and the error message includes "Not enough storage is available
to process this command" or "The operation completed successfully",
suggest that the user install a WinPcap version later than 3.0 - this is
definitely a Frequently Asked Question on the Ethereal list.
svn path=/trunk/; revision=11143
"capture_pcap_cb()"; they're only done in live captures, and that
arranges that "process_packet()" gets called with the correct
wtap_dumper for the current file even if we switch to a new file.
Move the packet-count reporting out of "write_packet()" to
"capture_pcap_cb()" as well, as that's also only done in live captures.
That pretty much guts "write_packet()", so just move what's left up to
"process_packet()".
svn path=/trunk/; revision=11131
registered (not whether there are any tap *filters* registered).
Do dissection in Tethereal iff:
we're printing information about each packet;
we're using a read filter on the packets;
there are any tap listeners registered (even if there are no tap
filters registered - not all taps use filters).
svn path=/trunk/; revision=11040
and not writing to another capture file, for use with "-z" options.
Note that "-z proto" *doesn't* print statistics at the end - it modifies
the packet summary output.
Note that on at least some BSDs the "status" character is set to "off"
by default, so you have to set it explicitly in order to be able to ^T
an application such as Tethereal.
svn path=/trunk/; revision=11038
packet" and "print packet" callbacks into a common routine, so that we
don't count packets twice if we're counting and dissecting.
Print the packet count with ^T iff we're not updating a displayed packet
count as packets arrive, regardless of whether we're printing packet
information, saving packets to a file, or both (tcpdump prints it
regardless of whether it's printing packet information or saving packets
to a file).
svn path=/trunk/; revision=11037
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
-ps: added formatting hints for ghostscript, so pdf conversion will be much better
-ps: print a thin line at the top and bottom of each page
-ps/text: add an option to start a new page for every packet (formfeed)
svn path=/trunk/; revision=10660
errors to the user. Use that, rather than "g_warning()", in the
Diameter dissector to report errors reading the dictionary.
Make the format argument to "simple_dialog()" a "const" pointer.
Fix up the read-error message in Tethereal to end with a newline.
If a simple dialog is requested before the main window or the
capture-control window is popped up, queue it up and pop the queued
messages up once the main or capture-control window is displayed.
svn path=/trunk/; revision=10616
that dissectors should call to report file open and read errors, and
have "report_open_failure()" and "report_read_failure()" call through
those pointers, rather than being defined and exported by the
application using libethereal - instead, the application would define
those functions and pass pointers to them to 'epan_init()".
Move "report_err.h" to the epan directory, as the functions it declares
are now part of the libethereal API.
svn path=/trunk/; revision=10470
to create cvsversion.h before any "all" or "check" targets are built.
Clean up a few CVS version strings that I missed last week.
svn path=/trunk/; revision=10199
read errors; there are separate implementations for Ethereal (pops up an
alert box) and Tethereal (prints an error message).
Use those routines in the ASN.1 dissector.
svn path=/trunk/; revision=10152
be used to adjust version preferences. It understands two configuration
directives: "enable", which can be 0 or 1, and "format", which can be any
strftime()-compatible string, e.g. "V12-powered on %A %Y-%m-%d %H:%M:%S".
If no configuration file is present, the configuration defaults to
enable: 1
format: CVS %Y%m%d%H%M%S
svn path=/trunk/; revision=10139
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
"capture_file" structure. Keep it locally, instead.
Check for errors when printing packets.
Report failure to open a print destination and failure to write to a
print destination differently.
Don't have the "print preamble" and "print final" routines return
success/failure indications - revert to the old scheme where they
didn't, and have the callers use "ferror()" to check for errors.
Report write errors when printing dissections in Tethereal.
Report print errors as errors, not warnings.
svn path=/trunk/; revision=9828
translate UNIX errno values to a somewhat friendly message format
string.
