(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In make-version.pl, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.
Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-on: https://code.wireshark.org/review/139
Reviewed-by: Gerald Combs <gerald@wireshark.org>
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
the only reason not to check it is if we've already gotten a write error
and another write error would be superfluous (either "you got two of the
same error" or "you got an I/O error *and* you ran out of disk
space/disk quota" is of limited interest).
Discard the return value of wtap_dump_close() in the case where we've
already gotten a write error, in the hopes of squelching a Coverity
warning.
svn path=/trunk/; revision=54872
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
Original (read from file) comments can be accessed by pkthdr->opt_comment
Keep user comments in seperated BST, add new method for epan session to get it.
svn path=/trunk/; revision=51090
This patch assumes that wtap_phdr interface_id, pack_flags both from initial read and seek read will contain same values.
Please fix if it's not.
svn path=/trunk/; revision=51041
Remove ->prev_cap, for testing purpose also replace ->prev_dis with number of previously displayed frame number.
This patch reduce size of frame_data by 8B (amd64)
This is what (I think) was suggested by Guy in comment 13 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5821#c13)
svn path=/trunk/; revision=50765
when the last comment is removed and we have no other expert info,
the maximum severity is changed from comment to none
svn path=/trunk/; revision=50091
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
indicates. (Note: "unsaved data" is more than just "unsaved changes";
it could also mean "temporary file that hasn't been saved anywhere".)
svn path=/trunk/; revision=48709
a save can be done ("can" in the sense of "there's something to
save" and in the sense of "we can write that something out");
a "save as" can be done (in the sense of "we can write what we
have out");
there's unsaved data to save (which might be unsaved changes or
might be a temporary file full of packets);
and use them as appropriate. This means that the "unsaved data"
indicator in the UI will be turned on for temporary files full of
packets as well as for files with unsaved changes; that's what we want.
svn path=/trunk/; revision=48693
supports writing files with a given set of encapsulations and comment
types. Use it, rather than asking for a list of file formats that
support the given set of encapsulation and comment types and checking
whether we got back such a list, or duplicating its logic.
Having file.c use it means that nobody's using
wtap_dump_can_write_encaps() any more; get rid of it. Instead, have a
private routine that checks whether a given file format supports a given
set of encapsulations *and* comment types, and use that internally.
svn path=/trunk/; revision=48690
For each capture file type, have a bitset of comment types supported by
that capture file type.
Add a Wiretap routine that, for a given file type, returns the bitset of
comment types it supports.
Have wtap_get_savable_file_types() take a bitset of comment types that
need to be supported by the file types it returns.
Replace cf_has_comments() with a routine that returns a bitset of
capture file comment types in the capture file.
Use those routines in the capture file dialogs; don't wire in the notion
that pcap-NG supports all comment types and no other file formats
support any comment types. (That's currently true, but we don't want to
wire that in as being forever true.)
svn path=/trunk/; revision=48689
Add a 2-pass display-filter flag to tshark so that reassembly and other forward-
looking dissections can be used with filters.
It's a bit of a hack, but this entire area of 2-pass analysis etc. is a giant
pile of hacks to begin with and needs cleaning up. For now just having this
feature is a big enough win.
svn path=/trunk/; revision=48589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7530
The frame_data_cleanup function was ambiguous; it was being used for two
different purposes, and did neither of them quite properly. Split it instead
into frame_data_reset and frame_data_destroy, and call the correct one depending
on why we were originally calling frame_data_cleanup.
svn path=/trunk/; revision=48324
actually doing and what users are likely to want to do. Rename the
search enum values and functions to reflect what we're actually doing
and add a comment explaining why making searches more correct might make
searching worse. Add a search bar to the Qt main window, thus
continuing the War On Gratuitous Dialogs.
Clear out any previous temporary label stack items before adding a new one.
svn path=/trunk/; revision=46541
printed when either -T is not specified or "-T text" or "-T ps" is selected.
2) Allow for packet hex/ascii to be printed without necessarily requiring that
either packet summary or packet details also be printed. This just means that
if you want packet summary information, use "-Px" instead of just "-x".
3) Fix bug with order of evaluation of -V and "-T psml".
4) If a packet separator is specified, always use it regardless of the -PVx
options chosen.
