object code for libethereal.dll isn't generated by the
makefile in /trunk.
Having no code in /trunk linked into libethereal.dll
anymore, the definition of the macro _NEED_VAR_IMPORT_
can be moved from various source files in /trunk to /trunk/Makefile.nmake .
So do that, too.
svn path=/trunk/; revision=13389
instead of already invoking cf_cb_live_capture_started in capture.c, I've introduced the new event cf_cb_live_capture_prepare which only has to set the main windows title and nothing more.
svn path=/trunk/; revision=13355
to the "start live capture" callback, and call that from "do_capture()".
When opening a capture file, don't pop up the "What do you want to do?"
pane when closing any existing file you have open, as we're just going
to put the regular view up right after that.
svn path=/trunk/; revision=13332
move another two capture related fields (iface and cfilter) from cfile to capture_opts
also move the handling of capture related command line options from main.c to capture.c, that way a future privilege seperated capture program can use the same code to parse it's command line than Ethereal.
It might be even possible to share this parser code even with Tethereal, didn't took a closer look at this.
svn path=/trunk/; revision=13320
split drag and drop support out of main.c into new file drag_and_drop.c, to reduce the size of main.c a bit.
Hopefully this won't break unix builds because of missing #include's, I will keep an eye on the buildbot
svn path=/trunk/; revision=13308
This includes: all functions in file.h now have a cf_ prefix, will have doxygen tags, will have the capture_file *cf as the first parameter and I tried to generalize the return values for non trivial functions.
Hopefully, I didn't introduced any new bugs, as I had to change a lot of files...
svn path=/trunk/; revision=13289
don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c
move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it
svn path=/trunk/; revision=13276
window titles even on UN*X, and if the user's specified a description
for an interface, use that rather than the description supplied by
libpcap.
Put the interface name into the main window title when doing a live
capture.
svn path=/trunk/; revision=13060
Hopefully the unspecified forward declaration of capture_options_t in main.h is portable, but buildbot will tell me. This way I need the internals of that struct only at the places I really use it.
svn path=/trunk/; revision=12853
to make it compile on UN*X. Get rid of some #includes that don't appear
to be needed, at least on OS X 10.3 (they might be needed on other
platforms).
svn path=/trunk/; revision=12453
"-y" argument for the capture subprocess - the capture subprocess will
expect a symbolic value, not a numeric value, if we have
"pcap_datalink_name_to_val()". (We assume that if one is present the
other will be present as well.)
svn path=/trunk/; revision=12064
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
This matters for "update of list in real time" (sync_mode) only,
as in normal mode you wouldn't otherwise have the possibility
to stop the capture.
svn path=/trunk/; revision=11194
add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
"simple_dialog()"; NULL might be #defined to be a pointer expression on
some platforms, causing compiler warnings (and, on platforms where a
null pointer doesn't have all its bits 0, possibly causing misbehavior,
although I don't think there are any such platforms on which Ethereal
runs).
Don't allow 0 as button mask argument to "simple_dialog()".
Squelch a compiler warning.
Report fatal problems as errors, not warnings.
Report file I/O errors with "file_open_error_message()".
Report file write errors (including those reported by "close()", e.g.
some errors writing to an NFS server) when saving raw packet data to a
file.
svn path=/trunk/; revision=9915
for example, the libpcap code generator doesn't support the link-layer
type for the capture), "dfilter_compile()" will succeed but return a
null rfcode pointer.
In that case, instead of telling people that it looks like a valid
display filter (which it does, but it also looks like a complete list of
all the Basque words likely to be known by Hammurabi :-)), and then
crashing when we try to "free" that non-existent dfilter code, we just
report it as a "sorry, couldn't compile that capture filter.
svn path=/trunk/; revision=9912
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
translate UNIX errno values to a somewhat friendly message format
string.
Rename "file_open_error_message()" in "file.c" to
"cf_open_error_message()", make "cf_open_error_message()" use the new
"file_open_error_message()" for UNIX errno values, have "do_capture()"
in "capture.c" use "file_open_error_message()" to report errors from
"open()", and make "cf_open_error_message()" static as nothing outside
"file.c" uses it.
