no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
go to the standard output (as is the case for some such messages,
including the "child is sending an error message to the parent" message,
which shows up if we fail to exec dumpcap). *Anything* other than an
official capture-child message written to the standard output by the
capture child confuses the heck out of the parent, and can cause it to
think the child closed the pipe (resulting, in the case described in the
previous parenthetical note, in no dialog box being displayed for
dumpcap not being executed).
svn path=/trunk/; revision=17274
file, strip off the last component to get the pathname of the directory
containing the executable file, and save it for future use. On Windows,
you can get that from the OS, but, on UN*X, you have to look at argv[0]
and derive the absolute path from that (argv[0] is not guaranteed to be
an absolute path, or even a path at all). (In addition, if you're
running from the build directory, you might have to strip off a ".libs/"
added to argv[0] as an artifact of the libtoolizing script.)
Use that in the About dialog, and use it to construct the path of
dumpcap.
Don't put quotes into the path of dumpcap; you don't have to quote
strings with spaces in them when handing them to execvp and, in fact,
you *mustn't* quote them, as the quotes will be treated as part of the
pathname.
svn path=/trunk/; revision=17267
squelch compiler warnings. Tag one existing such argument as unused to
squelch another warning.
Fix up some indentation.
svn path=/trunk/; revision=17261
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
the logic, making it easier to get it right (fewer interactions between
components of the dialog - the file type doesn't affect whether we can
save some but not all packets). It also means we don't offer a file
type for saving, only to take it away if you choose anything other than
saving all packets.
If the capture file is a temporary file from a capture done in the
current Ethereal session, it's libpcap format, which we can write to, so
you would be able to save it.
If it's a saved file we read in, saving the file in its entirety in its
own format is just copying the file, and it's not clear supporting that
adds enough useful functionality to justify the extra complication.
Fix "range_update_dynamics()" to update all the rows of the range
button/count table properly (make the button active iff there's
a non-zero count in the currently-selected column, make a count active
iff the column is selected), to select the "Captured" column if the
count of displayed packets goes to zero, and to select the "Save all
packets" row if the count of packets in the currently-selected row and
column goes to zero. (XXX - we should perhaps do that with the
"user-defined range" counts as well, which would involve updating the
counts on every change to the range field.)
svn path=/trunk/; revision=17251
This way we ensure that errors are displayed during protocol registration.
Use g_error instead of g_warning, if not allowed characters are used in display filter names for protocols. Extend the error message in this case.
svn path=/trunk/; revision=17248
To avoid this, the log handler in the error case:
- opens a console window (regardless of the users settings)
- waits for a keypress before continuing to terminate the program
This way, the user will be notified that there's a problem, instead of simply seeing a terminating program only.
svn path=/trunk/; revision=17236
the attached patch clean a bit the ssl decryption related code, removing
a macro I used when the code was still for an external plugin.
svn path=/trunk/; revision=17217
>There is still an issue into the HAVE_LIBGNUTLS macro definition. I'm
>fixing it and cleaning a bit the windows side configuration. I hope to
>post soon the fix.
The attached patch should fix the issue. I missed to modify the
config.win32 file and I misstyped a few macros name.
svn path=/trunk/; revision=17200
GTK_WRAP_WORD_CHAR does not exist in old versions of GTK2+
(2.2.1 and earlier). The following patch should make it
compile again (solution borrowed from GAIM).
svn path=/trunk/; revision=17199
the attached patch set correctly the title of the 'Follow SSL stream'
dialog, to fix one issue reported by Nail Devis.
Unfortunaly there isn't an easy way to enable the 'Follow SSL stream'
dialog only for ssl session without knowing the value of proto_ssl (the
ssl protocol id), because the ssl dissector can run on user specified
ports (configured via preferences)
svn path=/trunk/; revision=17187
* add a set_close_cllback function to the textwindow mini-api to set a callback to be called when the window gets closed.
* fix few issues regarding the closing of the window
svn path=/trunk/; revision=17165
- remove the field_menu altoghether (It was not what I thought)
- move a declaration to the start of a function to allow VC6 to compile
svn path=/trunk/; revision=17161
I have developed an external plugin to enable ssl decryption in
ethereal.
