can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
files from being #included in epan/packet.c.
Fix the other files that need either "gtk/colors.h" or <gtk/gtk.h> #included
as a result of not pulling in gtk/colors.h automatically because of file.h.
svn path=/trunk/; revision=2519
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478
attempt to read from a capture file is to check whether the error
returned was 0 - if it is, it's an EOF. We no longer guarantee that the
data offset supplied will be negative on an error and 0 on an EOF.
svn path=/trunk/; revision=2445
may be redrawing a packet window that displays a frame other than the
current frame; give it arguments to specify the raw frame data and
"frame_data" structure for the frame.
This requires that each packet window have, associated with it, a
pointer to the "frame_data" structure; that replaces the "cap_len" and
"encoding" fields in a "PacketWinData" structure, as those are just
copies of fields from the frame's "frame_data" structure.
"packet_hex_print()" needn't be passed both the start and length values
from a "field_info" structure - just pass it a pointer to that
structure, or NULL for "no field is selected in the packet". It also
needn't, any longer, be passed the "cap_len" and "flags.encoding" fields
of a "frame_data" structure - just pass it a pointer to that structure.
In "redraw_hex_dump_all()", don't redraw the hex dump pane of the main
window if there is no current frame.
svn path=/trunk/; revision=2404
the text in all "Follow TCP Stream" windows;
the text in the help window if we have one up;
all hex dump windows;
when GUI preference changes are to be applied, so that font changes and
"Follow TCP Stream" color changes show up.
Update both the Roman and bold font when the font is changed.
Don't decrement the reference counts on the old Roman and bold fonts
until that's all done.
svn path=/trunk/; revision=2401
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
capture, clear the per-frame data pointers of all frames in the capture,
as those pointers now refer to data that's been freed.
Do that to all frames even if the user stops the rescan in the middle -
and clear the "visited" flag for all frames as well.
svn path=/trunk/; revision=2361
redissecting the packets due to some preference changing, as the
preference may affect what state information gets constructed as a
result of some particular frame being dissected.
We don't have to do it when filtering the packets, or colorizing them,
however.
svn path=/trunk/; revision=2359
number of replies seen, keep the frame number of the first request seen
for that call and the first reply seen for that call. Use that to
determine whether a request or reply is a duplicate or not.
That means that we don't have to reset the table of RPC calls on a
rescan of the capture (which didn't even fix all the cases where we'd
have misreported the original call or reply as a duplicate due to having
seen it once on the initial pass through the file and once again when,
for example, the user clicked on the packet); doing so causes plenty of
other problems, so don't do that - and don't clear the "visited" flag on
frames on a rescan, either, as that's only done because we were clearing
out conversations and calling all protocols' "init" routines.
As a free bonus, this means that, for a reply, we know what frame the
request was in; put that information into the protocol tree for the
reply, snoop-style.
Make the table of RPC call information, and the routines that manipulate
it, static to "packet-rpc.c"; nobody outside "packet-rpc.c" uses them.
svn path=/trunk/; revision=2358
color of marked frames.
They are currently only available from preferences file,
but I will add the color selection in GUI later.
svn path=/trunk/; revision=2327
the middle mouse button. The marked packets are displayed in
reverse video but this should change in the future (the color
should be configurable via the GUI).
Then, the marked packets can be saved (via the "Save as"
window dialog).
Other features will be added in the future (I am waiting for
your comments and wishes).
svn path=/trunk/; revision=2322
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
file to a user-specified file.
Move the file-copy routine in save_cap_file() to an indepenent
function in file.c (copy_binary_file()) so that follow_dlg.c can use it.
Remove #include "follow.h" from the C files that don't need it.
svn path=/trunk/; revision=2200
When capturing, report errors trying to create the output file
with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
When checking whether an "open()" of a capture file succeeded, check
whether "open()" returns a negative number, not whether it returns 0.
In "wtap_open_offline()", if the file to be opened is a directory,
return EISDIR, not WTAP_ERR_NOT_REGULAR_FILE, so that the error message
can say "that's a directory, not a file".
If "wtap_open_offline()" returns WTAP_ERR_NOT_REGULAR_FILE, don't just
say the file is "invalid", say it's a "special file" or socket or some
other weird type of file.
svn path=/trunk/; revision=2144
to use "warning" dialog boxes only to warn the user "if you do that, bad
things may happen" *and* to offer them the option either to drive on or
quit, so perhaps ESD_TYPE_CRIT should be used for all errors).
However, put "Ethereal: Error" rather than "Ethereal: Critical" in the
title bar, in the hopes that it'll make it clearer that Something Bad
Happened.
If the user specifies that captures should be saved to a user-specified
file rather than a temporary file, report errors trying to create that
file with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
svn path=/trunk/; revision=2143
long time on a large capture.