Do similar stuff in "tethereal.c".
svn path=/trunk/; revision=9821
b.) added new feature "Edit->Go To First Packet" "Edit->Go To Last Packet" with corresponding menu and toolbar items
c.) added new feature "View->Zoom In" / "View->Zoom Out" / View->Normal Size" with corresponding menu and toolbar items
This feature will act as a "size offset" to the current fontsize, so that the packet list/tree view/... will have a larger/smaller font size.
The value is stored inside the recent file.
d.) Win32 only: Try to get the win32 system font and fontsize at program startup and show the menus/dialogs and such with the same font and fontsize like other win32 windows.
This makes the program make a *lot* more feel like a normal win32 program.
svn path=/trunk/; revision=9753
building in Cygwin's pretend-it's-UNIX environment, we need to treat the
platform as Windows.
Get rid of the BSD #define - just check for the platforms on which we
mustn't use "select()".
svn path=/trunk/; revision=8967
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
get any status information from the child process when it terminates,
and we want that status information (e.g., death due to a signal).
svn path=/trunk/; revision=7549
to the networking stack will have an exception frame header.
Note, however, that on the BSD's ARCNET might be a bit of a mess.
svn path=/trunk/; revision=6986
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
message, to make the margins more even and to bring the second line
under 80 characters. (It's amazing how long Herman Hollerith's legacy
has lasted....)
svn path=/trunk/; revision=6835
don't know whether one is the "right" one to use and, if one is, which
one it is - and they're both used in Ethereal, but let's at least be
consistent within a given file).
svn path=/trunk/; revision=6828
number of *32-bit words* into the magic number, not that number of
*bytes* into the magic number; cast it to "char *" before adding the
byte count.
svn path=/trunk/; revision=6820
It can sometimes happen that capturing is stopped just after Ethereal
has switched to a new ring buffer. The result is that no frames
are displayed. The patch to ringbuffer.c displays the previous ring
buffer if the current buffer is empty on close.
The patch to capture.c fixes a bug where an error return from
ringbuf_wtap_dump_close was ignored, and tidies up the code around
the call.
svn path=/trunk/; revision=6315
Currently Ethereal sets and uses a default directory for reading
and writing, but only in some places. This set of patches extends
the setting of the default directory to the -w option as well as
the -r option, and causes all file dialogs to use and set the
default consistently. (I haven't changed the
Preferences/Printing/File dialog, though, as that's a special
case.)
There's also a fix for a bug where Ethereal was issuing the
message "Ring buffer requested, but capture isn't being saved to
a permanent file" even though a file was specified with -w.
There also appear to be some other cleanups in his patch.
svn path=/trunk/; revision=6238
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
In sync mode, if the capture file written by the child can't be
opened by the parent, ethereal will write two identical popup
error messages.
This patch fixes the problem.
svn path=/trunk/; revision=5883
having two different versions, both broken in different ways.
Bump the count of total packets in the capture-from-pipe routine.
svn path=/trunk/; revision=5647
working on MacOS X.
It appears that the underlying problem with the timeout was that we
weren't treating MacOS X as a BSD, and the "select()" we were doing
presumably wasn't working as it doesn't work on BPF devices on many
BSDs; the workaround no longer appears to be necessary, with Michael's
fix to treat MacOS X as BSD.
(Presumably a select timeout with "tv_usec" set to 1000*1000
microseconds was treated as an error, or otherwise treated in such a way
that it didn't block waiting for the BPF device to say it could be
read.)
svn path=/trunk/; revision=5637
BPF, in at least some OS versions, acts like the other BPFs in some
versions of other BSDs, and doesn't work with "select()".
svn path=/trunk/; revision=5620
This fixes some bugs:
1. With the -S option under Linux, Capture/Stop or ^E was
ignored until the next packet was read. This is because
capture.c wasn't checking for EINTR from select(), which is
returned when the child receives SIGUSR1 from the parent.
2. When reading from a pipe, a spurious error message from
pcap_open_live() was written to stderr.
