Here is a patch that:
- Replaces the arrow labels by the beginning of the COLINFO column if available (usually containing message names/types).
- Change the comment area to be "protocol: colinfo_content"
From Anders
Added ID tag
Camel
Use col_set_str to remove TCAP info in col_info
svn path=/trunk/; revision=16975
Browsing through the wishlist I came across this old one by Steve Brown:
------8<------
The GTK1 UI wordwraps assembled TCP streams, the GTK2 UI doesn't, but
should also. Not wrapping makes reading any protocol that lacks linebreaks
virtually impossible (XML, etc.) as it all ends up on one line. I'm tired
of having to install the GTK1 UI :P
------8<------
It seems like a simple request. The oneliner patch implements this wish.
Maybe someone feels the need to make it a preference or selectable.
svn path=/trunk/; revision=16939
set the read filter dialog modal and transient to the parent window if requested. This way, it will receive input signals (solving problems with GTK2's gtk_file_chooser).
To do this, add another construct_args flag, so it will be modal only if really needed ...
svn path=/trunk/; revision=16926
"error_t" is defined elsewhere on at least some versions of Fedora Core,
so it collides with our usage; use "expert_comp_dlg_t" instead.
svn path=/trunk/; revision=16889
After investigating the time-sequence graphs (Stevens and tcptrace) produced
using an FTP capture file supplied by Eduardo Segura
(see http://www.ethereal.com/lists/ethereal-users/200512/msg00153.html )
I've identified several problems in tcp_trace.c.
The problems mostly involve incorrect determination of the lower/upper
sequence number bounds (for the Y axis) in certain cases (e.g. having to do
with 'partial' conversations).
I've reworked the '...get_bounds' code to handle cases such as:
1. out of order data segments (e.g.: the first segment in a captured
conversation has a higher sequence number than a later segment);
2. 'ack' sequence numbers for initial ack segments in a conversation lower
than the sequence numbers of the initial data segments;
3. maximum 'ack + win' sequence number in a conversation greater than the
max data sequence number;
4. Stevens graph: only use data segment sequence numbers when
determining bounds;
5. TCP RST packet without 'ack' flag: do not try to use the 'ack' seq num from
the packet in this case. (This was the specific cause of the originally reported
problem).
I've also reworked the tcptrace display code slightly to properly handle
the initial ack packet of a sequence;
As an example of the some of the fixes the Ethereal tcptrace style graph
of the following conversation fragment will now be similar to the graph
produced by Tcptrace.
data: seq 10000 len 100
data: seq 10100 len 200
ack: ack 5000 win 6000
ack: ack 5400 win 5600
svn path=/trunk/; revision=16874
> here is a small patch for the flow graph feature. It allows
> to have SS7 nodes (network indicator/point codes) to be
> recognized as nodes in the graphs.
> The patch consists in using "pinfo->net_src" or
> "pinfo->net_dst" instead of "pinfo->src" or "pinfo->dst".
> I did some tests with other IP protocols and behavior was
> still the same as before. But I do not guaranty that it
> doesn't have some bad side effects for some protocols.
svn path=/trunk/; revision=16817
warnings.
Include "wiretap/libpcap.h" in "capture_loop.h", to get its declarations
of data structures for headers in libpcap files. This lets us remove
the includes of "wiretap/libpcap.h from files including
"capture_loop.h".
Make "log_func_ignore()" in "tethereal.c" static, and declare some of
its arguments unused. Also get rid of an unused variable.
Include <pcap.h> before including "wiretap/wtap-capture.h", to declare
"struct pcap_pkthdr".
svn path=/trunk/; revision=16791
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
Update the window title, right after the fixed capture finished. This might be required if the loading of the capture file afterwards just fails, leaving the title unchanged.
svn path=/trunk/; revision=16772
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
Well, we actually only need the filename here, so create a temp file with the "official" create_tempfile function, keep that tempfile name and then delete this file again, leaving only the name.