If the user is changing the setting of "Display TOS as DiffServ" *and*
the time stamp format, don't bother doing the time display update -
we'll regenerate the entire display anyway because we changed the
setting of "Display TOS as DiffServ".
svn path=/trunk/; revision=2130
a word to use in the progress dialog, and a flag indicating whether the
display filter is to be reevaluated or not, and:
have "colorize_packet()" call that routine with "Colorizing" and
FALSE as those arguments;
have the filtering code call that routine with "Filtering" and
TRUE as those arguments;
add an exported routine to call that routine with "Reprocessing"
and TRUE as those arguments, to use to re-generate the packet
list and to re-filter the packets if a protocol preference has
been changed.
Keep track of whether preferences are changed from their initial value
by a preferences file or a command-line option, or from their previous
value by the "Preferences" dialog box; have "prefs_apply_all()" only
call the "apply" callback for a module if they have.
Call "prefs_apply_all()" after the command-line arguments have been
parsed and after "OK" has been clicked in the "Preferences" dialog box,
to notify modules of preference changes if they've registered a callback
for that.
After "OK" has been clicked in the "Preferences" dialog box, if any
preferences have changed, call the reprocessing routine, as the summary
line for some frames and/or the current display filter's value when
applied to some frames may have changed as a result of a preference
change. Do the same after "OK" or "Apply" has been clicked in the
"Display Options" dialog box (as it controls a protocol preferences
item.
svn path=/trunk/; revision=2126
TRUE, meaning "don't delete this", and if its "stop this operation"
button gets clicked, don't have its handler delete the progress dialog;
instead, leave the deletion of the window up to the code using the
dialog, as it'll do so when it stops the operation.
Make the "read file" operation destroy the dialog; all the other
operations already did so (as they just broke out of the loop doing the
operation, rather than returning).
Don't catch the "destroy" operation on the dialog box - its handler
appeared never to get called; we can just free the "progdlg_t" for the
dialog in "destroy_progress_dlg()", right after destroying the dialog
box widget.
svn path=/trunk/; revision=2122
dialog box; that lets us do some type-checking, but we can still typedef
it to an incompletely-defined structure to hide the implementation
details from the caller.
Make "create_progress_dlg()" take, as an argument, the title to put in
the "stop the operation" button, and use "Stop" rather than "Cancel" if
stopping the operation doesn't undo all the work it's done.
Thaw the clist if we break out of a "read the file" operation, as we
freeze it before the operation.
Have the handler for the "delete" event on the progress dialog box
return FALSE, to let GTK+ know that it should, in fact, delete the
window. ("delete" event handlers should return TRUE if the window
shouldn't actually be deleted, FALSE if it should; they should not
return "void".)
svn path=/trunk/; revision=2120
reading a capture file, we should just clean up and return so that
Ethereal continues running with no capture file loaded, unless the read
is being done as a result of Ethereal being run with the "-r" flag, in
which case we still exit (although we may eventually choose to continue
running with no capture file loaded even in that case).
svn path=/trunk/; revision=2104
potentially long-running operation that has a progress indicator, pop up
a modal dialog box with
an indication of what is being done;
a progress bar;
a "Cancel" button to stop the operation.
This:
leaves more room on the status line for a filter expression;
provides a mechanism to allow the user to cancel long-running
operations (although the way we do so may not back out of them
as nicely as the user might like, if it's not obvious what the
"right" way is or if the "right" way is difficult to implement
or involves doing as much work as letting the operation
continue);
means that, because the dialog box is modal, we don't have to
worry about the user performing arbitrary UI operations out from
under the operation and changing arbitrary bits of state being
used by that operation.
svn path=/trunk/; revision=2103
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
doing something that requires that the text for protocol tree entries be
generated, i.e.
1) initialize it to FALSE;
2) have every routine that sets it clear it when it's done;
3) when printing packets, set it to TRUE only if we're not just
printing packet summary lines;
and then get rid of settings to FALSE made unnecessary as a result of
those changes.
This makes sure it's not set when it doesn't have to be (which causes
the protocol tree code to format the text when it doesn't have to,
wasting CPU time).
svn path=/trunk/; revision=1973
selected before we started re-colorizing or re-filtering the display, as
when the first row is added to the clist, that may be selected and thus
made the current frame.
This means that we can't find the row corresponding to the
previously-selected frame, if any, by checking as each packet is
colorized/filtered and see whether its "frame_data" structure is equal
to "cf->current_frame", as that'll always say that the first frame in
the display is the selected frame.
Instead, we recored the value of "cf->current_frame" before we do
anything to the clist, have "add_packet_to_packet_list()" return either
the row number of the frame (if it passed the filter and thus was added
to the clist) or -1 (if it didn't pass the filter and thus wasn't added
to the clist), and, after "add_packet_to_packet_list()", if the current
frame is the one that was the selected row, remember its row number (if
any), and, when we're finished colorizing/filtering the display, make
that row the current row if it's not -1 (-1 means that the selected row
didn't pass the filter).
Also, don't do that until after we've thawed the clist, as the vertical
adjustment for the clist doesn't reflect reality until then, and
attempting to go to a given row won't work right until the vertical
adjustment for the clist reflects reality.
