeze the packetlist before
attempting to clear it. This way we don't have to issue a row deleted signal
either.
svn path=/trunk/; revision=29238
to store (most) of the underlying data rather than the strings in the store and render it when we need it, thuss saving storage space and loading time.
Idealy we should not store the complete fdata or pinfo structures
but rather just the data relevant to the currently selected/used columns. I'm not entierly sure how to accomplish that however.
Dynamically allocated array to hold pointers to the actual data?
svn path=/trunk/; revision=29237
enabling/disabling the coloring of the packet list from the menus, the user
has to drag the mouse cursor over each displayed row to take away/add the
coloring. Dragging the scroll bar up or down will also take care of this as
only the displayed rows are colored.
svn path=/trunk/; revision=29142
To use the GTK2 based packet list, define NEW_PACKET_LIST when compiling.
To do this with gcc, set the environment variable CPPFLAGS to
"-DNEW_PACKET_LIST" and re-run configure.
Many features do not yet work. This work began with prototypes by Ulf
quite a while back. I've put quite a bit of work into this so far and
as discussed with a few of the core team members at Sharkfest09 and it was
decided that it would be best to commit what I have so far to allow others to
help work on this.
svn path=/trunk/; revision=28892
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
This patch downgrades the g_assert() to a proper if statement. This is needed
because we can end up with a match but _without_ any valid row attached to it.
This is the case when the user has aborted while dissecting.
svn path=/trunk/; revision=28555
when loading files > 50 MB wireshark redraws the first pane on each
update_progress_dlg(). If auto_scroll_live is not set that's mean it redraws
the same rows again and again.
The patch attached only redraws it once or if cf->displayed_count < 1000, in
case you have a very big screen.
svn path=/trunk/; revision=28475
up (99 44/100% of which were assignments of double-precision
floating-point constants to floats). Hopefully this will catch at least
some P64 issues on UN*X.
svn path=/trunk/; revision=28108
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
Up till now every packet in the packet list got a copy of the pointer to the filter expressions for
the last packets' columns. Hence any 'Copy as Filter" on a column got the expression of the last
packet in the packet list. Instead every packet needs to get a pointer to the filter expressions
for its own columns. This requires making a copy of the filter expressions themselves.
Since this is a bug in 1.0 as well the GLIB1 code is provided for backporting, which can later be dropped from the development tree.
svn path=/trunk/; revision=27396
We might receive new packets while redissecting and don't want to
dissect those before the packet-list is fully rebuilt.
svn path=/trunk/; revision=26309
capture callbacks the capture_options * as its second argument in all
cases. This makes it a bit clearer what arguments callbacks take, and
means we can get rid of all global_capture_opts references in
gtk/main_statusbar.c.
Put the interface between gtk/main.c and gtk/main_statusbar.c into a
private header.
svn path=/trunk/; revision=25576
Not implemented for conversation relative and delta time yet, because this
will need a reload as they are set by the dissectors and does not exist in
the frame data.
svn path=/trunk/; revision=25452
g_mallocated string, so it's not const.
Fix a comment to reflect reality (err_info is some additional
information about the error returned by Wiretap, e.g. some gory details
about the error, mainly useful to developers and support people).
svn path=/trunk/; revision=25401
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
- Change apply / prepare / ... as filter to use the field's value, which
is now stored in fdata as well as cinfo. Now we don't have to reprocess
the entire packet list when using these features. This also prevents
the use of these features from overwriting custom column information.
(custom columns can now be used in apply / prepare ... as filter)
- Break col_expr and col_expr_val out into a struct that is included not only
in cinfo, but now also fdata.