I know that's a bit uncommon, but should work and uses the same mechanisms as with other temporary files. So if there are still problems with the official function, we only have one place to fix :-)
svn path=/trunk/; revision=16597
necessary there.
Add a "cmdarg_err()" routine to report command-line option errors; it
creates a console if necessary, and prints the command name and the
trailing newline. Also add "cmdarg_err_cont()", which also creates a
console if necessary, and prints a trailing newline but no command name;
it's used to continue the message. Use those, rather than
"g_warning()", for errors.
That means that we no longer need to pass the command name to various
command-line argument parsing routines.
svn path=/trunk/; revision=16526
On Windows, show it using the same usage-message syntax as other
options.
Clean up the usage message.
When doing the "pre-scan" of command-line arguments, suppress error
messages - that suppresses bogus messages for GTK+ command-line flags,
and gets rid of double messages for other errors.
svn path=/trunk/; revision=16521
button"; "Stop" should be used for operations that can only be stopped
(meaning that what it's already done isn't undone), not cancelled
(meaning that whatever it's already done *is* undone), for which
"Cancel" is used.
Allow the merging process to be cancelled.
Clean up indentation.
Update some comments.
svn path=/trunk/; revision=16489
If we get a getopt() error in the pre-scanning, quit - don't do all the
GUI stuff and re-scan the arguments (and print the error message twice).
svn path=/trunk/; revision=16443
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
Rename some variables to make the names used in progress bars more
common. (Should more of that functionality be moved into common
progress bar code?)
svn path=/trunk/; revision=16347
like that of the Ethereal I/O stat tap. Improve error messages in both
taps.
Use nstime() routines and structure assignment to do operations on
nstime_t values.
svn path=/trunk/; revision=16346
rather than checking only on every progress bar update quantum, so that
if the update quantum is *very* large, we don't end up waiting longer
than the standard time for a dialog box before checking.
svn path=/trunk/; revision=16327
The localtime call will return NULL on invalid input which results in a NULL pointer exception. Simply print '?' if localtime returned NULL.
svn path=/trunk/; revision=16317
Expert data must perform a re-dissection to trigger the NCP dissector.
Change the call cf_retap_packets() to cf_redissect_packets().
svn path=/trunk/; revision=16279
after I've fixed a bug in the Win32 capture stop mechanism some days(?) before (which speeds up that stopping a lot), this dialog isn't really needed
svn path=/trunk/; revision=16257
Attached is a patch which makes the console log level (warning/message/debug etc) a configurable preference. There's no gui for setting it, but since it's pretty much only going to be useful for developers, I'm sure you'll cope...
----
I've added a small comment to the file output that it has no dialog output
svn path=/trunk/; revision=16205
remove Byte(s) from the dropdown list of filesizes, this doesn't make sense
replace 1000 with 1024, as all (modern?) file managers are based on 1024 bytes for a kilobyte (the old KB vs. KiB controversy)
svn path=/trunk/; revision=16149
add a g_warning() call if an error occured while reading from capture file (while doing a live update), usually shouldn't happen but is difficult to debug *if* it happens
add a new log domain LOG_DOMAIN_MAIN and the standard log handler for it
add some (partly commented out) g_log() calls, useful for GUI sequence debugging
svn path=/trunk/; revision=16136
problems, and use the first routine in it in multiple places.
Get rid of DISSECTOR_SUPPORT_INCLUDES - just add its contents to
ETHEREAL_COMMON_INCLUDES.
svn path=/trunk/; revision=16109
Now the timer callback function will call the pipe read function up to 5 times to avoid this, but won't do this more often to prevent "endless blocking".
svn path=/trunk/; revision=16091
New "Fax T38 Analysis" added to the "Statistics" menu to:
- Reassemble the HDLC t30 frames and dissect the header.
