of routines to enable and disable various sets of menu items; call only
those routines, not routines to enable or disable particular menu items,
from files in the top-level directory, as other UIs may not refer to
menu items with path strings of the sort used in GTK+, and as this
buries knowledge of the menu items available in "gtk/menu.c" rather than
requiring stuff outside of "gtk/menu.c" to know what menu items exist.
svn path=/trunk/; revision=1410
GTK_SELECTION_BROWSE mode - that mode apparently always arranges that
there is (in a non-empty GtkCList) one row selected, which means that
when the first row is added, it selects it.
Unfortunately, that causes a "select-row" signal to be emitted, which
causes "select_packet()" to be called - but we haven't yet set "fd->row"
for the frame we're adding, so "select_packet()" can't find the frame
for the row being selected, and it aborts.
This causes a core dump when the first packet arrives during an "Update
list of packets in real time" capture.
For now, we handle this by, if we don't find the frame with the given
row number, checking that there's exactly one frame in our list of
frames and, if so, saying that frame is the frame for which we're
looking.
svn path=/trunk/; revision=1409
I did this:
First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.
Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.
I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.
svn path=/trunk/; revision=1393
"file.c" to "packet.c"; it's not really related to file access (or to
manipulating the packet list as a whole, which much of the stuff in
"file.c" is really for), but is more related to analyzing packets, and
moving it to "packet.c" lets me build an experimental "line-mode" flavor
of Ethereal (based on Gilbert's "tethereal" experiment) - "line-mode"
means "like tcpdump or snoop" - without having to drag in "file.c" and a
pile of GUI stuff.
svn path=/trunk/; revision=1388
"Colorize Display" dialog box is created, and let it be destoryed when
that dialog box is destroyed.
When moving color filters up or down, update the (order of the elements
in the) list of color filters, as well as the CList that displays them.
If we have a "Colorize Display" dialog box open, and the user selects
"Display:Colorize Display", raise the existing window, rather than
creating a new window. (Alas, GTK+ doesn't have a call to request that
the window be given the input focus, so we can't do that as well.)
Fix up some names to be more consistent and to better reflect what the
variables/routines are for.
svn path=/trunk/; revision=1361
color filters check whether it's null to decide if there are any color
filters to apply.
Make "color_filter()" act on that list - there really aren't multiple
lists of color filters, there's only one list ("read_filters()" and
"write_filters()" acts only on one global list - and always has, as they
handled only one file).
svn path=/trunk/; revision=1359
into "gtk/ui_util.c", and move the declarations of those UI utilities
out of "util.h" into "ui_util.h". (The header file is in the top-level
directory, rather than the "gtk" directory, because it declares
window-system-independent interfaces to routines with
window-system-dependent implementations.)
Add to "gtk/ui_util.c" a routine to set the window and icon title.
Use that routine to make the title of an Ethereal top-level window be
{filename} - Ethereal
if there's a capture open, and have "{filename}" be "<capture>" if it's
a temporary capture file.
svn path=/trunk/; revision=1255
WTAP_ENCAP_PER_PACKET, if there's more than one type of packet in the
file, or could be WTAP_ENCAP_UNKNOWN, if the file is of a type that
doesn't put an encapsulation type in the file header, and it has no
packets), we just need to call "wtap_file_encap()" when we're done
reading the file.
svn path=/trunk/; revision=1205
*" as an argument, there's no need to save the file type string in a
"capture_file" structure - we save the file type, and can use that when
generating the summary display.
svn path=/trunk/; revision=1202
"wtap_file_type_string()" take, as its argument, a file type, rather
than a "wtap *".
Fix some range checks of file types to check against WTAP_NUM_FILE_TYPES
rather than WTAP_NUM_ENCAP_TYPES.
svn path=/trunk/; revision=1201
if a "File:Save" or "File:Save As" fails - the message box it pops up
when that happens tells you that, it didn't do so before the change to
add the ability to save only the packets currently being displayed, and
putting that message in the status bar hides the normal message telling
you what the current file is (and it's still the current file, if the
save failed).
svn path=/trunk/; revision=1171
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
"capture_file" - when handed a "capture_file *", it only cared about the
"colors" entry. The only time it cares about a "capture_file" is when
it's actually filtering the packets, as it needs to hand the
"capture_file *" to "colorize_packets()".
