to export to other dissectors.
Describe the "if (tree)" construct and its sense by introducing 2 operation
modes of Ethereal:
(a) operational dissection (tree == NULL)
and
(b) detailed dissection (tree != NULL).
Fix some typos.
svn path=/trunk/; revision=9495
except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.
svn path=/trunk/; revision=9342
From Anders Broman: patches to various makefiles and configure scripts
to build the V5UA dissector, and patches to make it compile.
From me: .cvsignore file, and NSIS patches.
svn path=/trunk/; revision=9311
we've gone through the trouble of finding the path, we should use it,
and if the user explicitly said where it is, we should *definitely* use
it), and add the output of "$NETSNMPCONFIG --cflags" to CFLAGS and
CPPFLAGS before searching for Net-SNMP headers, so we check the
appropriate directory for them.
svn path=/trunk/; revision=9303
Eventually, -Tps will not force -V, and will print summaries when -V is
not selected. However, work still has to be done there.
svn path=/trunk/; revision=9218
Always capitalize the names "Ethereal" and "Tethereal" (we don't
capitalize the command names, however, as they're all-lower-case).
Note that you can find out from the GUI whether Ethereal was built with
the PCRE library or not.
Fix a typo.
svn path=/trunk/; revision=9211
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
From Michael Lum:
Modified for better TCAP separation, fixed EOC handling (a la
TCAP).
Added parameter parsing (although not dissection or naming).
svn path=/trunk/; revision=9160
This makes the CulmulativeBytes field make more sense since if we want
something to be a TimeReference frame it is likely that we also want to
measure BOTH time and number of bytes (==culmulative bytes) until the event we are looking at.
svn path=/trunk/; revision=8956
correct and enhance support for RSVP FAST_REROUTE and DETOUR
objects (source: draft-ietf-mpls-rsvp-lsp-fastreroute-03.txt);
support an RSVP SESSION_OBJECT object with ctype = 1. This
object contains resource affinities (source: RFC 3209).
svn path=/trunk/; revision=8913
Note that you have to modify plugins/Makefile.nmake.
Fix "plugin/" to "plugins/".
Update the sample Makefile.am and Makefile.nmake to match the current
state of affairs.
svn path=/trunk/; revision=8899
any string pointed to by the preference variable - as the value we set
it to is allocated, we should free it after registering the preference.
The register routine is called only once - don't worry about whether
"gbl_diameterDictionary" is null or not.
Get rid of a duplicate credit entry in the man page.
svn path=/trunk/; revision=8813
pointer arguments to "proto_tree_add_XXX" functions are copied - if you
allocated a buffer for one of them (e.g., a string), and you don't free
that buffer when you're done with it, you'll leak memory.
svn path=/trunk/; revision=8796
See manpage (hopefully manpage does not reformat my nice ascii graph)
While Service Response Times and the MIN/MAX/AVG thing in io-stat are measurements on the server load. The new measurement type LOAD is a measurement of Client LOAD.
Or rather, it is an attempt to measure client LOAD by measuring how much concurrency in its requests the client generates. It the client is slow in starting new i/o when a previous i/o has completed, this willb e indicated by the concurrency being lowered.
it is an experiment. i am not aware of any other attempts in deducing client workload from looking at captures.
svn path=/trunk/; revision=8706
Add a preference to control whether the "File > Open" dialog box
should start out in the last directory in which it looked - and
save that in the preferences file across invocations - or should
always start out in a user-specified directory, and add another
preference to specify that directory.
Write out section name comments into the preferences file.
Clean up white space a bit.
svn path=/trunk/; revision=8699
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
svn path=/trunk/; revision=8459
support for user-supplied interface descriptions;
support for hiding interfaces in drop-down list in capture
dialog.
Clean up comments written to preferences file.
svn path=/trunk/; revision=8419
Rename it from Endpoint Talkers to : Conversation List
Change command line arguments to both tethereal and ethereal
to be -z conv,<type>
to reflect the new name Conversations
This is the last time the tethereal cmd line arg is changed. But now it has a
proper intuitive name at least.
io,users was weird
talkers was too close to names used in other tools
svn path=/trunk/; revision=8379
Service-over-Frame-Relay support, including preference for Frame Relay
to select FRF 3.2/Cisco HDLC encapsulation or encapsulation of GPRS NS
PDUs.
svn path=/trunk/; revision=8362
packets that passed the current display filter, as well as about the
entire capture.