- Analyze the UPDTLPacket seq num for packet lost
- Stats of V.x Data:
- Count the Data bytes
- Duration
- Wrong seq num
- Max Burst of packet lost
svn path=/trunk/; revision=16073
cf_cb_file_closing (called before closing a capture file) cf_cb_file_closed will be called afterwards, but both only if a file is really closed as cf_close is called more often ...
If we are closing large capture files (~20MB), the screen looks ugly while the file is closed. Change this so the screen will immediately go back to initial state and a dialog (without buttons) is shown that the file is currently closed. As the operation which takes most of the time to close the file is a single eth_clist_clear call, we can't use a progress bar here.
cf_cb_live_capture_stopping: called when the user wants to stop the capture (toolbar or menu clicked). At least on Win32, the time between this and the actual stop completed can be noticeable (1-2 seconds), so the user doesn't know if the button press did anything at all. Do something similar as above, show a dialog box without buttons to inform that the close is in progress.
svn path=/trunk/; revision=15891
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
It looks like we can't put "COPYCMD=/Y" in config.nmake and expect nmake
to do the right thing. Add a comment, and set COPYCMD explicitly in the
root Makefile.nmake. The rest of the occurrences of xcopy will have to
be taken care of at some point.
svn path=/trunk/; revision=15840
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
generate columns; use cf_retap_packets instead of cf_redissect_packets()
when running taps (the general flow graph stat uses the Info column).
svn path=/trunk/; revision=15793
*significantly* improve performance (100000 infos from ~5min to 25sec!)
Add a simple severity based filter mechanism.
replace // style comments by /**/
svn path=/trunk/; revision=15791
This is inconvenient, as most of the time (at least) I'm interested not only in the packets behind the newly selected one, but also to have some history *before* it.
So this change will scroll the packet list to have the selected packet after the first third of the packet list.
This change won't take effect if the new packet is already visible (only the selection is changed) or it's near the beginning or end of the packet list (so the whole beginning/end of the list is shown).
svn path=/trunk/; revision=15772
"unknown" for frame numbers. Note that in epan/frame_data.h, and make
the frame number in experts unsigned, and use 0 for "unknown", and
display it as an unsigned number - and, if it's 0, don't display it at
all.
Fix the signature of "expert_dlg_draw()" to match what a tap's draw
routine's signature is expected to be.
svn path=/trunk/; revision=15760
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
this dialog is live capturing from all "known" interfaces while it's open, so huge system load is generated, which is not preferred while doing a real capture.
svn path=/trunk/; revision=15719
at the same time, make proto_construct_dfilter_string() return an emem allocated string.
This fixes a tiny memleak in print.c that never freed the string returned by this function.
svn path=/trunk/; revision=15651
Patch which will enable saving payload in raw (binary) format in addition to the existing au format.
We have found it very useful to be able to extract the RTP data for use with other tools (especially when dealing with proprietary/uncommon coders).
Changes:
rtp_packet_save_payload: no longer transforms packet to linear coding, payload is saved in raw format
copy_file: will perform the needed transcoding and save to needed format (au or raw)
svn path=/trunk/; revision=15648
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
an int or it could be a long; print stuff computed from it with %lu, and
cast the arguments to "long" so that it works on platforms where time_t
*isn't* a long and where "long int" and "int" have different sizes.
svn path=/trunk/; revision=15523
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
"timestat_t".
Move "nstime_to_msec()" to "epan/nstime.c", as it has nothing to do with
a "timestat_t".
Use structure assignment when possible.
Fix the "addtime()" macro and use it in "time_stat_update()".
Use "timestat_t"s, and the routines to manipulate them, in the service
response time table code.
svn path=/trunk/; revision=15509
buffer and "g_strdup()"ing it.
Use the nstime.c routines to compute time deltas and to add up times.
Don't add rows to the CList until a procedure gets a non-zero call
count, so only the ones with non-zero call counts are displayed (and
especially so that procedure numbers not corresponding to real
procedures aren't displayed!).
