than the size of the reads we do, so that we have an extra byte at the
end into which we can stick a '\0' to guarantee null-termination of the
buffer.
When reading the capture file in "tail_cap_file()", use "file_open()"
rather than "fopen()", so that we work correctly if we're using "zlib"
to read capture files.
svn path=/trunk/; revision=707
bounce bar for compressed file support). Note that the progress bar may
not grow smoothly for compressed files, but it should be reasonably accurate
for files which are large enough to matter.
svn path=/trunk/; revision=701
gzip. The zLib library is used for this purpose. If zLib is not available
(or it's use is disabled by the --disable-zlib option to configure), you
can still compile Ethereal but it will be unable to read compressed capture
files.
IMPORTANT:
Now all file accesses to capture files should be done through special macros.
Specifically, for any use of the following functions on capture files, replace them.
The arguments for the right-side functions are exactly the same as for the
original stdio functions.
fopen file_open
fdopen filed_open
fread file_read
fwrite file_write
fseek file_seek
fclose file_close
ferror file_error
svn path=/trunk/; revision=695
the "File/Print" dialog box; "Expand all levels" means that all levels
of the protocol tree should be printed, while "Print as displayed" means
that only those levels shown in the display should be printed.
Free the table of column widths once printing is done.
svn path=/trunk/; revision=671
prints the protocol tree, and summary prints the fields in the summary
clist, with a header line at the beginning of the printout.
Print only packets selected by the current packet filter.
Just have "ARP" and "RARP" in the "Protocol" field for ARP packets;
whether it's a request or a reply can be seen in the "Info" field.
Add to the "Frame" section of the protocol tree the time between the
current packet and the previous displayed packet, and the packet number.
Have FT_RELATIVE_TIME fields be a "struct timeval", and display them as
seconds and fractional seconds (we didn't have any fields of that type,
and that type of time fits the delta time above).
Add an FT_DOUBLE field type (although we don't yet have anything using
it).
svn path=/trunk/; revision=666
family has a set of debug commands that allow you to log the traffic on a
WAN or dialup connection as text, e.g.
RECV-iguana:241:(task: B04E12C0, time: 1975358.50) 15 octets @ 8003D634
[0000]: FF 03 00 3D C0 06 C9 96 2D 04 C1 72 00 05 B8
Created wtap_seek_read() which parses the textual data for and Ascend
trace, and does a normal fseek() and fread() for any other file type.
The fseek()/fread() pairs in file.c were replaced with the new function.
svn path=/trunk/; revision=652
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).
Include <time.h> in "file.c", to declare "struct tm".
Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".
svn path=/trunk/; revision=549
code supplied by a Wiretap routine (whether a positive UNIX "errno" code
or a negative Wiretap error code), and returns an error message
corresponding to it.
Use that to construct the message Ethereal put up in a message box for
those errors for which we don't have Ethereal put up a message of its
choice.
svn path=/trunk/; revision=545
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).
svn path=/trunk/; revision=530
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
want to read the next file with the same filter that you used on the
last file.
In the "File/Open" dialog box, parse the read filter before trying to
open the file, and if the parse fails, leave the dialog box up so the
user still has the filter and file name around and can try to fix the
problem.
Keep the compiled read filter attached to the "capture_file" structure,
so you don't have to reparse it on a "File/Reload".
svn path=/trunk/; revision=497
selecting a field from more than one protocol tree. It turns out that
gtktree.c doesn't clear the tree-item selection list when you use
gtk_tree_clear_items() (which calls gtk_tree_remove_items() ). So the next
time a tree item is selected in a new protocol tree (which is our old
protocol tree, with everything removed, and new things added), gtk_tree
tries to _deselect_ our old selection. But that tree-item which is trying
to be deselected is long gone, resulting in the assert because widget == NULL.
A function needs to be added to gtk_tree to deselect the tree-item selection
for us. (or we need to go through the hassle of creating a new gtk_tree
instead of recycling tree_view over and over).
I stole some code from another section of gtktree.c which lets us clear
the selection in clear_tree_and_hex_views().
Also, I modified the argument to gtk_tree_set_view_mode. We were using
"TRUE", when really we should have used a member of the GtkTreeViewMode
enumeration, namely GTK_TREE_VIEW_ITEM ( which is 1, which is TRUE :-)
svn path=/trunk/; revision=496
reason for the failure, and have it do the checks to make sure the file
being opened is a plain file or a pipe.
Have "open_cap_file()" make use of that.
Don't automatically set "last_open_dir" if a "-r" flag was specified on
the command line - do so only if the file in question could actually be
opened.
svn path=/trunk/; revision=495
it's called after "open_cap_file()" has been called, and is always
passed the file name passed to "open_cap_file()", and that file name is
stored as "cf->filename", so "read_cap_file()" can just use
"cf->filename" as the pathname of the file.
svn path=/trunk/; revision=494
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
handle a display with a display filter.
(Also, don't have it recompute the time stamps - they were computed when
the packet was added to the packet list in the first place.)
svn path=/trunk/; revision=485
use "check_col()", otherwise "check_col()" always fails, and the time
column never gets changed. (How did I manage to break that?)
svn path=/trunk/; revision=483
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.
svn path=/trunk/; revision=480
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag). Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.
When reading a temporary capture file after a live capture, don't apply
any filter.
Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.
Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.
svn path=/trunk/; revision=460
N^2 in the ultimate size of the list (as "g_list_append()" is linear in
the size of the list, at least when used in the way the GLib
documentation says to use it); instead, maintain our own linked list of
"frame_data" structures for all packets read, including a pointer to the
last element.
"gtk_clist_set_row_data()" is linear in the row number, so if it's used
to attach a pointer to the "frame_data" structure for a packet to the
packet list GtkClist row for each packet, that's also N^2 in the number
of packets in that packet list; instead, store the row number in the
"frame_data" structure, and find the packet for a given row by scanning
the list for it (we were already scanning the list linearly to find that
packet's index in the list of all packets; that's only done when a
packet's selected, so it's not *too* bad, but it might be nice to avoid
having to do that scan).
svn path=/trunk/; revision=457
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.
svn path=/trunk/; revision=454
try as I might, I couldn't get gtk_timeout_add to work. I read all the docs,
but no luck. So for now I call dfilter_progress_cb for every 20 packets
that are filtered. I'd rather have *something* for the next Ethereal
release than nothing.
I also modified file_progress_cb to use it's local copy of cf rather
than the global copy.
svn path=/trunk/; revision=447
double-click on a packet, it'll select that packet without necessarily
first un-selecting it (this may be a GTK+ 1.0[.x] vs. GTK+ 1.2[.x]
difference; Jeff Jahr said he first saw it when going from Ethereal
0.6.3 to 0.7.0 and going from GTK+ 1.0[.x] to GTK+ 1.2.3, but I saw it
on 0.6.3 with GTK+ 1.2.3 as well).
svn path=/trunk/; revision=441
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
Gilbert Ramirez