Document the Tools:Summary item in the man page.
Update Gerald's e-mail address.
svn path=/trunk/; revision=8344
use Export and Import for the buttons in GTK+ 2.x as well;
get rid of a duplicate fclose;
other fixes.
Update the description of color filters in the Ethereal man page to
reflect the change, clean up the formatting (use =item), and add the
global and personal color filters files to the FILES section; refer to
them as "color filters" files rather than "colorfilters" files, as the
FILES section gives the "colorfilters" file name so you don't have to
use that as the name.
Clean up white space.
svn path=/trunk/; revision=8285
Extract the FCS decoding section of the PPP_HDLC dissector to
allow the CHDLC dissector to use the same routine.
The ppp_options used for preferences has been renamed to
fcs_options and exported via packet-ppp.h so CHDLC gets a
separate (but identical) FCS preference.
This means prefs.h has to be included before packet-ppp.h so a
couple of ppp related files (packet-{gtp,null,raw,vj}.c) had
their includes slightly re-arranged.
From me: make the PPP/CHDLC FCS code use "crc32()" to check the 32-bit
FCS.
svn path=/trunk/; revision=8271
windows can also be invoked from the Ethereal command line using the -z
talkers argument" (as pod2man suggests be done).
svn path=/trunk/; revision=8244
Update the talkers tap for tethereal (iousers) and change the command line to invoke the tethereal version from -z io,users, to -z talkers, to be the same
as for ethereal.
Sorry if it breaks some scripts but io,users was a very nonintuitive name for this option.
talkers is not much better but at least a little bit more descriptive/intuitive. Anyone with a better name for this are welcome to provide a patch.
The tethereal version is now agnostic to wether v4 or v6 are transporting UDP/TCP
svn path=/trunk/; revision=8236
A scrollable GtkCList is used now for both GTK1 and GTK2.
Removed "overall" line from statistics table. It is not useful.
"Response Time Delay" was renamed into "Service Response Time".
Menu Item moved to "Service Response Time" folder.
As Ronnie suggested, the active display filter is now used as
default statistics filter.
svn path=/trunk/; revision=8205
draft-ietf-dhc-dhcpv6-28,
draft-ietf-dhc-dhcpv6-opt-prefix-delegation-04, and
draft-ietf-dhc-dhcpv6-opt-dnsconfig-03, and addition of NIS and time
configuration option drafts draft-ietf-dhc-dhcpv6-opt-nisconfig-02 and
draft-ietf-dhc-dhcpv6-opt-timeconfig-02.
svn path=/trunk/; revision=8182
a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
string, decode the value as a text string, as per 1.0, section 8.4.1.2
("Field Values"):
If the field name is encoded in text format, textual values MUST
be used.
svn path=/trunk/; revision=8130
not to include DEL as printable ASCII.
Also change the check in strutil.c to do it by redefining "isprint()",
as is done in "gtk/gtkglobals.h", rather than by #ifdeffing the point at
which the test is done.
svn path=/trunk/; revision=8118
Besides "STRING", there is now "UNPARSED_STRING", where the distinction
is that "STRING" was a double-quoted string and "UNPARSED_STRING" is just
a sequence of characters that the scanner didn't know how to scan/parse,
so it's up to the Ftype to parse it.
This gives us more flexibility and prepares the dfilter parsing engine
for the upcoming addition of the "contains" operator.
In the process of doing this, I also re-did the double-quoted string
support in the scanner, so that instead of the naively-simple support we
used to have, double-quoted strings now can have embedded dobule-quotes,
embedded octal sequences, and embedded hexadecimal sequences:
"\"" embedded double-quote
"\110" embedded octal
"\x48" embedded hex
Enhance the dfilter unit test script to be able to run a single collection
of tests instead of having to run all of them all the time.
svn path=/trunk/; revision=8083
connection to check for addresses and ports at the same time, rather
then checking the source addresses, destination addresses, and ports
separately, as the latter doesn't handle A:X->B:Y and B:X->A:Y both
being active connections.
svn path=/trunk/; revision=7966
itself, so we leaked memory when freeing the interface list; in
"free_interface_list()", use "g_list_foreach()", calling a list free
routine, to free the data items in the list, and then use
"g_list_free()" to free the list.