Make the stuff exported by "colors.c" in "colors.h" take "colfilter *"
arguments (or return a "colfilter *" to be stuffed into a
"capture_file").
svn path=/trunk/; revision=1162
"capture.c", along with the other code that deals with the sync pipe.
Close the sync pipe, and get rid of the temporary capture file, on
errors.
Split "tail_cap_file()" into routines to set up to read from the capture
file, to read a specified number of packets from it when told to do so
by the child process, and to read the rest of the capture file and
finish up the capture, to provide the code in "capture.c" the hooks it
needs.
Have a common routine to set the status bar to report the file name and
number of dropped packets, to use both when reading in a capture file in
its entirety all at once and when done with a "read it while the capture
is writing to it" live capture.
svn path=/trunk/; revision=1137
regardless of whether we were displaying it in real time or not; if we
were displaying it in real time, activate "File/Save", rather than
"File/Save As", when it finishes.
svn path=/trunk/; revision=1135
of SNA in a packet changes the character encoding from the default ASCII
to EBCDIC.
The hex-printing routines in the GUI code and in the printing code convert
to EBCDIC if appropriate.
svn path=/trunk/; revision=1089
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
svn path=/trunk/; revision=1070
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
svn path=/trunk/; revision=982
line of ISDN routers. Much like the ascend reader, this module reads an
ASCII hex dump of trace data.
Rearranged the order in which wiretap tries trace files, to keep the
ASCII-readers (ascend and toshiba) at the end, and put the binary-readers
(everything else) at the front of the list. If a telnet session of
and ascend trace or toshiba trace were captured near the beginning of
another trace, wiretap might think the trace was ascend or toshiba if it
tried that module first.
Fixed the way wtap_seek_read() selects functions to call. It was using
the encap type instead of the file type. We got lucky because
WTAP_ENCAP_ASCEND == WTAP_FILE_ASCEND
svn path=/trunk/; revision=952
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
return the pointer to the compiled filter through a pointer argument.
Have it check whether the filter is a null filter and, if so, free up
the filter and supply a filter pointer, rather than obliging its callers
to check whether the filter actually has any code. (Well, they may want
to check if the filter is null, so that they don't save a pointer to the
filter text, e.g. so that the display filter displays as "none" rather
than as a blank string in the summary box.)
In the process, fix the check in "gtk/file_dlg.c" that tests whether the
read filter compiled successfully.
svn path=/trunk/; revision=812
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
svn path=/trunk/; revision=803
Also added first pass of state keeping. I am using glib's hash
functions.
Modelled after packet-ncp.c.
We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...
I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.
svn path=/trunk/; revision=798
in the color selection wheel.
Added his patch to file.c to look for bogus frame_data pointers, but made
it a g_assert().
Modified my previous patch to colors.c to skip bad color display filters.
I skipped them, but they still appeared in the color dialogue. Now bad
filtes are not put into the color filter list, so they don't appear in
the color dialogue. As a [good] side-effect, the next time you save
your color filter list, the bad filters are removed from the colorfilters
file.
svn path=/trunk/; revision=768
exit, so that it doesn't hang around as an unreaped zombie until the
parent exits, and, if it stopped or terminated due to a signal, report
that in a message box.
svn path=/trunk/; revision=741
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).
If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.
Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".
svn path=/trunk/; revision=736
than the size of the reads we do, so that we have an extra byte at the
end into which we can stick a '\0' to guarantee null-termination of the
buffer.
When reading the capture file in "tail_cap_file()", use "file_open()"
rather than "fopen()", so that we work correctly if we're using "zlib"
to read capture files.
svn path=/trunk/; revision=707
Guy Harris