5) Don't print 2 lines of separation between packets when only printing
hex/ascii. Print 1 line of separation as in all other cases.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7782 plus other misc. enhancements.
svn path=/trunk/; revision=45715
- initialize edt once in few places, and later reset it after dissecting
(add_packet_to_packet_list),
- revert r45667, probably no longer needed.
svn path=/trunk/; revision=45669
Add breadcrumbs so that we can switch from g_get_current_time to
g_get_real_time when our minimum GLib version is >= 2.28.
svn path=/trunk/; revision=45399
packet_range_init(). Get rid of global cfile references in
packet-range.c. C++-ize packet-range.h. Shuffle some includes around.
svn path=/trunk/; revision=45333
cf_read() is already checking for cf->redissecting variable and if set it don't add packets to packet_list.
Rename it to cf->rescanning and set it always in rescan_packets() [not only when redissecting].
svn path=/trunk/; revision=45183
When refiltering we process gtk/glib events, so it's possible that cf_continue_tail()
will fire-up, reading new packets and incrementing cf->count.
It's also possible that this packet(s) will pass display filter,
incrementing cf->displayed_count.
But when refiltering we use cf->count as number of packets to process, so
new packets are also processed, incrementing cf->displayed_count second time.
Fix bug by saving cf->count before starting refilter loop.
svn path=/trunk/; revision=45182
fileset_file_opened directly from file.c. This makes the code a bit more
consistenent and makes it easier to port the File Set dialog to Qt.
svn path=/trunk/; revision=45162
This commit reduces size (from 144B to 128B on AMD64) of frame_data structure.
Part of bug 5821: Reduce per-packet memory requirements.
svn path=/trunk/; revision=45071
Use and free err_info in cf_continue_tail() and cf_finish_tail().
(Untested because I'm not sure how to corrupt a file to exercise this code path...)
svn path=/trunk/; revision=45032
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
so that we can properly associate a widget with create, update, and
destroy events. Only used by Qt so far but it should be easy enough to
add to GTK+.
Rename ui/qt/progress_dialog.{h,cpp} to progress_bar.{h,cpp}. Show a
progress bar in the status bar of the main window instead of creating
a separate dialog. Note that we still need to add a "cancel" mechanism
and display the task and item titles somewhere.
Thus began the War Against Gratuitous Dialogs.
svn path=/trunk/; revision=43833
the file has unsaved changes, and we can save it in some format
through Wiretap
or
the file is a temporary file and has no unsaved changes (so that
"saving" it just means copying it).
Only allow "Save As" if
we can save it in some format through Wiretap
or
the file is a temporary file and has no unsaved changes (so that
"saving" it just means copying it).
This means that we don't support using "Save As" for just copying the
file unless we can do that with Wiretap; copying the file byte-for-byte
only works as "saving" if there are no unsaved changes *and* we're
saving it in the same format that it's in *and* we're saving it with the
same form of compression (if any) that it has.
Rename cf_can_save_as() to cf_can_write_with_wiretap() to better reflect
what it really does.
svn path=/trunk/; revision=43477
in a format that supports comments and they do a "Save" by popping up a
similar question to the one we pop up in the "Save As" case and, if they
say "choose another format", pop up a "Save As" dialog box.
svn path=/trunk/; revision=43395
tries to do "Save As" in a format for which we don't support comments
(currently, we only support them for pcap-ng), ask whether they want to
discard the comments and save anyway or, *if* the file can be saved in a
format for which we *do* support comments, they want to save the file in
some other format.
Keep a count of packet comments so that we don't have to scan all the
frame_data structures to determine whether we have any comments.
svn path=/trunk/; revision=43392
file.c and routines called from it; non-modal dialogs end up, in some
cases, either hidden, devoid of the input focus and not dismissable, or
both.
svn path=/trunk/; revision=43321
file type and a GArray of encapsulation types and returns TRUE if a
capture with all those encapsulation types can be written to a file in
that file type and FALSE otherwise. Use it where appropriate.
svn path=/trunk/; revision=43315
Show all of them in the summary dialog; we will be using it in the
future to figure out what capture file formats we can write to (just
because a capture file format supports per-packet encapsulations, that
doesn't mean that it supports *all possible* encapsulations).
svn path=/trunk/; revision=43278
When building current data for packet details treeview we store two things.
- Generated string with item label
- Pointer to node field_info structure
After epan_dissect_{free, cleanup} pointer to field_info node is no longer
valid so we should clear GtkTreeStore before freeing.
svn path=/trunk/; revision=43188
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
"export specified packets". For "failed", let the user try again with a
different file, in case it failed due to, for example, running out of
space or quota (probably the most likely failure mode for writing, and
trying to a different volume might be the best workaround). For "user
stopped it", presumably they don't want to try again (the most likely
reason is "it was taking too damn long").