Use "free_interface_list()" in "get_interface_list()" to free the list
if we have an error, as it now does what the code that use to be there
did.
svn path=/trunk/; revision=7965
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
CList.
As a first conversion to use the helper routines, convert DCERPC SRT statistics to use the new interface.
This prevents some interfaces (SAMR/LSA) that contains a huge number of procedures from creating a huge table that does not fir on the screen.
Later changes to the helpers may be to make the different columns sortable
or to hide those procedures that has not been seen in the capture.
svn path=/trunk/; revision=7903
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
value for DLT_PFLOG, and that goes along with a change to the link-layer
header for DLT_PFLOG - support both the old and new values and format.
svn path=/trunk/; revision=7676
Following fixes for nettl (HP-UX):
1) Fixed 11.X timestamp issue
there is no difference in 10.X/11.X timestamps, so no
need to shift 11.X timestamps
2) Fixed NS_LS_DRIVER trace record handling
now works rather than throwing "...network type that
Ethereal doesn't support" error
3) Fixed handling of traces with sliced packets (nettl -m xx)
now uses correct packet and capture lengths
4) Additional ethernet card support
now handles btlan[1,3-6],gelan,igelan,intl100 driver
trace records
svn path=/trunk/; revision=7642
- added option -m to set maximum packet length
- added option -T to generate TCP headers
- UDP headers now have a correct checksum
- default capture timestamp is current time, usec field counts packets
- UDP and TCP headers are mutually exclusive
- changed etherenet addresses, now sends from 1 -> 2 ....
svn path=/trunk/; revision=7571
Make it able to calculate COUNT() SUM() MIN() MAX() and AVG() for integers and
relative time fields.
See tethereal manpage for examples.
svn path=/trunk/; revision=7550
Fix up some comments, and eliminate a compiler warning.
Make the "iac_found" variable Boolean, and get rid of a redundant
initialization.
Give David Yon credit for the recent Telnet updates.
svn path=/trunk/; revision=7535
Make it possible to use subsecond granularity for the measurement intervals.
io,stat is updated to accept the interval to be specified with ms resolution.
Example
-z io,stat,0.001,smb
to generate 1ms statistics for all SMB traffic.
svn path=/trunk/; revision=7527
and 2 function codes for Modbus/TCP, plus some bug fixes.
Use value_string tables to map function codes and exception codes to
strings.
svn path=/trunk/; revision=7468
Stream" window, which adds "and !(<filter for the stream>)" to the
display filter in effect before the stream was followed, removing that
stream from the display.
svn path=/trunk/; revision=7408
- checksum checks for all packets (like UDP, IP, TCP, etc.)
- this includes adding an option to turn off checking
it in the preferences menu (like TCP does).
- POLL packets
- POLR packets
- added PGM options:
- OPT_FRAGMENT
- OPT_REDIRECT
- OPT_NAK_BO_IVL
- OPT_NAK_BO_RNG
- fixed a minor offset error in SPMs
svn path=/trunk/; revision=7349
Add support for the OpenBSD enc(4) encapsulating interface. Add
support for Ethernet over IP (RFC 3378).
Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.
svn path=/trunk/; revision=7310
not using "%l[doux]" with guint32;
not including <unistd.h> without #ifdef HAVE_UNISTD_H;
not fopening binary files with "r", "w", etc., and not opening
them with "open()" without using O_BINARY.
svn path=/trunk/; revision=7302
contributed RTP tap for voice.
Explained when a tap listener is called and somethings to keep in
mind when adding taps to protocols that may appear multiple times inside the
same packet.
svn path=/trunk/; revision=7293
"register-static.c", or "ps.c", as we distribute them in the tarball.
Add Georgi Guninski to the credits list in the man page.
svn path=/trunk/; revision=7206
Santeri Paavolainen's changes to make doc/Makefile.am work in such an
environment.
Move the idl2eth rules above the mergecap rules, to match the way
doc/Makefile.am works.
svn path=/trunk/; revision=7140
to be using it for stuff that should be hex, and for stuff that should
be Boolean. Use BASE_DEC if it should be decimal, BASE_HEX if it should
be hex, and make it Boolean if it should be Boolean.
svn path=/trunk/; revision=7053