Shove all the code to set the selected and focus rows, and to make said
row visible, into a routine, so the "Find Frame" and "Go To Frame" code
can use it as well.
svn path=/trunk/; revision=1959
but will be in the future, and it's easier for me to keep my local branch
in sync with the source with the calls to dfilter_apply() already modified
tothe 4-arg format.
Add a CPP macro to ipv4.h to define ipv4_addr_ne(). Use it in dfilter.c
svn path=/trunk/; revision=1854
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
svn path=/trunk/; revision=1850
shouldn't stop the search as soon as we get back to the starting frame,
we should stop the search if the filter expression doesn't match and the
frame we tried it on was the starting frame - it's OK if we find the
starting frame, it's just not OK to continue if we don't find that
frame.
svn path=/trunk/; revision=1815
reduces the memory required for one big capture file I have by about 10
megabytes, and speeds up the reading in of that file, presumably because
it amortizes the memory-allocator space and CPU time overhead over
a set of several "frame_data" structures.
svn path=/trunk/; revision=1776
enabled. The counter is incremented in enable_plugin() and decremented
in disable_plugin().
In add_packet_to_packet_list(), we check this counter (instead of
plugin_list) to see if there is at least one enabled plugin. If this is
the case, we must build the protocol tree.
svn path=/trunk/; revision=1770
On Win32, always save a temporary capture file by copying -
Win32 systems don't allow you to rename a file that is open, and
we have the temporary file open.
When saving by copying the raw bytes of a capture file, create
the target file with "open()", using the O_BINARY flag, rather
than with "creat()"; on Win32 systems, "creat()" apparently
opens the file as a text file rather than a binary file.
svn path=/trunk/; revision=1757
to the raw packet data, don't use "cf->pd" - "cf->pd" doesn't contain
the packet data when the file is being read in, it only contains it when
we're re-reading packets.
svn path=/trunk/; revision=1728
the row for that frame, and using that to get the frame for the selected
row in "select_packet()", revives the crash caused by the GtkCList
selecting the first row added to the list as it's added, i.e. before we
get a chance to set the data for that row, in this case.
Introduce a workaround for this instance of that crash.
svn path=/trunk/; revision=1711
which means we're already doing a "do something to the last row in the
packet list" operation on every frame we add to the list, so adding a
call to "gtk_clist_set_row_data()" won't make matters worse.
In addition, we already set one column in a row on a "change time
format" operation, so finding the row for a frame by calling
"gtk_clist_find_row_from_data()" doesn't turn a constant-time operation
into a linear-time operation, it just cranks the proportionality
constant up - it was quadratic before, alas, and it's still quadratic.
Adding calls to "gtk_clist_find_row_from_data()" to the "Find Frame" and
"Go To Frame" code does add an extra linear operation there, but those
operations shouldn't be common - and "Go To Frame", going to the last
frame on an ~100,000-frame big capture file, was quick, at least on my
450 MHz Pentium II machine, so maybe it won't be too bad.
And "select_packet()" either has to search the frame table for the frame
with the specified row number, or has to call "gtk_clist_get_row_data()"
to do that - the first is linear in the position of the frame in the
frame table, and the latter is linear in its position in the CList, and
the latter is less than or equal to the former, so the only thing making
it worse would be a change in the proportionality constant.
So it probably won't hurt performance by much.
Furthermore, if we add the ability to sort the display on an arbitrary
column, or to delete frames from the display - both of which are in the
wish list - storing the row number of the frame in the "frame_data"
structure won't necessarily work, as the row number can change out from
under us.
Therefore, reinstate the old way of doing things, where we associate
with each row a pointer to the "frame_data" structure for the row, using
"gtk_clist_set_row_data()".
svn path=/trunk/; revision=1703
routine to be called every time a new capture file is opened instead of
calling it in read_cap_file() and do_capture().
svn path=/trunk/; revision=1651
capture file for an unsupported link-layer encapsulation type (as the
nettl reader does), and report it correctly if it occurs on an open or
read attempt rather than a save attempt.
svn path=/trunk/; revision=1647
This function is used to re-initialize the hash table used by the X.25
dissector to record the upper layer protocol used by each VC. The hash
table should be re-initialized each time we read / start a new capture.
I moved the definition of the function from packet.h to packet-x25.h, and
added calls to reinit_x25_hashtable() in read_cap_file (file.c) and
do_capture (capture.c).
svn path=/trunk/; revision=1644
packets and doesn't change the capture file format, i.e. that's done by
a raw copy, read the file in binary. (XXX - does "creat()", on Win32,
open the file in ASCII or binary mode? If ASCII, we may have to use
open(fname, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY, 0644)
rather than
creat(fname, 0644)
so that the output file is written in binary as well.)
svn path=/trunk/; revision=1599
pointer to the name of the file to which it refers (i.e., to the last
component of the pathname) in a "get_basename()" routine, and have the
code in "file.c" call it.
svn path=/trunk/; revision=1552
packets displayed", not just "if there aren't any packets" - there may
be packets but no displayed packets if the display filter didn't find
any packets.