Me
- Remove unnecessary $Id$ from acinclude.m4
- Added packet-ssl-utils.h to Makefile.common
- Fixed a few warnings
TODO
- Lots of warning fixes (see separate mail)
- Reformat function headers to read like the others do
(return value<newline>function-name...)
- Test on Windows platform
- Review the patch to packet-ssl.c and new files packet-ssl-utils.[hc]
svn path=/trunk/; revision=17156
epan/dissectors/ncp2222.py - Fixes the NCP group values for all NCP's. Also fixes some additional return values and cleanup.
gtk/ncp_stat.c - Fixes the NCP group values for SRT.
gtk/service_response_time_table.c:
The SRT is broken if you hit the reload button or apply a filter. The table isn't cleared so each item in the list is duplicated and the second entries remain with initial values. This patch clears the GTK_CLIST so that the redundant entries no longer appear.
svn path=/trunk/; revision=17139
simply ignore the length returned in that cases
this way, we may "print" buggy data, but that's what the driver returned ...
svn path=/trunk/; revision=17066
I very often forget to stop a running capture, so Ethereal keeps capturing packets on and on, leaving me with a lot of unrequired packets.
On the other hand (because of the above) I often maximize Ethereal just to see that it's really not capturing any longer.
Looking at the window title isn't of much help, as this title changes with every capture file name loaded, so there's no title which can be easily remembered.
We probably might use this icon mechanism as well, when Ethereal loads a (huge) file, so the user get's a more visual feedback when the capture loading is finished (and probably for other potential "lengthy" tasks as well).
svn path=/trunk/; revision=17042
Find attached a couple of changes for t38:
- Use the dissector to reassemble t30 frames
- Dissect t30 protocol
- Move the "Fax t38 analysis" to the "VoIP Calls". Now when selecting
"Statistics"->"Fax t38 analysis" option, there is a message that
redirect the user to use the "Voip calls" instead. We may keep this
option for one release, and then remove it ?
- Added in the "Voip calls" the ability to detect a t38 call if there
are not signaling associated with it. For example, when using "Decode
as.." to dissect t38 packets, it is possible to use the "Voip calls" to analyze that call.
- Display "SDP (t38)" in the "Voip calls graph" for SDP t38 sessions.
Regards
Alejandro Vaquero
svn path=/trunk/; revision=17033
Win32: convert filenames coming in from command line parameters from locale (current code page) into utf8 encoding
This must also be done for the other command line tools like tethereal, editcap and alike ...
svn path=/trunk/; revision=17025
Here is a patch that:
- Replaces the arrow labels by the beginning of the COLINFO column if available (usually containing message names/types).
- Change the comment area to be "protocol: colinfo_content"
From Anders
Added ID tag
Camel
Use col_set_str to remove TCAP info in col_info
svn path=/trunk/; revision=16975
Browsing through the wishlist I came across this old one by Steve Brown:
------8<------
The GTK1 UI wordwraps assembled TCP streams, the GTK2 UI doesn't, but
should also. Not wrapping makes reading any protocol that lacks linebreaks
virtually impossible (XML, etc.) as it all ends up on one line. I'm tired
of having to install the GTK1 UI :P
------8<------
It seems like a simple request. The oneliner patch implements this wish.
Maybe someone feels the need to make it a preference or selectable.
svn path=/trunk/; revision=16939
set the read filter dialog modal and transient to the parent window if requested. This way, it will receive input signals (solving problems with GTK2's gtk_file_chooser).
To do this, add another construct_args flag, so it will be modal only if really needed ...
svn path=/trunk/; revision=16926
"error_t" is defined elsewhere on at least some versions of Fedora Core,
so it collides with our usage; use "expert_comp_dlg_t" instead.
svn path=/trunk/; revision=16889
After investigating the time-sequence graphs (Stevens and tcptrace) produced
using an FTP capture file supplied by Eduardo Segura
(see http://www.ethereal.com/lists/ethereal-users/200512/msg00153.html )
I've identified several problems in tcp_trace.c.
The problems mostly involve incorrect determination of the lower/upper
sequence number bounds (for the Y axis) in certain cases (e.g. having to do
with 'partial' conversations).