Put "Exporting to: ...", not "Saving: ..." in the statusbar if we're
doing "export specified packets".
In process_specified_packets(), allow a null range pointer to be
specified, meaning "save 'em all"; that avoids the possibly-expensive
(with a large capture) operation of initializing the range.
If a "safe save" atop an existing file fails or is stopped, get rid of
the temporary file we created.
svn path=/trunk/; revision=43095
update it after each burst of packets. (This is broken - we should have
cf->lnk_t be WTAP_ENCAP_PER_PACKET in all capture file formats that can
handle more than one packet type, and, in order to support writing out
*some* such files in formats that can only handle one packet type, just
use the type of the first packet when doing a one-pass operation and
gather up all the packet types in a multi-pass operation.)
svn path=/trunk/; revision=43048
callers either need to free it or their callers need to free it or....
This means that cf_get_display_name() must always return a g_mallocated
string and its callers or... must free it.
For some of those callers, create a new set_window_title() routine to do
the work - they're all using the same pattern.
svn path=/trunk/; revision=43047
getting the basename for display purposes, so it's converted from the
GLib/GTK+ locale filename encoding to UTF-8. (For Windows, the locale
filename encoding is UTF-8, and the internal encoding is UTF-16, so the
file names should *probably* all be valid UTF-8 - Windows may not
support invalid UTF-16 in file names. For Qt, I'm not sure whether the
file dialogs ever return file names in some non-UTF-8 encoding.)
svn path=/trunk/; revision=43044
doesn't do safe saves, so wtap_fdreopen() always needs to reopen the
random file descriptor.
At the point where a safe save is done, the sequential read is done, so
the sequential stream is closed; there's no need to reopen it.
(The former fourth argument to wtap_fdreopen() wasn't an indication of
whether the file was compressed, it was an indicationof whether the
random stream should be reopened.)
svn path=/trunk/; revision=42977
file that we ourselves have open. In the "safe save" code path for
capture files, on Windows temporarily close the file descriptors for the
currently-open capture before doing the rename and then, if the rename
failed, reopen them, leaving the rest of the wtap and capture_file
structures intact.
Rename filed_open() to file_fdopen(), to make its name match what it
does a bit better (it's an fdopen()-style routine, i.e. do the
equivalent of an open with an already-open file descriptor rather than a
pathname, in the file_wrappers.c set of routines).
Remove the file_ routines from the .def file for Wiretap - they should
only be called by code inside Wiretap.
Closing a descriptor open for input has no reason to fail (closing a
descriptor open for *writing* could fail if the file is on a server and
dirty pages are pushed asynchronously to the server and synchronously on
a close), so just have file_close() return void.
svn path=/trunk/; revision=42961
temporary file to which we were writing in order to do a "safe save".
Thanks to Coverity for pointing this out - should fix CIDs 703317 and
703316.
svn path=/trunk/; revision=42891
have the file open. Go back to doing it with a copy on Windows.
Explain what the problem is, and give a way in which we might be able to
make it work on Windows (without using any NT native API calls...).
svn path=/trunk/; revision=42859
saving files, and run it modal (which we're already doing with the
GtkFileChooserDialog); this means less callback-based state machine
stuff, simplifying the code paths a bit.
If we're saving a file before closing it, don't bother reloading it
after saving it.
svn path=/trunk/; revision=42855
an API to fetch that.
When doing "Save" on a compressed file, write it out compressed.
In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.
svn path=/trunk/; revision=42818
save" if the destination file exists.
Don't forbid overwriting an existing file in either of those cases (we
still forbid overwriting the current capture file) - the GUI asks the
user whether they want to do the overwrite, and allows them to cancel
out of it - and don't remove the file before writing to it (doing so
makes the save *un*safe).
Attempt to do a save of an unedited temporary file by just moving the
file on Windows as well as on UN*X - ws_rename() will remove the target
if necessary on Windows (and won't do it as a separate operation before
attempting the rename), so it behaves like ws_rename() on UN*X (which is
just a wrapper around rename()).
svn path=/trunk/; revision=42816
new file the current file, as is the case in most if not all other GUI
applications.
A new "Export Specified Packets" menu option allows you to specify which
packets to write out, with the default being the displayed packets (and
those on which the displayed packets depend for, e.g. reassembly), and
never makes the resulting file the current file.
