Get rid of the declaration of the non-existent "dfilter_yyerror()", and
put in some #defines to work around the fact that the #defines to
replace "yy" with "dfilter_" in the names of Flex-generated and
Yacc-generated routines aren't put into a header file, they're put into
".c" files.
Have it remember the error message it was handed (unless it's Yacc's
boring "parse error" message).
When generating the message to be shown to the user on a parse error,
make it be the "Unable to parse filter string" message, and, if a
non-boring error message was supplied to "dfilter_error()", take that
error message onto the end.
Don't panic if a field type we don't yet support in the parser is seen;
generate an error, telling the user we don't support filter on that type
yet.
Don't assume that "global_df" has been set if we see an empty statement
(if the first token was the end-marker, because, say, the first token
the lexical analyzer found was a field of a type not yet supported in
filter expressions, "global_df" won't have been set).
svn path=/trunk/; revision=783
the stuff referred to by those pointers goes past the end of the packet,
that's not a reason not to return the length of the DNS or NBNS name
itself - you can tag that name even though it's bad. Therefore,
"get_dns_name()" should return the length of the part of the name it's
looked at even if that name contains a pointer to stuff that goes past
the end of the packet.
This means you can't check its return value to see if it's negative, and
treat it as an error if it is; remove that stuff.
Add checks to make sure the type and class fields in an RR don't go past
the end of the packet.
svn path=/trunk/; revision=781
the random packets I generated. I'm not convinced that all the problems
are gone. We now:
1. Check that the bytes are indded in the frame before accessing them
in dissect_dns_query() and dissect_dns_answer(). If not, we
return 0, which means "0-byte increment".
2. Check the return value of the two functions above in
dissect_query_records() and dissect_answer_records(), which have
loops that call those two functions above. If a 0-byte
increment is found, the loop is broken to avoid an infinite loop.
svn path=/trunk/; revision=778
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
Assign a range of Wiretap errors for zlib errors, and have
"wtap_strerror()" use "zError()" to get an error message for
them.
Have the internal "file_error()" routine return 0 for no error
and a Wiretap error code for an error.
svn path=/trunk/; revision=769
in the color selection wheel.
Added his patch to file.c to look for bogus frame_data pointers, but made
it a g_assert().
Modified my previous patch to colors.c to skip bad color display filters.
I skipped them, but they still appeared in the color dialogue. Now bad
filtes are not put into the color filter list, so they don't appear in
the color dialogue. As a [good] side-effect, the next time you save
your color filter list, the bad filters are removed from the colorfilters
file.
svn path=/trunk/; revision=768
segfault on a bad colorfilters file. This file now works as expected;
that is, the second filter is ignored:
# DO NOT EDIT THIS FILE! It was created by Ethereal
@ipx@ipx@[65535,65535,65535][65535,19104,22902]
@bad@bad@[65535,65535,65535][65535,19104,22902]
svn path=/trunk/; revision=765
Please, please in new dissector routines, check for
truncated packets, especially when string operations
or loop on bytes are used (to avoid display of erroneous
data and infinite loop or segmentation violation) !
svn path=/trunk/; revision=763
- add display filter for AARP
proto.c:
- register a dummy protocol before the first one (aarp)
since the first entry can not be filtered (bug ?)
Gilbert, could you check this ?
svn path=/trunk/; revision=762
as an argument. ("time_t" could be 64 bits - I think it is 64 bits on
some platforms, e.g. Alpha Linux - and it's typically signed rather
than unsigned.)
svn path=/trunk/; revision=760
1. Fix some silly errors.
2. Dont decode beyond Word Count if errcode > 0
3. Decode a bunch mode SMBs
Next is to keep state so we can do a better job ...
svn path=/trunk/; revision=758
the name of the current save file - we no longer have the "-F" flag, and
"-S" automatically reads from the capture file as packets arrive, so
there's no need to manually open the capture file.
svn path=/trunk/; revision=757
from "globals.h" to "capture.h".
Only "capture.c" needs to include <pcap.h>; move the include of <pcap.h>
from "capture.h" to "capture.c".
We no longer need any DLT_ defines (that's handled inside Wiretap);
remove the defines of DLT_ from "capture.h".
svn path=/trunk/; revision=753
file to which to write the capture; if it's NULL, create a temporary
file and use that.
Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.
This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".
svn path=/trunk/; revision=748
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.
"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.
svn path=/trunk/; revision=747
"quit_after_cap", and "capture_child" from "gtk/main.c" to "capture.c",
so that the definitions don't have to be duplicated in "main.c" for
other UIs if, as, and when we do versions of Ethereal with other UIs.
svn path=/trunk/; revision=746
"strncasecmp()" or "mkstemp()"; add in source to the GNU "libc"
versions, and have the "configure" script check for the routines in
question and set up the Makefile to build from our versions if they're
missing.
svn path=/trunk/; revision=745
Sniffer trace, and printout therefrom, sent to me by Jeff Foster. (The
Sniffer manuals I'd had a chance to read didn't say what the units
were.)
svn path=/trunk/; revision=744
exit, so that it doesn't hang around as an unreaped zombie until the
parent exits, and, if it stopped or terminated due to a signal, report
that in a message box.
svn path=/trunk/; revision=741
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).
If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.
Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".
svn path=/trunk/; revision=736
After some bad dfilter parses, the top-level dfilter tree (global_df->dftree)
would erroneously be set to the last good dfilter_node that was parsed.
Later, the non-NULLness of the dftree made us clear it.. really confusing
GTK internals. After _that_, new GNodes created via g_node_new() would
all have the same address!
svn path=/trunk/; revision=735