NULL out the pointers to the first and last displayed packet when
closing a capture file.
svn path=/trunk/; revision=1548
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.
It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads. I'm not linking in zlib or
libsnmp because it first needs to be debugged.
I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.
svn path=/trunk/; revision=1479
file, not when filtering or colorizing packets - filtering shouldn't
change the frame number of a frame (yes, this means that a filtered
display won't necessarily have packets numbered contiguously 1 through N
- that's a feature).
svn path=/trunk/; revision=1456
into "gtk/column_prefs.c".
Get rid of "get_column_width()" - instead, export
"get_column_longest_string()", and have "get_column_width()"'s callers
make the GDK call to get the width of that string, so that "column.c"
contains no GTK+/GDK code.
svn path=/trunk/; revision=1447
will just give it the value it's always had, as packets are counted
regardless of whether they pass the filter or not (which is what we
want).
Given that, so there's no need for a separate "cf->unfiltered_count"
value, so get rid of it and use "cf->count" instead.
svn path=/trunk/; revision=1441
number to 0, so that "select_packet()" will find it if a "select-row"
signal is emitted when it's added.
(The previous workaround for this problem worked when initially
constructing the list of all frames, but not when reconstructing the
list of displayed frames when filtering packets, as, in the latter case,
there could be more than one frame in the list of all frames, so we
couldn't just say "pick the one and only frame in the list". The row
number is set to the correct value after the frame is added to the list
of displayed frames and we know the row number it was given.)
svn path=/trunk/; revision=1416
of routines to enable and disable various sets of menu items; call only
those routines, not routines to enable or disable particular menu items,
from files in the top-level directory, as other UIs may not refer to
menu items with path strings of the sort used in GTK+, and as this
buries knowledge of the menu items available in "gtk/menu.c" rather than
requiring stuff outside of "gtk/menu.c" to know what menu items exist.
svn path=/trunk/; revision=1410
GTK_SELECTION_BROWSE mode - that mode apparently always arranges that
there is (in a non-empty GtkCList) one row selected, which means that
when the first row is added, it selects it.
Unfortunately, that causes a "select-row" signal to be emitted, which
causes "select_packet()" to be called - but we haven't yet set "fd->row"
for the frame we're adding, so "select_packet()" can't find the frame
for the row being selected, and it aborts.
This causes a core dump when the first packet arrives during an "Update
list of packets in real time" capture.
For now, we handle this by, if we don't find the frame with the given
row number, checking that there's exactly one frame in our list of
frames and, if so, saying that frame is the frame for which we're
looking.
svn path=/trunk/; revision=1409
I did this:
First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.
Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.
I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.
svn path=/trunk/; revision=1393
"file.c" to "packet.c"; it's not really related to file access (or to
manipulating the packet list as a whole, which much of the stuff in
"file.c" is really for), but is more related to analyzing packets, and
moving it to "packet.c" lets me build an experimental "line-mode" flavor
of Ethereal (based on Gilbert's "tethereal" experiment) - "line-mode"
means "like tcpdump or snoop" - without having to drag in "file.c" and a
pile of GUI stuff.
svn path=/trunk/; revision=1388
"Colorize Display" dialog box is created, and let it be destoryed when
that dialog box is destroyed.
When moving color filters up or down, update the (order of the elements
in the) list of color filters, as well as the CList that displays them.
If we have a "Colorize Display" dialog box open, and the user selects
"Display:Colorize Display", raise the existing window, rather than
creating a new window. (Alas, GTK+ doesn't have a call to request that
the window be given the input focus, so we can't do that as well.)
Fix up some names to be more consistent and to better reflect what the
variables/routines are for.
svn path=/trunk/; revision=1361
color filters check whether it's null to decide if there are any color
filters to apply.
Make "color_filter()" act on that list - there really aren't multiple
lists of color filters, there's only one list ("read_filters()" and
"write_filters()" acts only on one global list - and always has, as they
handled only one file).
svn path=/trunk/; revision=1359
into "gtk/ui_util.c", and move the declarations of those UI utilities
out of "util.h" into "ui_util.h". (The header file is in the top-level
directory, rather than the "gtk" directory, because it declares
window-system-independent interfaces to routines with
window-system-dependent implementations.)
Add to "gtk/ui_util.c" a routine to set the window and icon title.
Use that routine to make the title of an Ethereal top-level window be
{filename} - Ethereal
if there's a capture open, and have "{filename}" be "<capture>" if it's
a temporary capture file.
svn path=/trunk/; revision=1255
WTAP_ENCAP_PER_PACKET, if there's more than one type of packet in the
file, or could be WTAP_ENCAP_UNKNOWN, if the file is of a type that
doesn't put an encapsulation type in the file header, and it has no
packets), we just need to call "wtap_file_encap()" when we're done
reading the file.
svn path=/trunk/; revision=1205
*" as an argument, there's no need to save the file type string in a
"capture_file" structure - we save the file type, and can use that when
generating the summary display.
svn path=/trunk/; revision=1202
"wtap_file_type_string()" take, as its argument, a file type, rather
than a "wtap *".