I've reworked the '...get_bounds' code to handle cases such as:
1. out of order data segments (e.g.: the first segment in a captured
conversation has a higher sequence number than a later segment);
2. 'ack' sequence numbers for initial ack segments in a conversation lower
than the sequence numbers of the initial data segments;
3. maximum 'ack + win' sequence number in a conversation greater than the
max data sequence number;
4. Stevens graph: only use data segment sequence numbers when
determining bounds;
5. TCP RST packet without 'ack' flag: do not try to use the 'ack' seq num from
the packet in this case. (This was the specific cause of the originally reported
problem).
I've also reworked the tcptrace display code slightly to properly handle
the initial ack packet of a sequence;
As an example of the some of the fixes the Ethereal tcptrace style graph
of the following conversation fragment will now be similar to the graph
produced by Tcptrace.
data: seq 10000 len 100
data: seq 10100 len 200
ack: ack 5000 win 6000
ack: ack 5400 win 5600
svn path=/trunk/; revision=16874
> here is a small patch for the flow graph feature. It allows
> to have SS7 nodes (network indicator/point codes) to be
> recognized as nodes in the graphs.
> The patch consists in using "pinfo->net_src" or
> "pinfo->net_dst" instead of "pinfo->src" or "pinfo->dst".
> I did some tests with other IP protocols and behavior was
> still the same as before. But I do not guaranty that it
> doesn't have some bad side effects for some protocols.
svn path=/trunk/; revision=16817
warnings.
Include "wiretap/libpcap.h" in "capture_loop.h", to get its declarations
of data structures for headers in libpcap files. This lets us remove
the includes of "wiretap/libpcap.h from files including
"capture_loop.h".
Make "log_func_ignore()" in "tethereal.c" static, and declare some of
its arguments unused. Also get rid of an unused variable.
Include <pcap.h> before including "wiretap/wtap-capture.h", to declare
"struct pcap_pkthdr".
svn path=/trunk/; revision=16791
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
Update the window title, right after the fixed capture finished. This might be required if the loading of the capture file afterwards just fails, leaving the title unchanged.
svn path=/trunk/; revision=16772
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
Well, we actually only need the filename here, so create a temp file with the "official" create_tempfile function, keep that tempfile name and then delete this file again, leaving only the name.
I know that's a bit uncommon, but should work and uses the same mechanisms as with other temporary files. So if there are still problems with the official function, we only have one place to fix :-)
svn path=/trunk/; revision=16597
necessary there.
Add a "cmdarg_err()" routine to report command-line option errors; it
creates a console if necessary, and prints the command name and the
trailing newline. Also add "cmdarg_err_cont()", which also creates a
console if necessary, and prints a trailing newline but no command name;
it's used to continue the message. Use those, rather than
"g_warning()", for errors.
That means that we no longer need to pass the command name to various
command-line argument parsing routines.
svn path=/trunk/; revision=16526
On Windows, show it using the same usage-message syntax as other
options.
Clean up the usage message.
When doing the "pre-scan" of command-line arguments, suppress error
messages - that suppresses bogus messages for GTK+ command-line flags,
and gets rid of double messages for other errors.
svn path=/trunk/; revision=16521
button"; "Stop" should be used for operations that can only be stopped
(meaning that what it's already done isn't undone), not cancelled
(meaning that whatever it's already done *is* undone), for which
"Cancel" is used.
Allow the merging process to be cancelled.
Clean up indentation.
Update some comments.
svn path=/trunk/; revision=16489
If we get a getopt() error in the pre-scanning, quit - don't do all the
GUI stuff and re-scan the arguments (and print the error message twice).
svn path=/trunk/; revision=16443
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
Rename some variables to make the names used in progress bars more
common. (Should more of that functionality be moved into common
progress bar code?)
svn path=/trunk/; revision=16347
like that of the Ethereal I/O stat tap. Improve error messages in both
taps.
Use nstime() routines and structure assignment to do operations on
nstime_t values.
svn path=/trunk/; revision=16346
rather than checking only on every progress bar update quantum, so that
if the update quantum is *very* large, we don't end up waiting longer
than the standard time for a dialog box before checking.
svn path=/trunk/; revision=16327
The localtime call will return NULL on invalid input which results in a NULL pointer exception. Simply print '?' if localtime returned NULL.
svn path=/trunk/; revision=16317
Guy Harris