that will open the find frame dialogue and preload the filter string
with the conversation and the direction the user selected from the menu.
svn path=/trunk/; revision=8386
It was very cnfusing where some protocols such as SMB had multiple items all called the same thing. Now one can distinguish between them
svn path=/trunk/; revision=8383
Make the selction of what is endpoint 1 and what is endpoint 2
first check the port (if a port is present it will be !=0) and if
the ports are present set the lowest port as endpoint2.
If the prots are not present or the ports are identical then compare the addresses instead.
The idea is that low port numbers usually refer to server daemons
and this sorting thus usually puts the client as endpoint 1 and the server as endpoint 2.
It is much more intuitive and makes the table much more readable.
svn path=/trunk/; revision=8381
Rename it from Endpoint Talkers to : Conversation List
Change command line arguments to both tethereal and ethereal
to be -z conv,<type>
to reflect the new name Conversations
This is the last time the tethereal cmd line arg is changed. But now it has a
proper intuitive name at least.
io,users was weird
talkers was too close to names used in other tools
svn path=/trunk/; revision=8379
make it know how to build the filter strings, address and port hf_ fields properly so TCP and UDP works and is agnostic on whether ipv4 or ipv6 is used as transport
svn path=/trunk/; revision=8368
Ethereal presents a column to display culmulative bytes into the capture.
A new column type is added : Culmulative Bytes.
While PacketLength column type specifies the number of bytes in the current packet,
Culmulative Bytes specifies the culmulative number of bytes from the start of the capture.
svn path=/trunk/; revision=8359
The code used to rely on min_time==0 to determine whether this was the first
packet or not and whereby we had to initialize min_time to the current value.
This obviously does not work for capture files with poor timestamp resolution
where the response time is actually, according to the capture file, 0
and we got all sorts of weird effects like average response time being less than the minimum response time.
note, the bug only affected the minimum response time in the tables and not max or average response time.
it would "miss" tose minimum response times that were ==0 and display the minumin response time in the capture that were >0
svn path=/trunk/; revision=8358
packets that passed the current display filter, as well as about the
entire capture.
Document the Tools:Summary item in the man page.
Update Gerald's e-mail address.
svn path=/trunk/; revision=8344
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
indicate where they apply, and give tooltips to some of the options.
Disable the "Filter:" button unless we're searching with a display filter.
Use "Frame data" instead of "Hex" for the option to search the raw frame
data, use "Decoded packet" instead of "Decode" for the option to search
the strings in the protocol tree display, and use "Packet summary"
instead of "Summary" for the option to search the Info column in the
packet list display, to make it a bit clearer what's being searched.
svn path=/trunk/; revision=8303
use Export and Import for the buttons in GTK+ 2.x as well;
get rid of a duplicate fclose;
other fixes.
Update the description of color filters in the Ethereal man page to
reflect the change, clean up the formatting (use =item), and add the
global and personal color filters files to the FILES section; refer to
them as "color filters" files rather than "colorfilters" files, as the
FILES section gives the "colorfilters" file name so you don't have to
use that as the name.
Clean up white space.
svn path=/trunk/; revision=8285
hopefully it will now create the filter for the actual conversation
we selected.
add EP1 <-> ANY and EP2 <-> ANY fitlers
svn path=/trunk/; revision=8283
The table now has a popup menu with
Match display filter
Selected
EP1 <-> EP2
EP1 --> EP2
EP1 <-- EP2
EP1 --> ANY
EP1 <-- ANY
EP2 --> ANY
EP2 <-- ANY
Not Selected
...
...
Prepare Display Filter
...
Self explanatory.
Now the bad news.
I set the display filter box in the main window and i call redissect_packet
which redissects the packet list but the displayfilter does not take
or affect the main window until i click the apply button.
Some signal needs to be raised to some object me thinks.
Please feel free to fix it if you know what is missing.
svn path=/trunk/; revision=8279
use to translate addresses to strings - wire that into
"endpoint_talkers_table.c", don't pass the function as an argument to
"init_ett_table()".
svn path=/trunk/; revision=8263
make the "Help" menu the rightmost menu item, as is done in
recent versions of Windows;
Mac OS X;
recent versions of KDE;
recent versions of GNOME;
rather than making it an item on the far right side.
Make the "Protocol" display in the help mention the number of
entries, and give it has 3 columns, starting with the one that
was used to sort this list.
Make the "Display Filters" display mention the number of fields
for each protocol and at the end the total number of fields.
Give it 4 columns, including the 'blurb'.
List all fields with the correct protocol.
svn path=/trunk/; revision=8253
to make it easier to navigate when having multiple instances of ethereal
and io-stat open
at the same time.
Updates to all endpoint talkers and service response time windows to do this as well.