Rename "file_open_error_message()" in "file.c" to
"cf_open_error_message()", make "cf_open_error_message()" use the new
"file_open_error_message()" for UNIX errno values, have "do_capture()"
in "capture.c" use "file_open_error_message()" to report errors from
"open()", and make "cf_open_error_message()" static as nothing outside
"file.c" uses it.
Do similar stuff in "tethereal.c".
svn path=/trunk/; revision=9821
menuitems under "View->Time Display Format".
renamed timestamp enum items e.g. from ABSOLUTE to TS_ABSOLUTE,
to prevent conflicting definitions with MSVC
svn path=/trunk/; revision=9729
DISSECTOR_SUPPORT_{SRC,OBJECTS}.
Add some additional files, required by dissectors, to those lists.
Extract the stuff to get version information strings for libraries and
the OS, which is *not* needed by dissectors, from "util.c", which
contains routines that *are* needed by dissectors, and put it into a
separate file.
Make "dftest" link only with the dissector support stuff, not with all
of the Ethereal common files.
svn path=/trunk/; revision=9645
libpcap than in tcpdump.org libpcap; it's been deprecated for that
reason. "pcap_open_dead()" has been in libpcap since 0.6, so only for
0.5[.x] will you have "pcap_compile_nopcap()" but not "pcap_open_dead()"
- for now, we use "pcap_open_dead()" rather than
"pcap_compile_nopcap()", and don't do the check for capture filters in
systems with libpcaps that lack "pcap_open_dead()".
svn path=/trunk/; revision=9341
Eventually, -Tps will not force -V, and will print summaries when -V is
not selected. However, work still has to be done there.
svn path=/trunk/; revision=9218
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
last columns, if any, with that format, and use that to speed up
processing of columns with a particular format and checking whether
we're displaying a column with a particular format.
svn path=/trunk/; revision=9147
expired *before* writing a packet, rather than *after* writing a packet,
so that if you get no packets for a sufficiently long period that the
timeout expires before you get a new packet, the new packet is in the
beginning of a new file (as you might get more packets right after that,
and want them to be in the new file, rather than have the first packet
at the end of one file and the rest of the packets in another file).
svn path=/trunk/; revision=8536
the option to print only marked packets similarly, rather than as
"Suppress unmarked packets" (for consistency, and because the latter
isn't unlike a double negative).
svn path=/trunk/; revision=8451
containing a pointer to an interface name and possibly a pointer to an
interface description (although that pointer might be null if no
description is available), rather than having the Windows version glue
together the name and description into a single string.
Supply for the Linux "any" device the same description that libpcap's
"pcap_findalldevs()" returns.
svn path=/trunk/; revision=8440
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
Ethereal presents a column to display culmulative bytes into the capture.
A new column type is added : Culmulative Bytes.
While PacketLength column type specifies the number of bytes in the current packet,
Culmulative Bytes specifies the culmulative number of bytes from the start of the capture.
svn path=/trunk/; revision=8359
a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
don't assume that a dissector handle has a protocol associated
with it (there's none for the "OSI network layer" dissector, for
example, as that dissector hands off to one of several protocols
based on the NLPID);
rename a few functions to have names that better explain what
they do;
have separate functions to show all the layer types (dissector
tables) and to show all the protocols supported for a layer
type, and have both of them take, as an argument, the standard
I/O stream to which they should write;
improve the parser for the "-d" option to give more information
on errors;
fix up some comments.
svn path=/trunk/; revision=7949
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
in all signal handlers that could modify it (i.e. by calling system
calls or worst standard C library functions).
Else the following code for instance is buggy if a signal arises between
the tests:
if (system_call() == -1) {
if (errno == Exxx) {
...
} else {
...
}
}
And MANY (open source or not) programs are broken that way ...
svn path=/trunk/; revision=7664
Support can be enabled at configure time by using "--with-adns=DIR".
If support is enabled, async queries happen whenever host name resolution
is enabled. Do we need a separate preference for async queries?