Fix some range checks of file types to check against WTAP_NUM_FILE_TYPES
rather than WTAP_NUM_ENCAP_TYPES.
svn path=/trunk/; revision=1201
if a "File:Save" or "File:Save As" fails - the message box it pops up
when that happens tells you that, it didn't do so before the change to
add the ability to save only the packets currently being displayed, and
putting that message in the status bar hides the normal message telling
you what the current file is (and it's still the current file, if the
save failed).
svn path=/trunk/; revision=1171
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
"capture_file" - when handed a "capture_file *", it only cared about the
"colors" entry. The only time it cares about a "capture_file" is when
it's actually filtering the packets, as it needs to hand the
"capture_file *" to "colorize_packets()".
Make the stuff exported by "colors.c" in "colors.h" take "colfilter *"
arguments (or return a "colfilter *" to be stuffed into a
"capture_file").
svn path=/trunk/; revision=1162
"capture.c", along with the other code that deals with the sync pipe.
Close the sync pipe, and get rid of the temporary capture file, on
errors.
Split "tail_cap_file()" into routines to set up to read from the capture
file, to read a specified number of packets from it when told to do so
by the child process, and to read the rest of the capture file and
finish up the capture, to provide the code in "capture.c" the hooks it
needs.
Have a common routine to set the status bar to report the file name and
number of dropped packets, to use both when reading in a capture file in
its entirety all at once and when done with a "read it while the capture
is writing to it" live capture.
svn path=/trunk/; revision=1137
regardless of whether we were displaying it in real time or not; if we
were displaying it in real time, activate "File/Save", rather than
"File/Save As", when it finishes.
svn path=/trunk/; revision=1135
of SNA in a packet changes the character encoding from the default ASCII
to EBCDIC.
The hex-printing routines in the GUI code and in the printing code convert
to EBCDIC if appropriate.
svn path=/trunk/; revision=1089
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
svn path=/trunk/; revision=1070
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
svn path=/trunk/; revision=982
line of ISDN routers. Much like the ascend reader, this module reads an
ASCII hex dump of trace data.
Rearranged the order in which wiretap tries trace files, to keep the
ASCII-readers (ascend and toshiba) at the end, and put the binary-readers
(everything else) at the front of the list. If a telnet session of
and ascend trace or toshiba trace were captured near the beginning of
another trace, wiretap might think the trace was ascend or toshiba if it
tried that module first.
Fixed the way wtap_seek_read() selects functions to call. It was using
the encap type instead of the file type. We got lucky because
WTAP_ENCAP_ASCEND == WTAP_FILE_ASCEND
svn path=/trunk/; revision=952
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
return the pointer to the compiled filter through a pointer argument.
Have it check whether the filter is a null filter and, if so, free up
the filter and supply a filter pointer, rather than obliging its callers
to check whether the filter actually has any code. (Well, they may want
to check if the filter is null, so that they don't save a pointer to the
filter text, e.g. so that the display filter displays as "none" rather
than as a blank string in the summary box.)
In the process, fix the check in "gtk/file_dlg.c" that tests whether the
read filter compiled successfully.
svn path=/trunk/; revision=812
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
svn path=/trunk/; revision=803
Also added first pass of state keeping. I am using glib's hash
functions.
Modelled after packet-ncp.c.
We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...
I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.
svn path=/trunk/; revision=798
in the color selection wheel.
Added his patch to file.c to look for bogus frame_data pointers, but made
it a g_assert().
Modified my previous patch to colors.c to skip bad color display filters.
I skipped them, but they still appeared in the color dialogue. Now bad
filtes are not put into the color filter list, so they don't appear in
the color dialogue. As a [good] side-effect, the next time you save
your color filter list, the bad filters are removed from the colorfilters
file.
svn path=/trunk/; revision=768
exit, so that it doesn't hang around as an unreaped zombie until the
parent exits, and, if it stopped or terminated due to a signal, report
that in a message box.
svn path=/trunk/; revision=741
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).
If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.
Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".
svn path=/trunk/; revision=736
than the size of the reads we do, so that we have an extra byte at the
end into which we can stick a '\0' to guarantee null-termination of the
buffer.
When reading the capture file in "tail_cap_file()", use "file_open()"
rather than "fopen()", so that we work correctly if we're using "zlib"
to read capture files.
svn path=/trunk/; revision=707
bounce bar for compressed file support). Note that the progress bar may
not grow smoothly for compressed files, but it should be reasonably accurate
for files which are large enough to matter.
svn path=/trunk/; revision=701
gzip. The zLib library is used for this purpose. If zLib is not available
(or it's use is disabled by the --disable-zlib option to configure), you
can still compile Ethereal but it will be unable to read compressed capture
files.