Ethereal requires 64-bit integer support, so don't bother checking
whether we have it.
Use the right format for 64-bit integers.
svn path=/trunk/; revision=15506
Add some more optional flags to the protocol items, so more "special cases" can be marked in the protocol tree.
New flags:
/** The protocol field has a bad checksum */
FI_CHECKSUM_ERROR
/** The protocol field has an unusual sequence (e.g. TCP window is zero) */
FI_SEQUENCE_WARNING
/** The protocol field has a bad sequence (e.g. TCP segment is lost) */
FI_SEQUENCE_ERROR
svn path=/trunk/; revision=15499
gtk/tap_dfilter_dlg.c; don't export it.
That means that gtk/tap_dfilter_dlg.h is no longer useful; get rid of
it.
Rename "gtk_tap_dfilter_dlg_cb()" to "tap_dfilter_dlg_cb()", as it's
inside GTK+-specific code, so there's no need to distinguish it from
non-GTK+ callbacks.
Update some comments to reflect the name change and the new API for
registering tap_dfilter_dlg stats.
Make the AFP and SMB stats use the gtk/tap_dfilter_dlg.c stuff.
svn path=/trunk/; revision=15496
items registered with it pop up a dialog box before displaying the stat.
Don't pass a name with "..." to it.
Put "..." into other menu items that pop up a dialog box before
displaying the stat; remove "..." from other menu items that don't.
svn path=/trunk/; revision=15495
filter as an argument on the command line and have a dialog box to enter
the display filter through the GUI. Use it for all stats using
"gtk_tap_dfilter_dlg_cb()".
Add a top-level "stat_menu.h" file to declare "REGISTER_STAT_GROUP_E"
for the benefit of the declaration of "register_dfilter_stat()" in the
top-level "tap_dfilter_dlg.h". Rename the "stat_menu.h" in the gtk
directory to "gtk_stat_menu.h", so as not to have two headers with the
same name.
Get rid of headers not declaring any functions not being used in the
module.
svn path=/trunk/; revision=15493
you use the "-z" command-line options for them; make them pop up the
appropriate windows.
Move the calls to "register_stat_cmd_arg()" after the code to register
the tap, just as the calls to "register_stat_menu_item()" are done after
registering the tap.
Use "g_strdup_printf()" rather than formatting into a fixed-length
buffer and "g_strdup()"ing that buffer.
svn path=/trunk/; revision=15489
name "rtp"; we don't need another one, especially given that
"rtp_stream.c" doesn't directly implement a stat (note that it doesn't
register a menu item).
svn path=/trunk/; revision=15488
- Add plugins_dlg.h
- Include .h files in their respective .c files
- Include .h and remove extern declarations in .c files
- set eol-style and keywords on gui_utils.[hc]
svn path=/trunk/; revision=15471
possible, and, for AFP replies, add in the frame with the request and
the time between those two frames.
Have AFP per-request-type RTT statistics, similar to SMB's statistics.
svn path=/trunk/; revision=15456
(so if the file's gzipped, it's *NOT* the size of the file after
uncompressing), and an approximation of the amount of that data read
sequentially so far.
Use those for various progress bars and the like.
Make the fstat() in the Ascend trace reader directly use wth->fd, as
it's inside Wiretap; that gets rid of the last caller of wtap_fd() (as
we're no longer directly using fstat() or lseek() in Ethereal), so get
rid of wtap_fd().
svn path=/trunk/; revision=15437
and "Statistics" menu items into "stat.h" and "stat.c", to separate them
from the core tapping APIs. A tap could conceivably not register as a
"-z" command-line argument or "Statistics" menu item, and a stat could
conceivably not be implemented as a tap, and dissectors that implement
tapping points don't need the UI-related stuff from "stat.h", they just
want the tap-related stuff in <epan/tap.h>.
svn path=/trunk/; revision=15427
Anders Broman