Besides "STRING", there is now "UNPARSED_STRING", where the distinction
is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just
a sequence of characters that the scanner didn't know how to scan/parse,
so it's up to the Ftype to parse it.
This gives us more flexibility and prepares the dfilter parsing engine
for the upcoming addition of the "contains" operator.
In the process of doing this, I also re-did the double-quoted string
support in the scanner, so that instead of the naively-simple support we
used to have, double-quoted strings now can have embedded dobule-quotes,
embedded octal sequences, and embedded hexadecimal sequences:
"\"" embedded double-quote
"\110" embedded octal
"\x48" embedded hex
Enhance the dfilter unit test script to be able to run a single collection
of tests instead of having to run all of them all the time.
svn path=/trunk/; revision=8083
connection to check for addresses and ports at the same time, rather
then checking the source addresses, destination addresses, and ports
separately, as the latter doesn't handle A:X->B:Y and B:X->A:Y both
being active connections.
svn path=/trunk/; revision=7966
itself, so we leaked memory when freeing the interface list; in
"free_interface_list()", use "g_list_foreach()", calling a list free
routine, to free the data items in the list, and then use
"g_list_free()" to free the list.
Use "free_interface_list()" in "get_interface_list()" to free the list
if we have an error, as it now does what the code that use to be there
did.
svn path=/trunk/; revision=7965
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
CList.
As a first conversion to use the helper routines, convert DCERPC SRT statistics to use the new interface.
This prevents some interfaces (SAMR/LSA) that contains a huge number of procedures from creating a huge table that does not fir on the screen.
Later changes to the helpers may be to make the different columns sortable
or to hide those procedures that has not been seen in the capture.
svn path=/trunk/; revision=7903
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
value for DLT_PFLOG, and that goes along with a change to the link-layer
header for DLT_PFLOG - support both the old and new values and format.
svn path=/trunk/; revision=7676
Following fixes for nettl (HP-UX):
1) Fixed 11.X timestamp issue
there is no difference in 10.X/11.X timestamps, so no
need to shift 11.X timestamps
2) Fixed NS_LS_DRIVER trace record handling
now works rather than throwing "...network type that
Ethereal doesn't support" error
3) Fixed handling of traces with sliced packets (nettl -m xx)
now uses correct packet and capture lengths
4) Additional ethernet card support
now handles btlan[1,3-6],gelan,igelan,intl100 driver
trace records
svn path=/trunk/; revision=7642
- added option -m to set maximum packet length
- added option -T to generate TCP headers
- UDP headers now have a correct checksum
- default capture timestamp is current time, usec field counts packets
- UDP and TCP headers are mutually exclusive
- changed etherenet addresses, now sends from 1 -> 2 ....
svn path=/trunk/; revision=7571
Make it able to calculate COUNT() SUM() MIN() MAX() and AVG() for integers and
relative time fields.
See tethereal manpage for examples.
svn path=/trunk/; revision=7550
Fix up some comments, and eliminate a compiler warning.
Make the "iac_found" variable Boolean, and get rid of a redundant
initialization.
Give David Yon credit for the recent Telnet updates.
svn path=/trunk/; revision=7535
Make it possible to use subsecond granularity for the measurement intervals.
io,stat is updated to accept the interval to be specified with ms resolution.
Example
-z io,stat,0.001,smb
to generate 1ms statistics for all SMB traffic.
svn path=/trunk/; revision=7527
and 2 function codes for Modbus/TCP, plus some bug fixes.
Use value_string tables to map function codes and exception codes to
strings.
svn path=/trunk/; revision=7468
Stream" window, which adds "and !(<filter for the stream>)" to the
display filter in effect before the stream was followed, removing that
stream from the display.
svn path=/trunk/; revision=7408
- checksum checks for all packets (like UDP, IP, TCP, etc.)
- this includes adding an option to turn off checking
it in the preferences menu (like TCP does).
- POLL packets
- POLR packets
- added PGM options:
- OPT_FRAGMENT
- OPT_REDIRECT
- OPT_NAK_BO_IVL
- OPT_NAK_BO_RNG
- fixed a minor offset error in SPMs
svn path=/trunk/; revision=7349
Add support for the OpenBSD enc(4) encapsulating interface. Add
support for Ethernet over IP (RFC 3378).
Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.
svn path=/trunk/; revision=7310
not using "%l[doux]" with guint32;
not including <unistd.h> without #ifdef HAVE_UNISTD_H;
not fopening binary files with "r", "w", etc., and not opening
them with "open()" without using O_BINARY.
svn path=/trunk/; revision=7302
contributed RTP tap for voice.
Explained when a tap listener is called and somethings to keep in
mind when adding taps to protocols that may appear multiple times inside the
same packet.
svn path=/trunk/; revision=7293
"register-static.c", or "ps.c", as we distribute them in the tarball.
Add Georgi Guninski to the credits list in the man page.
svn path=/trunk/; revision=7206
Santeri Paavolainen's changes to make doc/Makefile.am work in such an
environment.
Move the idl2eth rules above the mergecap rules, to match the way
doc/Makefile.am works.
svn path=/trunk/; revision=7140
to be using it for stuff that should be hex, and for stuff that should
be Boolean. Use BASE_DEC if it should be decimal, BASE_HEX if it should
be hex, and make it Boolean if it should be Boolean.
svn path=/trunk/; revision=7053
"prefs_register_XXX_preference" routines, to note that it should *NOT*
include the protocol name - the protocol name is automatically prepended
to it, with a "." separator, as the preference is registered in a module
whose name is that of the protocol.
svn path=/trunk/; revision=7031
IO-Users is a feature for tethereal that will print statistics on io usage
similar to top talkers in other tools.