IMPORTANT:
Now all file accesses to capture files should be done through special macros.
Specifically, for any use of the following functions on capture files, replace them.
The arguments for the right-side functions are exactly the same as for the
original stdio functions.
fopen file_open
fdopen filed_open
fread file_read
fwrite file_write
fseek file_seek
fclose file_close
ferror file_error
svn path=/trunk/; revision=695
the "File/Print" dialog box; "Expand all levels" means that all levels
of the protocol tree should be printed, while "Print as displayed" means
that only those levels shown in the display should be printed.
Free the table of column widths once printing is done.
svn path=/trunk/; revision=671
prints the protocol tree, and summary prints the fields in the summary
clist, with a header line at the beginning of the printout.
Print only packets selected by the current packet filter.
Just have "ARP" and "RARP" in the "Protocol" field for ARP packets;
whether it's a request or a reply can be seen in the "Info" field.
Add to the "Frame" section of the protocol tree the time between the
current packet and the previous displayed packet, and the packet number.
Have FT_RELATIVE_TIME fields be a "struct timeval", and display them as
seconds and fractional seconds (we didn't have any fields of that type,
and that type of time fits the delta time above).
Add an FT_DOUBLE field type (although we don't yet have anything using
it).
svn path=/trunk/; revision=666
family has a set of debug commands that allow you to log the traffic on a
WAN or dialup connection as text, e.g.
RECV-iguana:241:(task: B04E12C0, time: 1975358.50) 15 octets @ 8003D634
[0000]: FF 03 00 3D C0 06 C9 96 2D 04 C1 72 00 05 B8
Created wtap_seek_read() which parses the textual data for and Ascend
trace, and does a normal fseek() and fread() for any other file type.
The fseek()/fread() pairs in file.c were replaced with the new function.
svn path=/trunk/; revision=652
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).
Include <time.h> in "file.c", to declare "struct tm".
Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".
svn path=/trunk/; revision=549
code supplied by a Wiretap routine (whether a positive UNIX "errno" code
or a negative Wiretap error code), and returns an error message
corresponding to it.
Use that to construct the message Ethereal put up in a message box for
those errors for which we don't have Ethereal put up a message of its
choice.
svn path=/trunk/; revision=545
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).
svn path=/trunk/; revision=530
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
want to read the next file with the same filter that you used on the
last file.
In the "File/Open" dialog box, parse the read filter before trying to
open the file, and if the parse fails, leave the dialog box up so the
user still has the filter and file name around and can try to fix the
problem.
Keep the compiled read filter attached to the "capture_file" structure,
so you don't have to reparse it on a "File/Reload".
svn path=/trunk/; revision=497
selecting a field from more than one protocol tree. It turns out that
gtktree.c doesn't clear the tree-item selection list when you use
gtk_tree_clear_items() (which calls gtk_tree_remove_items() ). So the next
time a tree item is selected in a new protocol tree (which is our old
protocol tree, with everything removed, and new things added), gtk_tree
tries to _deselect_ our old selection. But that tree-item which is trying
to be deselected is long gone, resulting in the assert because widget == NULL.
A function needs to be added to gtk_tree to deselect the tree-item selection
for us. (or we need to go through the hassle of creating a new gtk_tree
instead of recycling tree_view over and over).
I stole some code from another section of gtktree.c which lets us clear
the selection in clear_tree_and_hex_views().
Also, I modified the argument to gtk_tree_set_view_mode. We were using
"TRUE", when really we should have used a member of the GtkTreeViewMode
enumeration, namely GTK_TREE_VIEW_ITEM ( which is 1, which is TRUE :-)
svn path=/trunk/; revision=496
reason for the failure, and have it do the checks to make sure the file
being opened is a plain file or a pipe.
Have "open_cap_file()" make use of that.
Don't automatically set "last_open_dir" if a "-r" flag was specified on
the command line - do so only if the file in question could actually be
opened.
svn path=/trunk/; revision=495
it's called after "open_cap_file()" has been called, and is always
passed the file name passed to "open_cap_file()", and that file name is
stored as "cf->filename", so "read_cap_file()" can just use
"cf->filename" as the pathname of the file.
svn path=/trunk/; revision=494
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
handle a display with a display filter.
(Also, don't have it recompute the time stamps - they were computed when
the packet was added to the packet list in the first place.)
svn path=/trunk/; revision=485
use "check_col()", otherwise "check_col()" always fails, and the time
column never gets changed. (How did I manage to break that?)
svn path=/trunk/; revision=483
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.
svn path=/trunk/; revision=480
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag). Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.
When reading a temporary capture file after a live capture, don't apply
any filter.
Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.
Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.
svn path=/trunk/; revision=460
N^2 in the ultimate size of the list (as "g_list_append()" is linear in
the size of the list, at least when used in the way the GLib
documentation says to use it); instead, maintain our own linked list of
"frame_data" structures for all packets read, including a pointer to the
last element.