Bonus, when the user opens a new capture file when having these windows open,
the title bar will be updated to reflect the name of the new capture file.
svn path=/trunk/; revision=8251
support for registering fields after all the protocol
registration routines are called (i.e., adding fields to the
named field tree as they're registered);
fix the GTK 2.x version of the field list dialog to show the
correct name.
svn path=/trunk/; revision=8248
Implement conersion from address to string for IPv4 and IPv6
and update the conversation tables to use the new interface.
svn path=/trunk/; revision=8234
Supported types are Ethernet/TokenRing/IP/UDP and TCP.
Will add FibreChannel soon.
The framework for this feature needs to be enhanced in the future so that by selecting one entry and click the right mousebutton, this will bring up a menu with Prepare/Match options with suboptions for AnyDirection, ForwardOnly or ReverseOnly which updates the display filter accordingly.
Had to update some of the taps as well to change them to use a proper address structure for the address fields.
We should now be able to to these stats correctly even for ip tunneled over ip tunnelled over ip ...
svn path=/trunk/; revision=8222
A scrollable GtkCList is used now for both GTK1 and GTK2.
Removed "overall" line from statistics table. It is not useful.
"Response Time Delay" was renamed into "Service Response Time".
Menu Item moved to "Service Response Time" folder.
As Ronnie suggested, the active display filter is now used as
default statistics filter.
svn path=/trunk/; revision=8205
and doesn't have a message-box-type icon.
This might want to be tweaked further, to more closely resemble various
desktop environments' About boxes (although what's appropriate might
depend on the environment).
svn path=/trunk/; revision=8194
SMB/FC/ONC-RPC/DCE-RPC now all use the default tap filter string as the
same filter string as is used in the main window instead of using a default
NULL filter string.
The idea is that if you have applied a certain filter to your main window, it
is likely that if you want to invoke the response time statistics feature you
probably want to do the response time statistics over the same set of packets, i.e. the ones you see in the main window.
svn path=/trunk/; revision=8192
a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
not to include DEL as printable ASCII.
Also change the check in strutil.c to do it by redefining "isprint()",
as is done in "gtk/gtkglobals.h", rather than by #ifdeffing the point at
which the test is done.
svn path=/trunk/; revision=8118
Besides "STRING", there is now "UNPARSED_STRING", where the distinction
is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just
a sequence of characters that the scanner didn't know how to scan/parse,
so it's up to the Ftype to parse it.
This gives us more flexibility and prepares the dfilter parsing engine
for the upcoming addition of the "contains" operator.
In the process of doing this, I also re-did the double-quoted string
support in the scanner, so that instead of the naively-simple support we
used to have, double-quoted strings now can have embedded dobule-quotes,
embedded octal sequences, and embedded hexadecimal sequences:
"\"" embedded double-quote
"\110" embedded octal
"\x48" embedded hex
Enhance the dfilter unit test script to be able to run a single collection
of tests instead of having to run all of them all the time.
svn path=/trunk/; revision=8083
we must check if the event occured in the clist_window (because the x,y
pixel positions of the event are relative to this window), before
calling gtk_clist_get_selection_info()
Fixes debian bug #199763
svn path=/trunk/; revision=8053
- give the focus to the packet_list when a capture file is opened, and
each time we change the selection in the packet list (it seems that
the tree view has the focus if we don't do this) ;
- in set_plist_sel_browse() : it seems that packet_list->selection_mode
is always 0 in GTK2 so we can't use it to determine the current mode.
Use a static variable instead.
This should fix the second part of debian bug #199763
svn path=/trunk/; revision=8045
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
When creating a new CList to display SRT stats, make the DECEND arrow for
the second column be displayed since this is how the table will be sorted
by default
svn path=/trunk/; revision=7908
get the rocedures with the most number of calls at the top.
Fix a bug added in previous checkin.
When the table can be sorted in different ways than just the procedure number sorted in ascending order, the row for a specific procedure may change everytime we drawi/sort the table.
Add code to keep track of which row a procedure is currently positioned at in the list so that we statistics are added to the correct entry.
svn path=/trunk/; revision=7906
can be sorted.
"borrowed" lots of code for this from gtkclist.c
Columns 0,1 sort in ascending order by default
Columns 2-5 sort in ascending order by default
svn path=/trunk/; revision=7905
CList.
As a first conversion to use the helper routines, convert DCERPC SRT statistics to use the new interface.
This prevents some interfaces (SAMR/LSA) that contains a huge number of procedures from creating a huge table that does not fir on the screen.
Later changes to the helpers may be to make the different columns sortable
or to hide those procedures that has not been seen in the capture.
svn path=/trunk/; revision=7903
variables the user configures - the user isn't expected to change
GLIB_CFLAGS or GTK_CFLAGS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate "/I" flags for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7884
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually;
also, make lines as long as possible, as long as they fit in 80 columns).
svn path=/trunk/; revision=7815
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
add support for a system-wide color filter file;
fix a bug where "read_filters()" didn't close the file handle.