Currently, only IPv4 reverse queries are supported. I can add IPv4 forward
lookup support, but I don't have any way to test IPv6 queries.
svn path=/trunk/; revision=7640
registration routines, for taps with menu items (taps that can be run
from the "Tools->Statistics" menu), create the menu item for the tap.
"make-tapreg-dotc" constructs a "register_all_tap_menus()" function that
calls all the tap menu item registration routines it finds, and Ethereal
calls that routine after the main window has been constructed (so that
the main menu exists, as the menu items are added to it). (Tethereal
doesn't call it.)
Get rid of the "menu" and "menu_init" arguments to
"register_ethereal_tap"; the menu item is registered in the tap's menu
item registration routine, not in its main registration routine.
Have the RTP GUI tap register its menu item that way, rather than by
having it compiled into "gtk/menu.c". (We're not ready yet to have taps
whose menu items are under a submenu register themselves in that
fashion, as "register_tap_menu_item()" can't yet create submenus.)
svn path=/trunk/; revision=7540
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
Ethereal/Tethereal was linked into a common routine, and use that in
both Ethereal and Tethereal.
Add to that routine code to get OS version information.
svn path=/trunk/; revision=7320
message, to make the margins more even and to bring the second line
under 80 characters. (It's amazing how long Herman Hollerith's legacy
has lasted....)
svn path=/trunk/; revision=6835
Use _WIN32 rather than WIN32 throughout (both of them appear to work - I
don't know whether one is the "right" one to use and, if one is, which
one it is - and they're both used in Ethereal, but let's at least be
consistent within a given file).
Update the capture device open failure message on Windows not to say
Token Ring devices aren't supported - current versions of WinPcap do
support it, and the Ethereal message was updated, but the Tethereal one
wasn't.
Fix up the Tethereal code to match the Ethereal code a bit more, so that
we go to "error" on Windows if the capture device open fails, and so
that the code actually compiles on Windows. Fix up the indentation
while we're at it.
svn path=/trunk/; revision=6829
Fix up the documentation of the "-i" flag in the Ethereal man page to
note only that "netstat -i" and "ifconfig -a" *might* work, to
specifically note that not all UNIXes support the "-a" flag to
"ifconfig", and to note that pipe data must be in *standard* libpcap
format.
Document the support for pipes in the "-i" flag in Tethereal.
svn path=/trunk/; revision=6822
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
and generate the table of stuff to register from tap source files, so
Tethereal doesn't need to know what tap listeners exist.
Get rid of "tap-xxx.h" files, as they're now empty.
Add "tethereal-tap-register.c" to the .cvsignore file, as it's a new
generated file.
Update "Makefile.nmake" to generate "tethereal-tap-register.c".
Clean up "Makefile.am" and "Makefile.nmake" a bit.
svn path=/trunk/; revision=6525
building with an SNMP library.
If we have Net-SNMP, include <net-snmp/version.h>, not
<ucd-snmp/version.h>.
Don't include any of the SNMP headers unless HAVE_SOME_SNMP is defined.
Include <net-snmp/config_api.h> if we have Net-SNMP, to declare
"read_premib_configs()" and "read_configs()".
Supply the include directories for Net-SNMP in the Makefile.nmake for
GTK 1.2 and GTK 2.
svn path=/trunk/; revision=6493
Define HAVE_SOME_SNMP if either HAVE_UCD_SNMP or HAVE_NET_SNMP
is defined, and use HAVE_SOME_SNMP, rather than HAVE_UCD_SNMP,
in most places when testing whether we have an SNMP library or
not.
Be more selective when including Net-SNMP header files.
Fix up {gtk,gtk2}/main.c to do the same SNMP stuff that tethereal.c
does - including the MIB stuff that gtk/main.c was doing but gtk2/main.c
wasn't doing.
Fix the copyright date in gtk/main.c.
svn path=/trunk/; revision=6483
In gtk/main.c and tethereal.c set MIBDIRS to <get_program_path()>\snmp\mibs
so that we can drop the MIB files there, instead of the default c:\usr\...
path.