- Have col_custom_set_fstr() quote FT_STRING & FT_STRINGZ when storing the
col_expr_val value (for filter creation).
svn path=/trunk/; revision=24511
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
correctly reflect the auto scroll state. Re-enable the ability to use
the auto scroll toolbar button and menu item during a live capture.
svn path=/trunk/; revision=23777
"Automatic scrolling in live capture" are both enabled, make the scroll
bar behavior more natural. If the packet list is scrolled to the
bottom, scroll automatically. If the user scrolls back, keep the packet
list scrolled at that point instead of jumping back to the end.
svn path=/trunk/; revision=22277
These changes allow the packet list clist to be destroyed and recreated
with the new column titles/values/order that the user changed in the
preferences without restarting Wireshark.
svn path=/trunk/; revision=22038
routines and routines using those routines. GLib might use different
modifiers for 64-bit quantities than the platform's C library does.
svn path=/trunk/; revision=21990
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
directory and most of the plugins to match the same command
put in the Makefile.nmake files for Windows compliations. Fix
a few warnings when compiling under gcc 3.4.4 on FreeBSD. Create
new automake file variable called USING_GCC in configure.in and
wiretap/configure.in to acomplish the above -Werror addition.
svn path=/trunk/; revision=21127
and there are no formats in which the file can be saved by some means
other than copying the raw data; "Save As" isn't a very useful function
in that case, and that prevents us from having an empty list of formats
in which the file can be saved.
svn path=/trunk/; revision=21032
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
allocate and release the dfcode program as needed instead of having it hang around in the capture file structure.
this will ensure that dfcode will not have longer than se scope lifetime in case we need that property of it later
svn path=/trunk/; revision=20251
As this was a huge internal change, new bugs are very probable - please report.
The implementation isn't still perfect, a new dialog internal list could possibly be removed again.
However, I want to check in at this condition, just in case I make things worse - again.
svn path=/trunk/; revision=19413
file.c
time reference menu callback doesn't set cf->filter, it dumps a core if
you have a file big enough in find next/ find prev.
addr_resolv.c
leak memory, break list chain when snooping address.
svn path=/trunk/; revision=17419
no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
button"; "Stop" should be used for operations that can only be stopped
(meaning that what it's already done isn't undone), not cancelled
(meaning that whatever it's already done *is* undone), for which
"Cancel" is used.
Allow the merging process to be cancelled.
Clean up indentation.
Update some comments.
svn path=/trunk/; revision=16489
Anyone having objections to idea of stopping the load of a capture file
i.s.o. cancelling it? I'm refering to WishList Data I/O item #6.
It seems a very reasonable idea and easy to implement.
I've done some extensions:
-Improve the corresponding comment on the implications why this is useful
-added a new simple_dialog text to explain what's really going on (simply using the WTAP truncated packet message was a bit misleading)
svn path=/trunk/; revision=16441
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
Rename some variables to make the names used in progress bars more
common. (Should more of that functionality be moved into common
progress bar code?)
svn path=/trunk/; revision=16347
rather than checking only on every progress bar update quantum, so that
if the update quantum is *very* large, we don't end up waiting longer
than the standard time for a dialog box before checking.
svn path=/trunk/; revision=16327
add a g_warning() call if an error occured while reading from capture file (while doing a live update), usually shouldn't happen but is difficult to debug *if* it happens
add a new log domain LOG_DOMAIN_MAIN and the standard log handler for it
add some (partly commented out) g_log() calls, useful for GUI sequence debugging
svn path=/trunk/; revision=16136
cf_cb_file_closing (called before closing a capture file) cf_cb_file_closed will be called afterwards, but both only if a file is really closed as cf_close is called more often ...
If we are closing large capture files (~20MB), the screen looks ugly while the file is closed. Change this so the screen will immediately go back to initial state and a dialog (without buttons) is shown that the file is currently closed. As the operation which takes most of the time to close the file is a single eth_clist_clear call, we can't use a progress bar here.
cf_cb_live_capture_stopping: called when the user wants to stop the capture (toolbar or menu clicked). At least on Win32, the time between this and the actual stop completed can be noticeable (1-2 seconds), so the user doesn't know if the button press did anything at all. Do something similar as above, show a dialog box without buttons to inform that the close is in progress.
svn path=/trunk/; revision=15891
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
generate columns; use cf_retap_packets instead of cf_redissect_packets()
when running taps (the general flow graph stat uses the Info column).
svn path=/trunk/; revision=15793
"unknown" for frame numbers. Note that in epan/frame_data.h, and make
the frame number in experts unsigned, and use 0 for "unknown", and
display it as an unsigned number - and, if it's 0, don't display it at
all.