"gtk_clist_set_row_data()" is linear in the row number, so if it's used
to attach a pointer to the "frame_data" structure for a packet to the
packet list GtkClist row for each packet, that's also N^2 in the number
of packets in that packet list; instead, store the row number in the
"frame_data" structure, and find the packet for a given row by scanning
the list for it (we were already scanning the list linearly to find that
packet's index in the list of all packets; that's only done when a
packet's selected, so it's not *too* bad, but it might be nice to avoid
having to do that scan).
svn path=/trunk/; revision=457
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.
svn path=/trunk/; revision=454
try as I might, I couldn't get gtk_timeout_add to work. I read all the docs,
but no luck. So for now I call dfilter_progress_cb for every 20 packets
that are filtered. I'd rather have *something* for the next Ethereal
release than nothing.
I also modified file_progress_cb to use it's local copy of cf rather
than the global copy.
svn path=/trunk/; revision=447
double-click on a packet, it'll select that packet without necessarily
first un-selecting it (this may be a GTK+ 1.0[.x] vs. GTK+ 1.2[.x]
difference; Jeff Jahr said he first saw it when going from Ethereal
0.6.3 to 0.7.0 and going from GTK+ 1.0[.x] to GTK+ 1.2.3, but I saw it
on 0.6.3 with GTK+ 1.2.3 as well).
svn path=/trunk/; revision=441
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
COL_INFO columns resize automatically even during a live
capture;
columns showing network addresses never resize automatically;
other columns resize only when a capture is done;
and make all columns resizeable by hand (once they've resized, for
auto-resizeable columns).
svn path=/trunk/; revision=394
"capture_file" structure, make a "select_packet()" routine to parallel
"unselect_packet()", and have "unselect_packet()" free the protocol tree
that the "protocol_tree" member of the "capture_file" passed to it
points to.
It should now be impossible to do a "Print Packet" operation if no
packet has been selected, so remove the check for that (we'll probably
just blow up if it happens; if it does, that means we probably forgot to
gray out "/File/Print Packet" somewhere, so we should fix that).
svn path=/trunk/; revision=385
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
think I may have to worry about page boundaries and the like - so, for
now, we make the "File/Print..." stuff print only as text. ("Print
Packet" can still print PostScript, as always.)
We clean up a few text vs. PostScript things for printing multiple
frames, but it's still not ready for prime time.
svn path=/trunk/; revision=383
capture to a file or printer. This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.
Get rid of "cur" member of "capture_file" structure; nobody used it.
There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"
button.
Put the declaration of "prefs" into "prefs.h".
svn path=/trunk/; revision=378
that's set whenever we encounter an EOF; if that flag is set, all
subsequent reads return an EOF indication. I.e., end-of-file is sticky.
This means that the stuff to continue reading a capture file, if we're
updating the display as the capture progresses, doesn't work - it gets
stuck at the point where the first read finished.
To clear that flag, we must do an "fseek()"; we do one that doesn't move
the seek pointer.
When updating the display as a capture progresses, do
"init_col_widths()" only when we first open the capture file; there's no
need to do it every time we read from the file - the column widths never
get smaller, they can only get bigger or stay the same.
svn path=/trunk/; revision=370
display filter code, which uses features in GLIB-1.2.x), I removed
the vestigial code supporting old 1.0.x and 1.1.x GTK+ versions.
svn path=/trunk/; revision=360
but does not link. Perhaps someone who understands the MS tools can help
out. I made it link a few months ago, but with different version of glib/gtk+.
I can't remember how I made it link.
Most of the compatibility issues were resolved with adding
#ifdef HAVE_UNISTD_H the the source code. Please be sure to add this to all
future code.
svn path=/trunk/; revision=359
apply the filter (if it isn't invalid).
Apply the filter by clearing the Clist that shows packet summary lines
and scanning through the list of all packets and adding to the Clist
those that match the filter.
Get rid of "if (dfilter_proto_tree)" test in "load_cap_file()";
"dfilter_proto_tree" is always FALSE, and all the test does is keep us
from doing a "gtk_clist_freeze()" of the packet list, and we don't want
to do that (we don't want the packet to be updated until we're done
reading in the file).
Get rid of "dfilter_proto_tree", as it's no longer used.
Move the test that checks whether the display filter matches the current
packet to "add_packet_to_packet_list()"; this allows us to run
"dissect_packet()" only once - if we have a display filter, we generate
the summary info *and* the protocol tree in the same call, using the
summary info to make the packet list item and the protocol tree when
checking the display filter.
