you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
"cancel", and "delete" methods, give them:
"fetch" - fetch from the notebook tab any values not already
stored in "prefs", and store them there, but doesn't apply them;
"apply" - apply the settings in "prefs";
"destroy" - clean up any windows created from the tab.
As we no longer have "cancel" methods, we don't have per-preference code
to revert preference values; instead, we have the common preference
dialog box code make a copy of all the current preferences, and, when
the "Cancel" button is clicked, free the current preferences and copy
the saved preferences to it, and apply the preferences.
Add an "Apply" button to the preference dialog box, which applies the
current preferences without closing the dialog box.
Treat a request to delete the preferences dialog box as equivalent to
clicking "Cancel".
Have a "remember_ptree_widget()" routine to remember all protocol tree
widgets, and use the list of those widgets when we set GUI preferences
for the protocol tree widgets, rather than setting the main protocol
tree widget and then using the list of packet windows. Move that code
out of "main.c" to "proto_draw.c", as it's not used by anything in
"main.c", but is used by stuff in "proto_draw.c".
Make the font one of the preferences we can set on the fly for protocol
tree widgets. Also make it something we can set on the fly for the
packet list widget.
svn path=/trunk/; revision=2317
protocols running atop SCTP can register themselves with a particular
SCTP port number.
Also, clean up the credits for him - there were two entries, one for
some initial SCTP support in "ipprotostr()" and in the capture dialog,
and one for the SCTP dissector itself - the latter subsumes the former,
so just keep the latter.
svn path=/trunk/; revision=2296
plugin is enabled -> disabled -> re-enabled due to the fact that
the protocol registration is performed at each plugin_init() call
(and there is no protocol cleanup like with dfilter_cleanup).
Now we use the proto_xxx static variable to check if it is the first
activation or not (in this case, the proto_register_xxx routines are
not called.
svn path=/trunk/; revision=2290
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2268
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2255
the addition of support for Cisco Secure Intrusion Detection
System IPlog output;
support for selecting only one side of a conversation, for
showing a conversation in hex, and for saving the displayed data
to a file, in the "Filter TCP Stream" window.
svn path=/trunk/; revision=2238
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
a framework for the dissector; of the more than 400 NCP packet types, only
a handful are defined. But this dissector framework is much better than
the previous one.
svn path=/trunk/; revision=2173
a waste of time. Instead, set $(PERL) to @PERL_PATH@ in the Makefile and
call dfilter2pod.pl via $(PERL) $(src_dir)/dfilter2pod.pl
svn path=/trunk/; revision=2171
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
pages for various protocol preferences, and the existence of the global
and personal preferences files.
We still need to document the values that can be put in the preferences
file.
svn path=/trunk/; revision=2127
potentially long-running operation that has a progress indicator, pop up
a modal dialog box with
an indication of what is being done;
a progress bar;
a "Cancel" button to stop the operation.
This:
leaves more room on the status line for a filter expression;
provides a mechanism to allow the user to cancel long-running
operations (although the way we do so may not back out of them
as nicely as the user might like, if it's not obvious what the
"right" way is or if the "right" way is difficult to implement
or involves doing as much work as letting the operation
continue);
means that, because the dialog box is modal, we don't have to
worry about the user performing arbitrary UI operations out from
under the operation and changing arbitrary bits of state being
used by that operation.
svn path=/trunk/; revision=2103
tvbuffs.
In doing so, I realied that my recommendation for using
tvb_new_subset(pi.compat_top_tvb, -1, -1) was incorrect, because
some dissectors (ethernet!) change pi.len and pi.cap_len. So, I have
to take those two variables into account instead of using -1 and -1.
So, I provide a macro called tvb_create_from_top(offset), where
offset is the name of your offset variable. It is a wrapper around
tvb_new_subset().
I converted the lines that followed my suggestion to use
tvb_create_from_top().
In proto.c I added
proto_tree_add_debug_text(proto_tree*, const char*, ...)
It's much like proto_tree_add_text(), except that it takes no offset
or length; it's soley for temporarily putting debug text into the
proto_tree while debugging a dissector. In making sure that its
use is temporary, the funciton also prints the debug string to stdout
to remind the programmer that the debug code needs to be removed
before shipping the code.
svn path=/trunk/; revision=2068
display to be sorted by the value in that column (and to reverse the sort
order the next time you click on that column).
Use "F<>" rather than "B<>" for file names in the Ethereal man page.
svn path=/trunk/; revision=1931
snapshot length before writing them to the output file; this may come in
handy if you are translating the file to a different format so that it
can be read by a program that can't handle packets above a certain size
(e.g., the snoop in Solaris 2.5.1 or 2.6, which reject Ethernet packets
larger than the Ethernet MTU, and thus can't handle gigabit Ethernet
captures using jumbo frames).
svn path=/trunk/; revision=1891
"proto_tree_add_item_format()" into multiple routines for different item
types, and to note that a subtree can be added under any item.
svn path=/trunk/; revision=1809
On Win32, always save a temporary capture file by copying -
Win32 systems don't allow you to rename a file that is open, and
we have the temporary file open.
When saving by copying the raw bytes of a capture file, create
the target file with "open()", using the O_BINARY flag, rather
than with "creat()"; on Win32 systems, "creat()" apparently
opens the file as a text file rather than a binary file.
svn path=/trunk/; revision=1757
properly handle ASCII vs. Unicode in the list of interfaces;
initialize Winsock before starting a capture, so that the code
in the Win32 libpcap to get the IP address and netmask by
translating the host name to an IP address works.
svn path=/trunk/; revision=1737
Get rid of the paragraph about C++-style comments at the beginning of
the document, as it also appears in section 1.1.1 "Comments".
Add a section on how to extract data from packets, which explains the
"pd" and "offset" arguments to a dissector, and notes that you should
not just blithely cast pointers into the packet data to 2-byte or 4-byte
integral types and dereference them, as the pointer may not be aligned,
and the field may not have the same byte order as the processor on which
Ethereal is running (in fact, it's probably *guaranteed* not to on at
least one machine, as Ethereal runs on both big-endian and little-endian
platforms...).
svn path=/trunk/; revision=1710
specifies with "-f" and "-R" flags, respectively, or specified with
non-flag command-line arguments, as tcpdump and snoop allow.
svn path=/trunk/; revision=1663
Gilbert Ramirez