Fix the signature of "expert_dlg_draw()" to match what a tap's draw
routine's signature is expected to be.
svn path=/trunk/; revision=15760
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
filter as an argument on the command line and have a dialog box to enter
the display filter through the GUI. Use it for all stats using
"gtk_tap_dfilter_dlg_cb()".
Add a top-level "stat_menu.h" file to declare "REGISTER_STAT_GROUP_E"
for the benefit of the declaration of "register_dfilter_stat()" in the
top-level "tap_dfilter_dlg.h". Rename the "stat_menu.h" in the gtk
directory to "gtk_stat_menu.h", so as not to have two headers with the
same name.
Get rid of headers not declaring any functions not being used in the
module.
svn path=/trunk/; revision=15493
(so if the file's gzipped, it's *NOT* the size of the file after
uncompressing), and an approximation of the amount of that data read
sequentially so far.
Use those for various progress bars and the like.
Make the fstat() in the Ascend trace reader directly use wth->fd, as
it's inside Wiretap; that gets rid of the last caller of wtap_fd() (as
we're no longer directly using fstat() or lseek() in Ethereal), so get
rid of wtap_fd().
svn path=/trunk/; revision=15437
data, so that "f_len" still keeps the size of the underlying file (which
is necessary in order to make the progress bar when files are being read
work correctly).
svn path=/trunk/; revision=15415
name of the file being loaded to "delayed_create_progress_dlg()". Get
rid of the pointless "g_strdup_printf()" call (which amounted to a
more-expensive "g_strdup()", and the variables it used.
svn path=/trunk/; revision=15248
-show the current capture file size, if capturing in real time mode.
-move the packet "Drops" count (if available) from file to packets statusbar part
svn path=/trunk/; revision=14130
If this is used together with an option where input files changes too fast (e.g. new file every second), capturing will be (hopefully) stopped.
I've replaced the former capture pipe message format into a somewhat more general format to remove a lot of confusion.
svn path=/trunk/; revision=14054
most notably:
- moved opening of safe_file to the capture child (capture_loop.c)
- removed save_file_fd from capture_opts (no longer need to have it global)
svn path=/trunk/; revision=13953
structures allocated by a dissection. Currently, it's the same as
"init_dissection()", but they should be split with "init_dissection()"
allocating the initial data structures and "cleanup_dissection()"
freeing them and *not* reallocating the initial data structures.
Use "cleanup_dissection()" in "cf_close()" to make it easier to find leaks.
svn path=/trunk/; revision=13881
This is currently still disabled, as we cannot pass all required capture flags to the child process (lack of command line parameters).
svn path=/trunk/; revision=13558
file name argument; if the pointed-to pointer is null, it opens a
temporary file, and sets that pointer to a mallocated copy of the
pathname of the temporary file. It no longer needs a file descriptor as
an argument.
svn path=/trunk/; revision=13419
so if "wtap_dump_fdopen()" succeeds (as a side-effect of calling
"wtap_dump_close()"), even if "cf_merge_fails()" after that, so it
should do so if it fails.
That means we don't need to close it in the callers of "cf_merge_files()".
svn path=/trunk/; revision=13407
object code for libethereal.dll isn't generated by the
makefile in /trunk.
Having no code in /trunk linked into libethereal.dll
anymore, the definition of the macro _NEED_VAR_IMPORT_
can be moved from various source files in /trunk to /trunk/Makefile.nmake .
So do that, too.
svn path=/trunk/; revision=13389
to the "start live capture" callback, and call that from "do_capture()".
When opening a capture file, don't pop up the "What do you want to do?"
pane when closing any existing file you have open, as we're just going
to put the regular view up right after that.
svn path=/trunk/; revision=13332
Mark the "func" argument to "cf_callback_remove()" as unused.
