expired *before* writing a packet, rather than *after* writing a packet,
so that if you get no packets for a sufficiently long period that the
timeout expires before you get a new packet, the new packet is in the
beginning of a new file (as you might get more packets right after that,
and want them to be in the new file, rather than have the first packet
at the end of one file and the rest of the packets in another file).
svn path=/trunk/; revision=8536
the option to print only marked packets similarly, rather than as
"Suppress unmarked packets" (for consistency, and because the latter
isn't unlike a double negative).
svn path=/trunk/; revision=8451
containing a pointer to an interface name and possibly a pointer to an
interface description (although that pointer might be null if no
description is available), rather than having the Windows version glue
together the name and description into a single string.
Supply for the Linux "any" device the same description that libpcap's
"pcap_findalldevs()" returns.
svn path=/trunk/; revision=8440
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
Ethereal presents a column to display culmulative bytes into the capture.
A new column type is added : Culmulative Bytes.
While PacketLength column type specifies the number of bytes in the current packet,
Culmulative Bytes specifies the culmulative number of bytes from the start of the capture.
svn path=/trunk/; revision=8359
a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
don't assume that a dissector handle has a protocol associated
with it (there's none for the "OSI network layer" dissector, for
example, as that dissector hands off to one of several protocols
based on the NLPID);
rename a few functions to have names that better explain what
they do;
have separate functions to show all the layer types (dissector
tables) and to show all the protocols supported for a layer
type, and have both of them take, as an argument, the standard
I/O stream to which they should write;
improve the parser for the "-d" option to give more information
on errors;
fix up some comments.
svn path=/trunk/; revision=7949
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
in all signal handlers that could modify it (i.e. by calling system
calls or worst standard C library functions).
Else the following code for instance is buggy if a signal arises between
the tests:
if (system_call() == -1) {
if (errno == Exxx) {
...
} else {
...
}
}
And MANY (open source or not) programs are broken that way ...
svn path=/trunk/; revision=7664
Support can be enabled at configure time by using "--with-adns=DIR".
If support is enabled, async queries happen whenever host name resolution
is enabled. Do we need a separate preference for async queries?
Currently, only IPv4 reverse queries are supported. I can add IPv4 forward
lookup support, but I don't have any way to test IPv6 queries.
svn path=/trunk/; revision=7640
registration routines, for taps with menu items (taps that can be run
from the "Tools->Statistics" menu), create the menu item for the tap.
"make-tapreg-dotc" constructs a "register_all_tap_menus()" function that
calls all the tap menu item registration routines it finds, and Ethereal
calls that routine after the main window has been constructed (so that
the main menu exists, as the menu items are added to it). (Tethereal
doesn't call it.)
Get rid of the "menu" and "menu_init" arguments to
"register_ethereal_tap"; the menu item is registered in the tap's menu
item registration routine, not in its main registration routine.
Have the RTP GUI tap register its menu item that way, rather than by
having it compiled into "gtk/menu.c". (We're not ready yet to have taps
whose menu items are under a submenu register themselves in that
fashion, as "register_tap_menu_item()" can't yet create submenus.)
svn path=/trunk/; revision=7540
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
Ethereal/Tethereal was linked into a common routine, and use that in
both Ethereal and Tethereal.
Add to that routine code to get OS version information.
svn path=/trunk/; revision=7320
message, to make the margins more even and to bring the second line
under 80 characters. (It's amazing how long Herman Hollerith's legacy
has lasted....)
svn path=/trunk/; revision=6835
Use _WIN32 rather than WIN32 throughout (both of them appear to work - I
don't know whether one is the "right" one to use and, if one is, which
one it is - and they're both used in Ethereal, but let's at least be
consistent within a given file).
Update the capture device open failure message on Windows not to say
Token Ring devices aren't supported - current versions of WinPcap do
support it, and the Ethereal message was updated, but the Tethereal one
wasn't.
Fix up the Tethereal code to match the Ethereal code a bit more, so that
we go to "error" on Windows if the capture device open fails, and so
that the code actually compiles on Windows. Fix up the indentation
while we're at it.
svn path=/trunk/; revision=6829
Fix up the documentation of the "-i" flag in the Ethereal man page to
note only that "netstat -i" and "ifconfig -a" *might* work, to
specifically note that not all UNIXes support the "-a" flag to
"ifconfig", and to note that pipe data must be in *standard* libpcap
format.
Document the support for pipes in the "-i" flag in Tethereal.
svn path=/trunk/; revision=6822
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
and generate the table of stuff to register from tap source files, so
Tethereal doesn't need to know what tap listeners exist.
Get rid of "tap-xxx.h" files, as they're now empty.
Add "tethereal-tap-register.c" to the .cvsignore file, as it's a new
generated file.
Update "Makefile.nmake" to generate "tethereal-tap-register.c".
Clean up "Makefile.am" and "Makefile.nmake" a bit.
svn path=/trunk/; revision=6525
building with an SNMP library.
If we have Net-SNMP, include <net-snmp/version.h>, not
<ucd-snmp/version.h>.
Don't include any of the SNMP headers unless HAVE_SOME_SNMP is defined.
Include <net-snmp/config_api.h> if we have Net-SNMP, to declare
"read_premib_configs()" and "read_configs()".
Supply the include directories for Net-SNMP in the Makefile.nmake for
GTK 1.2 and GTK 2.
svn path=/trunk/; revision=6493
Define HAVE_SOME_SNMP if either HAVE_UCD_SNMP or HAVE_NET_SNMP
is defined, and use HAVE_SOME_SNMP, rather than HAVE_UCD_SNMP,
in most places when testing whether we have an SNMP library or
not.
Be more selective when including Net-SNMP header files.
Fix up {gtk,gtk2}/main.c to do the same SNMP stuff that tethereal.c
does - including the MIB stuff that gtk/main.c was doing but gtk2/main.c
wasn't doing.
Fix the copyright date in gtk/main.c.
svn path=/trunk/; revision=6483
In gtk/main.c and tethereal.c set MIBDIRS to <get_program_path()>\snmp\mibs
so that we can drop the MIB files there, instead of the default c:\usr\...
path.
Add NET_SNMP_DIR to config.nmake and modify Makefile.nmake to adjust
CFLAGs, ethereal_LIBS and tethereal_LIBS accordingly.
Define HAVE_UCD_SNMP in config.h.win32.
I tested this by creating c:\program files\ethereal\snmp\mibs and
dropping in the MIB files that come with Net-SNMP. Ethereal resolved
system.sysDescr.0 to "iso.3.6.1.2.1.1.1.0" under Windows. Under Linux
it resolved to "SNMPv2-MIB::sysDescr.0".
Ethereal.nsi still needs to be updated.
A compiled version of the Net-SNMP library can be found at
http://www.ethereal.com/distribution/win32/development/
svn path=/trunk/; revision=6385
Update gtk and gtk2 versions of RPC_STAT to allow a filter string to be specified on both the command line as well as the GUI.
Update the documentation for ethereal to reflect this.
svn path=/trunk/; revision=6343
This makes it possible to generate any types of stats based on user defined subsets of the capture.
Try -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678
NFS rtt statistics for a specific file.
svn path=/trunk/; revision=6337
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
Guy Harris