Add NET_SNMP_DIR to config.nmake and modify Makefile.nmake to adjust
CFLAGs, ethereal_LIBS and tethereal_LIBS accordingly.
Define HAVE_UCD_SNMP in config.h.win32.
I tested this by creating c:\program files\ethereal\snmp\mibs and
dropping in the MIB files that come with Net-SNMP. Ethereal resolved
system.sysDescr.0 to "iso.3.6.1.2.1.1.1.0" under Windows. Under Linux
it resolved to "SNMPv2-MIB::sysDescr.0".
Ethereal.nsi still needs to be updated.
A compiled version of the Net-SNMP library can be found at
http://www.ethereal.com/distribution/win32/development/
svn path=/trunk/; revision=6385
Update gtk and gtk2 versions of RPC_STAT to allow a filter string to be specified on both the command line as well as the GUI.
Update the documentation for ethereal to reflect this.
svn path=/trunk/; revision=6343
This makes it possible to generate any types of stats based on user defined subsets of the capture.
Try -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678
NFS rtt statistics for a specific file.
svn path=/trunk/; revision=6337
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
and some compile errors in Tethereal, when compiling without libpcap.
If libpcap is missing (whether that's detected at compile time or, as on
Windows, at run time), don't call any of the "capture_prefs" routines -
the routine to create the capture preferences page wasn't called, so the
other routines can try to refer to non-existent widgets and other items
and crash.
Get rid of the stub routines in "capture_prefs()" used when compiling
without libpcap, as they're no longer called.
svn path=/trunk/; revision=5888
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
the command-line options are processed, so that we don't crash if you've
set the "column.format" preference from the command line.
Fix a grammaro in a comment.
svn path=/trunk/; revision=5838
pass a non-zero count to "pcap_dispatch()" when possible;
fix the check after "test_for_fifo()";
if there's a maximum file size, we're definitely saving to a
file, so don't bother checking "ld.pdh", as it won't be null;
if writing to a FIFO, flush after "pcap_dispatch()" returns,
rather than after every packet, so we don't do as many writes to
the FIFO.
svn path=/trunk/; revision=5805
supported in Win32 applications; use the native Win32 mechanism for
catching ^C (and other events that would terminate a program running in
a console window).
That mechanism (and the signal mechanism in the MSVC++ C run-time) cause
the handler to be run in a separate thread, so it can't just do a
longjmp. Fortunately, WinPcap's packet-dispatch loop, unlike the
libpcap loop on some UNIX platforms, can be interrupted by ^C, so we
don't have to do the longjmp there - we can just set "ld.go" to FALSE to
terminate the capture loop.
svn path=/trunk/; revision=5776
names that are generated under Windows. Note in pcap-util.c that we
may want to separate interface device names and descriptions in the
future.
svn path=/trunk/; revision=5770
packets that we get from libpcap; if there's a read filter in effect,
only packets that pass the read filter get saved or printed, so that's
the number of packets that should be compared against the argument to
any "-c" flag, and the number that should be printed when we print
packet counts.
svn path=/trunk/; revision=5747
Use that in Tethereal rather than duplicating a pile of macros.
Get rid of the remaining uses of "stat()" in Tethereal - none of them
are necessary (they were just cut-and-pasted from Ethereal).
svn path=/trunk/; revision=5746
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
- Exit if an error is found in the options or arguments.
- In print_usage(), improve the visibility of any getopt() error
message by suppressing the version information when -h is not
specified, and by adding an empty line.
Ethereal:
- If the -k option is specified, use the interface in the preferences
file, if present.
- Prevent the user from specifying any hidden options which are used
internally in -S mode.
Tethereal:
- Fix a memory leak in the processing of the -f option.