In "dfilter_compile()", destroy "*p_dfcode" if it's not NULL, so we
don't leak memory.
svn path=/trunk/; revision=355
doesn't link with libpcap, so no packet captures can be made. The
"--disable-pcap" option has been added to the configure script. Docs
have been updated. And the string buffer size in the simple_dialog()
has been doubled so that Johan's e-mail address in the "About" dialogue
window doesn't get chopped off.
svn path=/trunk/; revision=351
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
NetMon statistic packets for now. We might fix that problem with wiretap,
either filtering out those packets, and/or providing the summary
information through a new wiretap API.
svn path=/trunk/; revision=326
changed by updating those columns showing the time in the
"command-line-specified" format, not by redoing the entire packet list
display; that way, the display continues to show the same packets and
any packet the user selected remains selected. (It's also less work to
do that - you don't have to re-dissect the packet.)
Turn "redisplay_packets()" into "filter_packets()", and do some other
cleanups.
svn path=/trunk/; revision=325
"gtk_toggle_button_set_active()" to set the state of radio buttions;
"gtk_toggle_button_set_active()" doesn't exist in GTK+ 1.0[.x], and
"gtk_toggle_button_set_state()" is an alias for it in GTK+ 1.2[.x].
Compute the column widths in the summary display based on the longest
string in the column; recompute it whenever we update the columns.
svn path=/trunk/; revision=319
is the same as "Tools/Capture", and "Display" has an "Options" item,
which pops up a dialog box to let you change the "default" time-stamp
column display format on the fly (the "default" is what the "-t"
command-line option sets), and have the display change when you do that.
Made infrastructure changes to make the immediate display update work.
Removed some unused functions, declared some functions used only in the
file in which they're defined "static", and removed some unnecessary
#includes.
svn path=/trunk/; revision=317
(standard convention in many GUIs).
Make "Save as" be "Save As", and make "A" be the menu mnemonic for it in
the "File" menu, with GTK 1.2.
svn path=/trunk/; revision=315
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
a random name chosen by tempnam(), unknown to the user. If the user decides to save that
trace, he then uses File | Save to save it to a file. File | Save As lets him make a copy
of his named trace file as well. I also updated my e-mail address in the various credit
locations.
svn path=/trunk/; revision=242
reference the protocol tree with struct proto_tree and struct proto_item
objects. That way, the packet decoding source code file can be used with
non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged
some of the information in packet.h to more appropriate places (like other
packet-*.[ch] files).
svn path=/trunk/; revision=223
NCP is still not decoded much, but the infrastructure for doing so is now in
place, including a hashtable to record the NCP type of each request so that we
now how to parse the response.
svn path=/trunk/; revision=215
filename as the parameter. So far all the filetypes that wiretap can read
can be inferred from the first few bytes of the file, so we never
have to give wiretap a hint as to the file type.
svn path=/trunk/; revision=173
This necessitated a change in ethereal because iptrace supports multi-NIC
packet capturing, including multi-datalink-type capturing.
svn path=/trunk/; revision=145
Tests for GTK versions are done during compilation, not during "./configure".
The big problems have been taken care of in this patch (functional change
in the packet clist and conversion of menu_factory to item_factory), but
plenty of smaller problems with dialogue boxes abound. I have fixed
a small problem with file_open*(), but have left 2 comments in just in case
I'm not going about this the right way. Can someone verify?
svn path=/trunk/; revision=127
That requires that, in the packet-reading loop, we pass to the callback
routine the offset in the file of a packet's data, because we can no
longer compute that offset by subtracting the size of the captured
packet data from the offset in the file after the data was read -
"snoop" may stick padding in after the packet data to align packet
headers on 4-byte boundaries.
Doing that required that we arrange that we do that for "libpcap"
capture files as well; the cleanest way to do that was to write our own
code for reading "libpcap" capture files, rather than using the
"libpcap" code to do it.
Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c",
as they're not used elsewhere.
If we're using wiretap, don't define in "file.h" stuff used only when
we're not using wiretap.
Update the wiretap README to reflect Gilbert's and my recent changes.
Clean up some memory leaks in "wiretap/lanalyzer.c" and
"wiretap/ngsniffer.c", where the capture-file-format-specific data
wasn't freed if the open failed.
svn path=/trunk/; revision=91
because it is still in its infancy, but it can be compiled in optionally.
The library exists in its own subdirectory ethereal/wiretap. This patch also
edits all the packet-*.c files to remove the #include <pcap.h> line which is
unnecessary in these files. In the ethereal code, file.c is the most heavily
modified with #ifdef WITH_WIRETAP lines for the optional library.
svn path=/trunk/; revision=82
1) renaming "snprintf.h" to "snprintf-imp.h" (it contains stuff
used by the "snprintf()" *implementation*, but not stuff it
*exports*);
2) creating a new "snprintf.h" to declare "vsnprintf()" and
"snprintf()";
3) removing an unused variable;
4) fixing a call to "add_item_to_tree()" to handle the
possibility of "ntohl()" returning a "long" rather than an
"int".
svn path=/trunk/; revision=47
- Separated display and capture filters; rearranged some of the look and feel
- Lots of other miscellaneous fixes and updates
svn path=/trunk/; revision=38
generalizes the column printing code, adds a "frame" tree item to
the tree view, and fixes a bunch of miscellaneous coding bugs.
svn path=/trunk/; revision=31