3. Error messages from the child in Sync mode were displayed in
a Warning alert box.
Also, there's a new subroutine, popup_errmsg(), to replace
several instances of duplicate code.
svn path=/trunk/; revision=5616
unused.
Put in a comment to note that if we fail to open the interface either as
a device or as a pipe, we report the error from the failed
"pcap_open_live()" (which explains why "pipe_open_live()" doesn't return
an error string).
svn path=/trunk/; revision=5381
returns radio information such as signal strength, channel, and data
rate in a pseudo-header. Add that pseudo-header.
Use the "802.11 with radio information" encapsulation type for Wireless
Sniffer files; extract the radio information from where it appears to be
in the header.
Add dissector code for that encapsulation type.
Fix an error in the code to put radio information into the AiroPeek
tree.
Make the "wrapped" flag for NetXRay/Windows Sniffer captures a
"gboolean".
svn path=/trunk/; revision=5122
Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
and "Automatic scrolling in live capture" options from the preference
settings for them, so that the preference settings affect the initial
values of those options, but changing those values in a capture don't
affect the preferences, and don't automatically get saved when you save
the preferences.
If we're building without libpcap, don't have an "Automatic scrolling in
live capture" option anywhere.
svn path=/trunk/; revision=4514
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.
Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.
When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.
svn path=/trunk/; revision=4498
"gboolean", as it's a Boolean value, and move it to the beginning of the
structure in Tethereal, as it is in Ethereal.
From Graeme Hewson:
Check for "pcap_dispatch()" returning -1, meaning an error
occurred; if it does, stop capturing, and report the error.
If we get a signal in tethereal, stop the capture with a
"longjmp()", rather than by clearning the "go" flag;
"pcap_dispatch()", on many platforms, keeps reading rather than
returning a captured packet count of 0 if the system call to
read packets returns -1 with an errno of EINTR, so the
"pcap_dispatch()" won't be broken out of if the signal handler
returns.
Fix a typo in an error message.
svn path=/trunk/; revision=4471
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
byte count of zero, don't bother allocating a buffer for that message,
as we wouldn't do anything with that buffer.
Null-terminate the error message once we read it, before using it as a
string.
svn path=/trunk/; revision=3551
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
control whether we have a child process do the capturing; a user might
want the packet list to be updated as packets arrive but *not* want it
to scroll so that the most recently arrived packets are shown.
"prefs.capture_auto_scroll", not "auto_scroll_live", should control
whether we scroll a real-time-update capture's packet list;
"auto_scroll_live" isn't set by the capture dialog box,
"prefs_capture_auto_scroll" is.
svn path=/trunk/; revision=3388
binaries, so users only need to make sure they have that version
installed in order to have Ethereal (and tcpdump, and snort, and so on)
accept "lanN"-style names (i.e., names of the sort reported by lanscan
and handled by ifconfig), rather than "dlpiN".
Get rid of the patches to update libpcap, get rid of the discussion in
"README.hpux" of patching libpcap and just say "get 0.6.2", and make the
notes on HP-UX kernel patches to fix problems with capturing outgoing
packets a separate item in the list of items in "README.hpux".
Also update the error messages Ethereal and Tethereal display if they
can't open a device and the error is "can't find PPA for XXX" to say
"get 0.6.2" rather than "patch libpcap and recompile.
svn path=/trunk/; revision=3288
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
list of packets in real time" capture so that "!" always indicates an
error, with the "!" preceded by a count of characters in the error
message and followed by the text of the error, and so that those error
messages can be sent after the capture has started.
Use that to report capture errors, and errors writing to the capture
file, while the capture is under way.
Use #defines for the message type characters in that protocol.
svn path=/trunk/; revision=3018
Print the "Capturing on <interface>" message, the running count of
packets captured, and error messages to the standard error in Tethereal,
so that you can pipe the output of a live capture that's printing
packets to a program or script without that script having to worry about
parsing stuff other than dissected packet summaries or details (tcpdump
does the same).
svn path=/trunk/; revision=3017
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2954