Use the "get_datafile_path()" routine he added to construct the pathname
of the Diameter directory, the global preferences file, and the manuf
file.
svn path=/trunk/; revision=7677
Support can be enabled at configure time by using "--with-adns=DIR".
If support is enabled, async queries happen whenever host name resolution
is enabled. Do we need a separate preference for async queries?
Currently, only IPv4 reverse queries are supported. I can add IPv4 forward
lookup support, but I don't have any way to test IPv6 queries.
svn path=/trunk/; revision=7640
"proto_construct_dfilter_string()", to more accurately reflect what it
does.
Give it, and "proto_can_match_selected()", an "epan_dissect_t *"
argument, which replaces the raw data pointer argument to
"proto_construct_dfilter_string()".
For fields that don't have a type we can directly filter on, we don't
support filtering on the field as raw data if:
the "epan_dissect_t *" argument is null;
the data source tvbuff for the field isn't the tvbuff for the
"epan_dissect_t" in question (i.e., it's in the result of a
reassembly, and "frame[N:M]" can't get at it).
Trim the length the raw data in the case of such a field to the length
of the tvbuff for the "epan_dissect_t" in question, so we don't go past
it. Fetch the raw data bytes to match from that tvbuff.
Have "proto_construct_dfilter_string()" return a null pointer if it
can't construct the filter string, and have "protocolinfo_packet()" in
the tap-protocolinfo tap ignore a field if
"proto_construct_dfilter_string()" can't construct a filter string for
it - and have it pass NULL as the "epan_dissect_t *", for now. If
somebody decides it makes sense to dump out a "frame[N:M] =" value for
non-registered fields, it can be changed to pass "edt".
svn path=/trunk/; revision=7635
(at least with GTK+ 1.2[.x]), and make the MGCP statistics routine use
them. The routines use a GtkCList and make it scrollable.
svn path=/trunk/; revision=7586
Filter dialog for the MGCP statistics tap.
Routines for building GUI table displays for statistics taps.
Use the timestats.c routines in the SMB statistics tap.
svn path=/trunk/; revision=7561
pop-up dialogs.
If thee's already one such dialog, and the user asks for another one,
reactivate the old one (so it gets un-minimized if necessary), don't
just raise it.
Put the "Create Stat" button in a box, so it doesn't widen to the full
width of the window, and add a "Cancel" button to dismiss the dialog
box.
Arrange that <ESC> dismisses the dialog box, and that typing <Enter> in
the filter dialog box activates the dialog box.
svn path=/trunk/; revision=7553
referring to a GString containing an error message on failure, and don't
have it print anything on failure.
If it fails, have its Tethereal-tap callers print an error message
before exiting, and have its Ethereal callers pop up a dialog box with
the error (except in cases where the failure is guaranteed not to be the
user's fault, and where we exit, in which case we just print an error
message before we exit). In all cases, the error message includes the
text of the GString.
Fix a scanf format string in the DCE RPC statistics Ethereal tap, so
that it properly skips the comma before the filter string.
Fix some Ethereal error messages not to say "tethereal".
svn path=/trunk/; revision=7542
item.
Convert all Ethereal (GUI) taps to use "register_tap_menu_item()" rather
than having hardcoded menu items in "gtk/menu.c".
svn path=/trunk/; revision=7541
registration routines, for taps with menu items (taps that can be run
from the "Tools->Statistics" menu), create the menu item for the tap.
"make-tapreg-dotc" constructs a "register_all_tap_menus()" function that
calls all the tap menu item registration routines it finds, and Ethereal
calls that routine after the main window has been constructed (so that
the main menu exists, as the menu items are added to it). (Tethereal
doesn't call it.)
Get rid of the "menu" and "menu_init" arguments to
"register_ethereal_tap"; the menu item is registered in the tap's menu
item registration routine, not in its main registration routine.
Have the RTP GUI tap register its menu item that way, rather than by
having it compiled into "gtk/menu.c". (We're not ready yet to have taps
whose menu items are under a submenu register themselves in that
fashion, as "register_tap_menu_item()" can't yet create submenus.)
svn path=/trunk/; revision=7540
taps. (It has to be called after we've created the main menu, but GUI
taps are registered before that so that they can be referred to by
command-line arguments, so that routine will only be usable if we have a
"register menu item" routine for all GUI taps.)
Disable the entire "/Tools/Statistics/MGCP" menu item, not just the
"RTD" item under it, if we don't have an "mgcp" tap.
svn path=/trunk/; revision=7539
Ronnie Sahlberg