Get rid of the "iface" argument to "cf_start_tail()", as it's no longer
used.
svn path=/trunk/; revision=13331
I've implemented a very simple callback mechanism which provides exactly this. I've tried GHook from GLib before, but this doesn't seem to be the right thing, as it's too inflexible for the purpose here.
So I've implemented a callback function in main.c which receives all "events" and spreads them to menu, statusbar and itself.
I would see this implementation as a prototype which may need improvements. Please comment the changes.
svn path=/trunk/; revision=13330
"main_set_for_capture_file()"; it should only deal with menus, not
anything else - and it gets called while the menus are being set up,
which is before the main window has been completely created, so
"main_widgets_show_or_hide()", which is called by
"main_set_for_capture_file()", gets errors trying to show or hide
widgets the pointers to which are null.
svn path=/trunk/; revision=13328
move another two capture related fields (iface and cfilter) from cfile to capture_opts
also move the handling of capture related command line options from main.c to capture.c, that way a future privilege seperated capture program can use the same code to parse it's command line than Ethereal.
It might be even possible to share this parser code even with Tethereal, didn't took a closer look at this.
svn path=/trunk/; revision=13320
cf_ functions, have separate ones for different classes of routines, and
use gboolean when the return value is just "success" or "failure" - that
way you don't get compiler warnings if a case statement isn't handling a
particular status value if the routine in question won't return it.
svn path=/trunk/; revision=13293
This includes: all functions in file.h now have a cf_ prefix, will have doxygen tags, will have the capture_file *cf as the first parameter and I tried to generalize the return values for non trivial functions.
Hopefully, I didn't introduced any new bugs, as I had to change a lot of files...
svn path=/trunk/; revision=13289
don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c
move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it
svn path=/trunk/; revision=13276
one.
"get_basename()" doesn't modify its argument, and its callers don't
modify the substring pointed to by the result, so make it take a "const
char *" as an argument and return a "const char *".
"find_last_pathname_separator()" doesn't modify its argument, so make it
a "const char *" - but some of its callers pass a non-"const" "char *"
and modify the result, so don't make its return value a "const char *".
And, as none of its callers are outside "filesystem.c", make it static.
In "about_folders_page_new()", have separate variables for pathnames
returned as "const char *" (which are cached by the routine that returns
them, so you can't modify them - and can't free them, so get rid of the
commented-out "g_free()" calls for them) and pathnames returned as "char
*" (which are allocated anew for each call, and can be modified, but
have to be freed).
Clean up white space.
svn path=/trunk/; revision=12881
that return the next packet from a set of {chronologically sorted,
sequential-by-file} packets; it doesn't need to have a loop over all
those packets, or any code to write packets.
Supply those abstractions, change the code that merges packets to do its
own writing, and have the Ethereal version manage a progress bar and
have the mergecap version print packet numbers in verbose mode, as the
common merge code used to do.
svn path=/trunk/; revision=12427
indication - success, read failure, write failure - and have their
callers handle read failures by looking for the file that got the read
failure and reporting the failure in question.
Free up the err_info string returned by "wtap_read()" after using it.
svn path=/trunk/; revision=12423
mergecap.c (get rid of the verbose printing of information for each
packet).
Have "merge_append_files()" return FALSE only on a write error, as
"merge_files()" does.
Sort the routines in "merge.c" in the order from "merge.h".
svn path=/trunk/; revision=12422
and use that information to provide better error messages.
Have "merge_open_outfile()" do all the work of filling in the
merge_out_file_t structure, with the values to use passed as arguments.
Get rid of some structure members that used to be used solely to pass
information to "merge_open_outfile()".
Add a "cf_merge_files()" routine to do the merging and reporting of errors.
svn path=/trunk/; revision=12420
really more of an Ethereal/Tethereal component than a libethereal
component (nothing else in libethereal knows about capture files); move
it back out of libethereal. (The range stuff doesn't; we leave it in
libethereal.)
svn path=/trunk/; revision=11898
they should ultimately be split into files with routines that handle
ranges, which are just subsets of [0,2^32), and packet ranges, which are
subsets of the packet list, possibly specified by a range.