The two operations are conceptually distinct. Lumping them into one
menu item, with the default for "Save As" being "displayed packets only"
and thus making it behave like the latter operation, was causing some
confusion; see, for example, bug 6640.
Make the dialog popped up if you try to "Save As" or "Export Specified
Packets" on top of an existing file ask the "do you want to do this?"
question in the main part of the message, and note in the secondary text
that doing that will overwrite what's in the file; that matches what
TextEdit on OS X and the GNOME text editor say.
svn path=/trunk/; revision=42792
so "Save" should, for non-temporary files, mean "save the current state
of the capture file on top of the existing file" without prompting for a
file name.
That means we have to do a "safe save" - i.e, write the capture out to a
new file and, if that succeeds, rename the new file on top of the old
file - as the actual packet data to write out is in the file we're
overwriting, not in memory. (We'd want to do that anyway, of
course....)
Update some comments.
Clean up indentation slightly, and get rid of an unnecessary variable
(in all the cases where we use it, we assign it the same value, and that
value isn't modified out from under us before we use it).
Note that after a "Save", or a "Save As" that writes out all captured
packets, we shouldn't have to close the current file and open the new
file and reread it - we should be able to open the new file and update
the frame offsets in the frame_data structures.
Note that we need to do some a better job of reporting rename failures.
svn path=/trunk/; revision=42777
save, we post capture file callback events similar to the ones posted
when reading a capture - otherwise, the reload will leave the welcome
screen up.
Rename cf_cb_file_save_reload_finished to cf_cb_file_reload_finished,
add a cf_cb_file_reload_started callback, have them work similarly to
read_finished and read_started except that the reload uses "Reloading"
in the progress bar and status bar.
Clean up some indentation while we're at it.
svn path=/trunk/; revision=42764
Revert r42758 as it only helps in one case; rather, fix it correctly: if
we're redissecting or refiltering, clear any frame dependencies as we go
along. (Fortunately, frame dependencies are all forward dependencies--
meaning that a given frame can only be depended upon by a later frame--
so we can do this as we rescan the packets/frames.)
svn path=/trunk/; revision=42762
Clear the dependent_of_displayed flag when there's no dfilter. This only
helps the case when you clear a display filter before moving on to another
display filter.
svn path=/trunk/; revision=42758
Don't mark frames as dependent upon a displayed frame unless the (supposedly)
displayed frame is actually displayed. (Fix to r41214 <sigh>.)
svn path=/trunk/; revision=42752
"unsaved_changes", and have it be TRUE iff changes have been made to the
file since it was read - *not* if it's a temporary file from a live
capture.
Check the "is_tempfile" member, and the "unsaved_changes" member, when
appropriate.
Just have a set_toolbar_for_capture_file() routine that updates the
"save", "close", and "reload" toolbar as appropriate, given a
capture_file structure - absorb the function of
set_toolbar_for_unsaved_capture_file() into it.
svn path=/trunk/; revision=42721
we weren't even able to start a capture, rather than delivering a fake
"capture start" indication and relying on a later "capture file closed"
indication - for a capture that was never opened in the first place - to
handle GUI cleanups.
Don't deliver any GUI indications in cf_close() if we didn't have a
capture file open in the first place.
Clear the status bar and welcome header if that indication is delivered.
If we start a capture from the command line with the -k flag, don't show
the captured packet information unless the capture actually starts.
svn path=/trunk/; revision=41521
clickable to open an edit window.
- Add checks for NULL pointers.
Help with a different color LED possibly with Jeff's (c) in it apreceated.
Should the LED be placed elsewhere or the whole thing done differently?
svn path=/trunk/; revision=41242
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
the details of what in particular is unsupported; report it in TShark
and Wireshark.
Handle WTAP_ERR_RANDOM_OPEN_PIPE in TShark.
Handle WTAP_ERR_COMPRESSION_NOT_SUPPORTED in TShark, and have its error
message in Wireshark not speak of gzip, in case we support compressed
output in other formats in the future.
If we see a second section header block in a pcap-NG file, don't report
it as "the file is corrupted", report it as "the file uses a feature we
don't support", as that's the case - and don't free up the interface
data array, as the file remains open, and Wireshark might still try to
access the packets we were able to read.
svn path=/trunk/; revision=41041
This is POC we may want to have more efficient use of the frame data
structure etc. But this allows for work to be done on the GUI to actually add comments.
svn path=/trunk/; revision=40969
the ui directory. (Perhaps some other files that would be used by all
flavors of Wireshark, for any GUI toolkit or for someting such as
ncurses, and not for any command-line tool such as TShark, should be
moved there as well.)