It needs to be ported to ethereal with a nice graph sometime later.
try:
-z io,users,ip
see man-page
svn path=/trunk/; revision=6972
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
- remove nested functions
- use char *pcap_version instead of char pcap_version[]
Changed the fix for the nested functions to use the mechanisms provided
by autoconf.
svn path=/trunk/; revision=6963
Move SCTP payload protocol IDs to a header file, and get the PPIDs from
that header file rather than defining them in dissectors running atop
SCTP. Use both the old(?) and official PPID for ASAP.
svn path=/trunk/; revision=6926
Fix up the documentation of the "-i" flag in the Ethereal man page to
note only that "netstat -i" and "ifconfig -a" *might* work, to
specifically note that not all UNIXes support the "-a" flag to
"ifconfig", and to note that pipe data must be in *standard* libpcap
format.
Document the support for pipes in the "-i" flag in Tethereal.
svn path=/trunk/; revision=6822
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
svn path=/trunk/; revision=6802
The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
svn path=/trunk/; revision=6790
Replace the large matrix of protocol togglebuttons with a GtkCList. The
CList displays three columns: the enabled/disabled state, the protocol's
abbreviated name and the protocol's full name. Protocols can be enabled
or disabled by double-clicking on them. The enable all, disable all, and
invert buttons were left intact.
I made a half-assed attempt at Gtk2 support by copying code from
plugins_dlg.c. It's incomplete, and probably won't compile.
Using check boxes in the first column instead of the word "Disabled" would
have been nice. GtkCLists don't let you embed anything besides text and
pixmaps unfortunately.
Update the man page accordingly.
We still need a way to save a list of disabled protocols.
svn path=/trunk/; revision=6707
There is not a third option Advanced... in addition to frames/tick and bytes/tick.
See ethereal man page for description and how one can use this to graph how NFS response time MAX/MIN/AVG changes over time.
svn path=/trunk/; revision=6703
This patch fixes decoding of the newSuperior attribute of an
LDAPv3 modrdn request. The current implementation attempts to
decode the attribute as an LDAPDN (Octext String, 0x4), when its
definition is actually Context 0 (0x80).
svn path=/trunk/; revision=6672
Replace the handling of PPP packets over GTPv1 and also
establish the handling of PPP packet over GTPv0. Additionally
IPv6 packets are handled in GTPv0 and GTPv1.
Explanation:
- old solution: examining the known PPP protocols is a tough
task, because there might be more in the future -> the list
must be extended more and more (the octet 0x00 has already
been added for PPP network layer protocols, but for protocol
field compression a lot of protocols must be inserted for
IPv4(0x21), IPv6(0x57), maybe IPX (0x2b) or AppleTalk (0x29),
...)
- new solution: It is easier the other way: the most significant
nibble of the first octet must be 4 for IPv4 and 6 for IPv6.
All other values are assumed to be PPP packets, including
packets beginning with values 0x40-0x44 (header too short for
IPv4 packet) and value 0x4f (PPP protocol type (IPv6 header
compression protocol) taking precedence over IPv4 packets with
header length of 60 octets).
svn path=/trunk/; revision=6568
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
"strrchr()", not "index()" and "rindex()"; MSVC++ doesn't declare
"index()" or "rindex()" if you include <string.h>, and they're
non-standard routines (the ANSI C names for those functions are
"strchr()" and "strrchr()").
Add a bit more to the other portability note on the topic of
non-standard vs. ANSI standard functions.
svn path=/trunk/; revision=6539
one byte, so fetch it with "tvb_get_guint8()", not "tvb_get_ntohl()".
Put in the location in the GPRS standard where that's defined, while
we're at it.
svn path=/trunk/; revision=6533
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
builds with zlib - "zlib.h", alas, includes <winsock.h>, and you can't
include <winsock.h> before including <winsock2.h> (at least you can
include <winsock2.h> before including <winsock.h>; thank heaven for
small favors).
svn path=/trunk/; revision=6427
can compile the code.
Note that Bill Fumerola rewrote the Cisco NetFlow dissector.
Update a bunch of addresses in the Ethereal man page, and put some
missing addresses in.
svn path=/trunk/; revision=6380
Update gtk and gtk2 versions of RPC_STAT to allow a filter string to be specified on both the command line as well as the GUI.
Update the documentation for ethereal to reflect this.
svn path=/trunk/; revision=6343
This makes it possible to generate any types of stats based on user defined subsets of the capture.
Try -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678
NFS rtt statistics for a specific file.
svn path=/trunk/; revision=6337
ranges specified with a mask, as well as manufacturer OUIs. Match the
address range values, as well as MAC addresses and manufacturer OUIs,
when translating MAC addresses to names.
Have "make-manuf" read a file containing the well-known addresses and
append it to the list of OUIs.
svn path=/trunk/; revision=6234
Gtk1 is still single threaded so if the tap extensions need to do something
time consuming or cpu intensive, then the main application will suffer.
It is better than nothing.
svn path=/trunk/; revision=6215
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
Guy Harris