Move them into epan, so they can be used by, for example, utilities that
handle ranges, such editcap.
svn path=/trunk/; revision=11890
already been marked and have unmark_frame() do likewise. Don't mess
with the marked frame count in mark_all_frames().
Be a little more paranoid about the marked frame count in other places.
svn path=/trunk/; revision=11775
"print_ok_cb()", and have "print_packets()" just work on a
"print_stream_t" handed to it, so that different platforms can open the
printer/print file in different ways (opening the file is probably not
going to be platform-dependent, but opening the printer will be).
svn path=/trunk/; revision=11544
a structure containing a pointer to print operations for that object and
a pointer to the private subclass-dependent data for that object, with
subclasses for text and PostScript, and use those rather than the old
scheme where a print format was passed as an argument - or where (as in
the case of printing summary information in Tethereal) we just printed
as text even if "-T ps" was selected.
Check whether those routines succeed or get an I/O error writing output.
Clean up indentation.
svn path=/trunk/; revision=11514
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
the "text vs. PostScript" choice. The "text vs. PostScript" choice
should probably ultimately be done with a generic set of print methods,
to handle various platform-native print mechanisms more cleanly (and
perhaps the dialog box code for "export as {PDML,PSML}" should be
separate from the "export as text"/"print" dialog).
svn path=/trunk/; revision=11342
is per-packet and the packet has an encapsulation type we don't know
about, so handle it on reads as well as errors - show an error message
noting that we had a packet with a network type we don't know about, and
show the extra info returned for that error giving details.
It shouldn't return WTAP_ERR_UNSUPPORTED, however, so just give the
"wtap_strerror()" error for that case.
svn path=/trunk/; revision=11340
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
when using GTK2 code for rendering the error. In order to correctly
render the error message, it must be XML escaped.
TODO: track down the remaining places where this XML escaping is
required, and fix it there too (not sure if they exist though).
svn path=/trunk/; revision=10764
-ps: added formatting hints for ghostscript, so pdf conversion will be much better
-ps: print a thin line at the top and bottom of each page
-ps/text: add an option to start a new page for every packet (formfeed)
svn path=/trunk/; revision=10660
print the header before each summary line, and print a blank line
separating the summary line and the remaining information.
svn path=/trunk/; revision=10614
with "string" rather than "ascii", to make it clearer what they're
involved with.
Use "gtk_toggle_button_set_active()", not
"gtk_toggle_button_set_state()" (the latter is a deprecated alias for
the former, probably dating back to GTK+ 1.0[.x] - 1.2[.x] and later
have "gtk_toggle_button_set_active()").
Do *NOT* change the radio buttons for the type of string search to do
based on whether we're doing a string search or not - doing so means we
don't correctly remember the type of string search.
Get rid of code to fetch some values that we don't subsequently use.
svn path=/trunk/; revision=10609
put the definition of it back under HAVE_LIBPCAP and don't add an extra
declaration in "file.h", as there's no longer code that needs to refer
to it if HAVE_LIBPCAP isn't defined.
svn path=/trunk/; revision=10350
I don't know whether this is the optimal patch, but it does the job.
file.h: extern declaration of auto_scroll_live
file.c: always declare auto_scroll_live
svn path=/trunk/; revision=10347
"main_filter_packets()", to force the filtering to be done even if the
filter is the same as the current one; this is necessary in order to
make sure "Follow TCP Stream" gets the packets processed even if you're
filtering the stream that's currently filtered in.
svn path=/trunk/; revision=10209
read errors; there are separate implementations for Ethereal (pops up an
alert box) and Tethereal (prints an error message).
