capture to a file or printer. This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.
Get rid of "cur" member of "capture_file" structure; nobody used it.
There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"
button.
Put the declaration of "prefs" into "prefs.h".
svn path=/trunk/; revision=378
(this assumes that "libpcap" writes out the header as soon as that
happens, which is the case for "libpcap" 0.4), we sync it out (to make
sure said header is in the file), and signal the parent process, so that
it opens the capture file and updates its windows to indicate that the
capture is in progress.
svn path=/trunk/; revision=371
that's set whenever we encounter an EOF; if that flag is set, all
subsequent reads return an EOF indication. I.e., end-of-file is sticky.
This means that the stuff to continue reading a capture file, if we're
updating the display as the capture progresses, doesn't work - it gets
stuck at the point where the first read finished.
To clear that flag, we must do an "fseek()"; we do one that doesn't move
the seek pointer.
When updating the display as a capture progresses, do
"init_col_widths()" only when we first open the capture file; there's no
need to do it every time we read from the file - the column widths never
get smaller, they can only get bigger or stay the same.
svn path=/trunk/; revision=370
Make the descriptions of all options full sentences (if an option sets
XXX, describe it as "Sets XXX" rather than just "XXX"); some were, some
weren't.
Note that "-f" sets the *capture* filter expression.
Don't say that Ethereal can read only "libpcap"-format files; it can
read other formats (using "wiretap" to read capture files is no longer
an option, it's what Ethereal always uses).
svn path=/trunk/; revision=368
output of "ethereal -G" and "doc/ethereal.pod.template". Make
"ethereal.1" depend on "ethereal" and "doc/ethereal.pod.template",
rather than on "doc/ethereal.pod", so that it can be built even if you
don't have "doc/ethereal.pod".
svn path=/trunk/; revision=367
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.
Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".
Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.
svn path=/trunk/; revision=364
tree constructed from the protocol tree:
1) The value of "level" field of GTK+ tree items appears to
depend on various random things - see a change I made to
"packet-dns.c" a while ago, to change the order in which
items were put in the tree, so that DNS trees printed with
correct indentation - and, right now, we appear to be doing
*something* wrong, as some packets I printed from one file
here had randomly bogus indentation; I could probably track
the problem down and fix it, but that might just hold us
until we accidentally do something *else* wrong by GTK+'s
lights.
The new code provides its own tree level as it goes.
2) The new code is independent of GTK+, so it could be used with
other toolkits, or with non-GUI variants of Ethereal.
3) This may make it easier to add a "Print..." menu item to let
the user print packets other than the currently selected
packet.
Make the internal routines used to print the packet static.
For the "Print Packet" menu item, put up a message box if they haven't
yet selected a packet.
svn path=/trunk/; revision=362
display filter code, which uses features in GLIB-1.2.x), I removed
the vestigial code supporting old 1.0.x and 1.1.x GTK+ versions.
svn path=/trunk/; revision=360
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
no longer do. (Leave a placeholder comment; the syntax should perhaps
be described here.) Update the example filter to match current reality.
Note that the <Return> and <Enter> keys, when typed in the display
filter field, cause the filter to be applied.
svn path=/trunk/; revision=356
apply the filter (if it isn't invalid).
Apply the filter by clearing the Clist that shows packet summary lines
and scanning through the list of all packets and adding to the Clist
those that match the filter.
Get rid of "if (dfilter_proto_tree)" test in "load_cap_file()";
"dfilter_proto_tree" is always FALSE, and all the test does is keep us
from doing a "gtk_clist_freeze()" of the packet list, and we don't want
to do that (we don't want the packet to be updated until we're done
reading in the file).
Get rid of "dfilter_proto_tree", as it's no longer used.
Move the test that checks whether the display filter matches the current
packet to "add_packet_to_packet_list()"; this allows us to run
"dissect_packet()" only once - if we have a display filter, we generate
the summary info *and* the protocol tree in the same call, using the
summary info to make the packet list item and the protocol tree when
checking the display filter.
In "dfilter_compile()", destroy "*p_dfcode" if it's not NULL, so we
don't leak memory.
svn path=/trunk/; revision=355
problems with single bit fields when declared as an enumerated field.
It shows an unknown ... Damn ... Can't see what the problem is.
svn path=/trunk/; revision=353
doesn't link with libpcap, so no packet captures can be made. The
"--disable-pcap" option has been added to the configure script. Docs
have been updated. And the string buffer size in the simple_dialog()
has been doubled so that Johan's e-mail address in the "About" dialogue
window doesn't get chopped off.
svn path=/trunk/; revision=351
returns a "guint32", which is an "unsigned int" on all platforms Glib
supports, so print what it returns with "%u", not "%lu".
svn path=/trunk/; revision=349
new proto_tree routines. I also removed the check for lex and yacc from
wiretap's configure script. The IP dissector now uses
proto_register_field_array().
svn path=/trunk/; revision=348
operators that I had thrown in at the last moment. Sorry! But I'm trying
to get rid of those embarrassing shift/reduce and reduce/reduce warnings.
I also removed wiretap/wiretap.c, which is no longer needed.
svn path=/trunk/; revision=345
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
(which could cause core dumps in "Follow TCP Stream") -
"check_fragments()" was, when deleting a TCP segment at the beginning of
the list of segments, setting "src[index]" to point to the next segment,
not "frags[index]". "src[index]" is the source IP address, not a
pointer to a fragment.
Also, make some routines not used outside "follow.c" static.
svn path=/trunk/; revision=341
returns a "guint32", which is an "unsigned int" on all platforms Glib
supports, so print what it returns with "%u", not "%lu".
svn path=/trunk/; revision=339
that you need "flex" and either "bison" or Berkeley "yacc". (XXX -
should notes such as this go in some other file, e.g. INSTALL? I
discovered the "flex" and "bison"/byacc requirement on a Solaris 7
system, but it's probably a problem on other commercial UNIXes, as well,
so it probably doesn't belong in, say, "README.solaris".)
svn path=/trunk/; revision=337
source and destination port numbers, check both port numbers against the
specified port, rather than checking the lower of the two port numbers
against the specified port, just in case you happen to either have
1) the port number for that type being high enough that you can
get client sockets using it
or
2) client sockets using it for some other reason.
svn path=/trunk/; revision=333
pointer to a signed int instead of an unsigned int. In my testing the
code still worked, but it's better to do the conversion correctly.
svn path=/trunk/; revision=331
Guy Harris