- In print_usage(), change "capture file type" to "output file type",
which I think is clearer; move the -q flag from the non-libpcap case
to the libpcap case.
svn path=/trunk/; revision=5525
the argument is "fields", dump out a table of the fields, as we
currently do; if the argument is "protocols", dump out a table of the
protocols.
svn path=/trunk/; revision=5462
be eliminated (because the function is called through a pointer, and
other functions called through the same pointer *do* use the argument)
as unused.
svn path=/trunk/; revision=5050
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
svn path=/trunk/; revision=5005
Make the directory option to "--with-ucdsnmp" optional. Handle
"--with-ucdsnmp" similar to the way "--with-pcap" is handled.
Get rid of unnecessary #defines in "packet-cops.c".
Get rid of no-longer-necessary include of "dlfcn.h" in "packet-snmp.c".
svn path=/trunk/; revision=4930
Ethereal doesn't dissect SNMP if not linked with an SNMP library (and
*did* confuse at least one person into thinking that). Say "without
SNMP MIB support", instead, as you only lose the ability to read SNMP
MIBs and interpret OIDs and variable bindings according to those MIBs.
svn path=/trunk/; revision=4894
be initialized in gtk/follow_dlg.c
In gtk/follow_dlg.c, declare data_out_file as 'extern'.
In tethereal.c, no longer define 'data_out_file', as the storage
for it is now in follow.c.
svn path=/trunk/; revision=4830
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
"init_dissection()" which calls "epan_conversation_init()", does the
work that "init_all_protocols()" did, and then calls
"reassemble_init()", so that the standard sequence of dissection
initialization is done in one place, rather than having multiple places
call the same sequence of routines.
svn path=/trunk/; revision=4797
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
error message and quit if the user tries to use ring buffering with
another capture file format, and put a note about that in the Tethereal
man page.
svn path=/trunk/; revision=4615
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
Separate the preferences value for those flags and the name resolution
code's value into separate variables; this means that the resolution
code no longer depends on the preferences code, and may let us
eventually have the current setting and the preference setting differ
(so that a user can temporarily override the preference setting without
causing subsequent saves of the preferences to save the temporary
value).
Add routines to create various types of widgets for preferences, and to
fetch the values for "enumerated" preferences, and use them both in the
code to handle hardwired preference pages and table-driven preference
pages.
svn path=/trunk/; revision=4536
directly edit the capture preferences, rather than only being able to
set them implicitly from the values for the most recent capture.
Add a preferences item for the interface on which to capture.
Get rid of some unused variables.
svn path=/trunk/; revision=4510
"gboolean", as it's a Boolean value, and move it to the beginning of the
structure in Tethereal, as it is in Ethereal.
From Graeme Hewson:
Check for "pcap_dispatch()" returning -1, meaning an error
occurred; if it does, stop capturing, and report the error.
If we get a signal in tethereal, stop the capture with a
"longjmp()", rather than by clearning the "go" flag;
"pcap_dispatch()", on many platforms, keeps reading rather than
returning a captured packet count of 0 if the system call to
read packets returns -1 with an errno of EINTR, so the
"pcap_dispatch()" won't be broken out of if the signal handler
returns.
Fix a typo in an error message.
svn path=/trunk/; revision=4471
maximum size if there is no capture file; in fact, if you do, you get a
core dump. Skip the capture file size test if not capturing to a file.
svn path=/trunk/; revision=4434
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
obsolete; we silently ignore attempts to set those in a preferences
file, so that we don't spam the user with error messages caused by them
having saved preferences in an earlier release that contained those
preferences.
Make the Diameter and iSCSI dissectors register obsolete preferences.
Crash if some code tries to register a preferences module with a name
that contains something other than lower-case ASCII letters, numbers, or
underscores, or that has already been registered, or if some code tries
to register a preference with a name that contains something other than
lower-case ASCII letters, numbers, underscores, or periods, or that has
already been registered, so that we don't put code like that in a
release and have to shovel code into "prefs.c" to fix it up later. (The
problem with multiple modules or preferences with the same name should
be obvious; the problem with names with blanks, or upper-case letters,
or punctuation, is that they're a pain to type on the command line.)
svn path=/trunk/; revision=4148