Use those routines in the ASN.1 dissector.
svn path=/trunk/; revision=10152
"cf_XXX_failure_alert_box()" routines that put the alert box up, and
directly call the "alert_box.h" routines for OS errors.
svn path=/trunk/; revision=10028
attempt to write to a file (or close a file opened for writing).
Get rid of no-longer-needed #includes of <epan/filesystem.h>.
svn path=/trunk/; revision=10027
filter expressions; use that in a number of places, so we use the same
alert box. (More work is needed to figure out the right way to handle
some other "dfilter_compile()" failures.)
Use the error message from the display filter as the primary error, as
that's the message that tells you what the underlying problem is. (The
GNOME HIG says "In most situations the user should only need the primary
text to make a quick decision", so the primary text should tell you
what's wrong with the filter, not just that it's invalid. If there are
messages from the display filter code that don't give enough
information, or are a bit cryptic, such as "Unexpected end of filter
string," those should be fixed in the display filter code.)
Improve the error used if an empty filter is used for "find frame".
svn path=/trunk/; revision=10025
"simple_dialog()"; NULL might be #defined to be a pointer expression on
some platforms, causing compiler warnings (and, on platforms where a
null pointer doesn't have all its bits 0, possibly causing misbehavior,
although I don't think there are any such platforms on which Ethereal
runs).
Don't allow 0 as button mask argument to "simple_dialog()".
Squelch a compiler warning.
Report fatal problems as errors, not warnings.
Report file I/O errors with "file_open_error_message()".
Report file write errors (including those reported by "close()", e.g.
some errors writing to an NFS server) when saving raw packet data to a
file.
svn path=/trunk/; revision=9915
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
"capture_file" structure. Keep it locally, instead.
Check for errors when printing packets.
Report failure to open a print destination and failure to write to a
print destination differently.
Don't have the "print preamble" and "print final" routines return
success/failure indications - revert to the old scheme where they
didn't, and have the callers use "ferror()" to check for errors.
Report write errors when printing dissections in Tethereal.
Report print errors as errors, not warnings.
svn path=/trunk/; revision=9828
"file_close_error_message()" - but just use "file_write_error_message()"
for UNIX-style errors, under the assumption that a close will only fail
because a buffer-flushing write fails or because "close()" itself fails
when, for example, pushing unsynced NFS client-side writes out over the
wire.
Make several routines in "print.c" return success/failure indications.
Check for write errors when printing "Follow TCP Stream" stuff or saving
it to a file.
svn path=/trunk/; revision=9825
"cf_write_error_message()"/"file_write_error_message()".
Use "file_open_error_message()" instead of "cf_open_error_message()" in
some places we missed in the previous checkin.
Catch ENOSPC and EDQUOT in "file_open_error_message()".
Use "file_open_error_message()" rather than "file_write_error_message()"
to report errors when creating the file to which we're saving the
"Follow TCP Stream" data.
svn path=/trunk/; revision=9823
translate UNIX errno values to a somewhat friendly message format
string.
Rename "file_open_error_message()" in "file.c" to
"cf_open_error_message()", make "cf_open_error_message()" use the new
"file_open_error_message()" for UNIX errno values, have "do_capture()"
in "capture.c" use "file_open_error_message()" to report errors from
"open()", and make "cf_open_error_message()" static as nothing outside
"file.c" uses it.
Do similar stuff in "tethereal.c".
svn path=/trunk/; revision=9821
As this will always be a Cancel of a running operation, this parameter was removed.
This makes us also able to use a stock button for this.
svn path=/trunk/; revision=9774
b.) added new feature "Edit->Go To First Packet" "Edit->Go To Last Packet" with corresponding menu and toolbar items
c.) added new feature "View->Zoom In" / "View->Zoom Out" / View->Normal Size" with corresponding menu and toolbar items
This feature will act as a "size offset" to the current fontsize, so that the packet list/tree view/... will have a larger/smaller font size.
The value is stored inside the recent file.
d.) Win32 only: Try to get the win32 system font and fontsize at program startup and show the menus/dialogs and such with the same font and fontsize like other win32 windows.