Shuffle some #includes to put the "ui/XXX.h" includes together.
svn path=/trunk/; revision=40529
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
to return a pointer to the merge_in_file_t that got the error. Set *err
to 0 on success and an error code on an err, treat a null return as an
EOF indication, and if we don't get a null return check for a non-zero
error code and treat that as an I/O error.
svn path=/trunk/; revision=39964
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.
The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.
To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml". Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.
You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.
From me:
Minor fixups.
svn path=/trunk/; revision=37298
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
sequence of frame_data structures, indexed by the frame number. Extract
the relevant bits of the capture_file data structure and move them to
the frame_data_sequence, and move the relevant code from cfile.c and
tweak it to handle frame_data_sequence structures.
Have a possibly-null pointer to a frame_data_sequence structure in the
capture_file structure; if it's null, we aren't keeping a sequence of
frame_data structures (we don't keep that sequence when we're doing
one-pass processing in TShark).
Nothing in libwireshark should care about a capture_file structure; get
rid of some unnecessary includes of cfile.h.
svn path=/trunk/; revision=36881
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
Make the loops that scan through all the packets do so by frame number,
to abstract away the "next" and "previous" pointers in the frame_data
structure. Add a routine to cfile.c to map frame numbers to frame_data
structures, and put in some special case handling so scanning forward or
backward through the packets is O(N) rather than O(N^2).
svn path=/trunk/; revision=36846
so get rid of the select_flag argument, and rename it
new_packet_list_select_row_from_data().
It's also always passed a frame_data *, so make its argument a
frame_data *.
Its return value is used only to detect whether the packet was found in
the display or not, so make it a gboolean. Check it in *all* cases
where it's called, and change the dialog message a bit (the most likely
cause is that the user cancelled a redissection of the packets, so not
all packets in the capture file are in the display.
Also, in the find case, pass it the new packet we found.
svn path=/trunk/; revision=36839
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
pointers, as there's code that assumes that if they're not set to null
pointers, they're set correctly, and doesn't bother setting them to the
right value.
svn path=/trunk/; revision=36252
pointers to null strings, rather than a bunch of null pointers, so that
if an exception is thrown before we set any of the columns, or some
other problem occurs, we don't end up with null pointers that could
later cause a crash.
Fix indentation.
svn path=/trunk/; revision=36234
In convert_string_case() use g_utf8_strup() instead of converting each
character by hand. Hopefully this won't cause any unexpected changes in
behavior.
svn path=/trunk/; revision=36006
use GTK+ data types, so, at least in theory, it could be implemented
atop another toolkit.
Make statusbar_push_temporary_msg() take a format string and format
arguments. Use it instead of simple_status(), and change one call to
just take a format string and arguments rather than to take the result
of using that format string and arguments with g_strdup_printf() and
passing the result to statusbar_push_temporary_msg().
svn path=/trunk/; revision=35041
Continue to use the data offset ((uncompressed) bytes read) as our progress
indicator, at least until we get a progress value greater than 1.0. Then,
in addition to checking if the size of the file changed, check our position in
the file and use that as our progress indicator.
This optimizes uncompressed file accesses (avoiding an lseek()) at the "expense"
of switching progress measures (from data read to position in the file) while
loading a file. Tests have shown that the progress bar never shows the data
offset number when loading a compressed file, so this should be okay.
svn path=/trunk/; revision=34563
1. Restore the functionality of <Ctrl>A and <Ctrl>X to the filter textbox.
2. Assign intuitive shortcuts without consuming any new shortcut letters.
3. Add 'Un-Time Reference All Packets' to the menu.
4. Disallow the marking or ignoring of all packets in the capture.
5. Make the Mark/Ignore/Time Reference-related menu items context sensitive.
6. Add 'ref_time_count' to the capture_file structure
7. Utilize marked/ignored/ref_time_count vars to prevent needless looping thru
the entire packet list by exiting the loop when it becomes zero.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5115
svn path=/trunk/; revision=33817
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
updates are off and which sets the capture file state to a value that
won't cause an assertion when the user stops capturing. Fixes bug 4035.
svn path=/trunk/; revision=33005
we can use it in the main window title during and after capture. Add a
"-X" option for providing a description for stdin.
svn path=/trunk/; revision=32357