This makes the program make a *lot* more feel like a normal win32 program.
svn path=/trunk/; revision=9753
them and running all taps on them, but not reconstructing the packet
list. Use that in the IO-stat tap rather than "redissect_packet()"; the
latter does more work and redraws the display, neither of which are
necessary.
Call the filter callback when the Calc field is changed, to redraw the
graphs; that change also fixes things so that it's called when the
Filter field is changed.
Rename the "filter_button" member of an io_stat_graph_t to
"filter_field", as it's not the "Filter:" button, it's the text field
containing the filter expression.
svn path=/trunk/; revision=9659
packets in a loop; it handles reading the packet from the capture file,
creating and updating the progress bar, handling the stop button,
and handling range specifications.
Use that for printing and saving packets. (There might be other loops
that should use it as well.)
svn path=/trunk/; revision=9620
filter's colors" bug, by storing the pointer to the matching color_filter_t
structure in the frame_data structure.
Replace "frame" and "frames" by "packet" and "packets" in many places.
svn path=/trunk/; revision=9607
use the common display filter dialog infrastructure in the MGCP
service response time tap;
add common infrastructure for updating the titles of tap dialogs
when the capture file name changes.
svn path=/trunk/; revision=9366
"opened capture files" and "display filter used",
the settings will be saved in the file "recent" in the users config path
svn path=/trunk/; revision=9275
captures, as it has to compute the width of an auto-resizing column in
every row. Just pick fixed widths for the columns (and tune the width
of the "Protocol" column so that it's not narrower than the column
title).
svn path=/trunk/; revision=9219
pointers to the first *and* last child, in the "proto_node" structure
itself. That saves us one level of indirection and memory allocation,
and lets us append to a tree by appending to the last child directly,
rather than having to scan through the list of siblings of the first
child to find the end of that list.
svn path=/trunk/; revision=9171
last columns, if any, with that format, and use that to speed up
processing of columns with a particular format and checking whether
we're displaying a column with a particular format.
svn path=/trunk/; revision=9147
This makes the CulmulativeBytes field make more sense since if we want
something to be a TimeReference frame it is likely that we also want to
measure BOTH time and number of bytes (==culmulative bytes) until the event we are looking at.
svn path=/trunk/; revision=8956
return "<no file>" if there is no file loaded yet instead of crashing in io-stat
io-stat only print the label for the top tick on the y axis to make it look less cluttered
svn path=/trunk/; revision=8781
"set_menus_for_selected_packet()" and
"set_menus_for_selected_tree_row()", and have them decide whether to
enable or disable menu items based on whether that structure indicates
that a packet or field is selected and, if one is, on its properties.
Pass to the "selected packet enabled" routine for a menu item the
"frame_data" and "edt" members of the "capture_file" structure, and pass
to the "selected tree row enabled" routine the "field_info" member of
that structure.
Clear "cf->current_frame" if no packet is selected.
svn path=/trunk/; revision=8525
don't have to worry about the file name being null when
"cf_get_display_name()" is called. (It should never be called before we
have a capture file open; if it is, that's a bug.)
svn path=/trunk/; revision=8482
capture temporary files, it's "<capture", and for saved capture files,
it's the last component of the pathname of the file. Use that in
various places when displaying the file name.
svn path=/trunk/; revision=8474
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
svn path=/trunk/; revision=8459
the option to print only marked packets similarly, rather than as
"Suppress unmarked packets" (for consistency, and because the latter
isn't unlike a double negative).
svn path=/trunk/; revision=8451
Only calculate culmulative bytes on those packets that are actually displayed in the packet pane.
When a display filter is applied, culmulative bytes should only be calculated on thoise packets that are actually displayed.
svn path=/trunk/; revision=8418
Ethereal presents a column to display culmulative bytes into the capture.
A new column type is added : Culmulative Bytes.
While PacketLength column type specifies the number of bytes in the current packet,
Culmulative Bytes specifies the culmulative number of bytes from the start of the capture.
svn path=/trunk/; revision=8359
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306