- call reset_tcp_reassembly before build_follow_filter
- modify reassemble_tcp so that packet validity is
checked before processing it.
svn path=/trunk/; revision=410
implicitly calls it
- compute the filter in follow_stream_cb since load_cap_file
does not honor the display filter if the dfcode is non already set
- Follow TCP stream is still buggy however (incorrect saved TCP data due
to the fact that dissect_tcp is called even if the filter applies).
svn path=/trunk/; revision=409
string pointer from the result of ip_to_str (statically allocated string).
Use the ip_src and the new field ip_dst in follow.c to build a correct
string display filter.
svn path=/trunk/; revision=408
values (for example, a sequence number in a TCP header should be printed
as an unsigned value; I have a trace in which the uppermost bit of the
sequence number is set...). If we need to be able to handle signed
values, add FT_INT{8,16,32} types.
svn path=/trunk/; revision=406
FT_NONE, so the first argument in the variable-length portion of the
argument list to the "proto_tree_add_item()" or
"proto_tree_add_item_format()" call to add the top-level protocol tree
item for a protocol has to be a null pointer.
svn path=/trunk/; revision=405
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
COL_INFO columns resize automatically even during a live
capture;
columns showing network addresses never resize automatically;
other columns resize only when a capture is done;
and make all columns resizeable by hand (once they've resized, for
auto-resizeable columns).
svn path=/trunk/; revision=394
others are copied into the build-tree by 'automake -a'. The autogen.sh
script runs autoheader, automake, and autoconf for the developer in order
to populate a fresh CVS image with the generated build tools.
svn path=/trunk/; revision=388
"capture_file" structure, make a "select_packet()" routine to parallel
"unselect_packet()", and have "unselect_packet()" free the protocol tree
that the "protocol_tree" member of the "capture_file" passed to it
points to.
It should now be impossible to do a "Print Packet" operation if no
packet has been selected, so remove the check for that (we'll probably
just blow up if it happens; if it does, that means we probably forgot to
gray out "/File/Print Packet" somewhere, so we should fix that).
svn path=/trunk/; revision=385
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
think I may have to worry about page boundaries and the like - so, for
now, we make the "File/Print..." stuff print only as text. ("Print
Packet" can still print PostScript, as always.)
We clean up a few text vs. PostScript things for printing multiple
frames, but it's still not ready for prime time.
svn path=/trunk/; revision=383
capture to a file or printer. This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.
Get rid of "cur" member of "capture_file" structure; nobody used it.
There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"
button.
Put the declaration of "prefs" into "prefs.h".
svn path=/trunk/; revision=380
capture to a file or printer. This should eventually get the ability to
print either all the packets or only the packets selected by the display
filter, and possibly also the ability to print only packets M through N.
Get rid of "cur" member of "capture_file" structure; nobody used it.
There's no need to pass a pointer to a "dialog_button" variable to
"simple_dialog()" for the error boxes displayed if a file copy or move
fails; that dialog box is just a message box and has only an "OK"
button.
Put the declaration of "prefs" into "prefs.h".
svn path=/trunk/; revision=378
(this assumes that "libpcap" writes out the header as soon as that
happens, which is the case for "libpcap" 0.4), we sync it out (to make
sure said header is in the file), and signal the parent process, so that
it opens the capture file and updates its windows to indicate that the
capture is in progress.
svn path=/trunk/; revision=371
that's set whenever we encounter an EOF; if that flag is set, all
subsequent reads return an EOF indication. I.e., end-of-file is sticky.
This means that the stuff to continue reading a capture file, if we're
updating the display as the capture progresses, doesn't work - it gets
stuck at the point where the first read finished.
To clear that flag, we must do an "fseek()"; we do one that doesn't move
the seek pointer.
When updating the display as a capture progresses, do
"init_col_widths()" only when we first open the capture file; there's no
need to do it every time we read from the file - the column widths never
get smaller, they can only get bigger or stay the same.
svn path=/trunk/; revision=370
Make the descriptions of all options full sentences (if an option sets
XXX, describe it as "Sets XXX" rather than just "XXX"); some were, some
weren't.
Note that "-f" sets the *capture* filter expression.
Don't say that Ethereal can read only "libpcap"-format files; it can
read other formats (using "wiretap" to read capture files is no longer
an option, it's what Ethereal always uses).
svn path=/trunk/; revision=368
output of "ethereal -G" and "doc/ethereal.pod.template". Make
"ethereal.1" depend on "ethereal" and "doc/ethereal.pod.template",
rather than on "doc/ethereal.pod", so that it can be built even if you
don't have "doc/ethereal.pod".
svn path=/trunk/; revision=367
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.
Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".
Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.
svn path=/trunk/; revision=364
tree constructed from the protocol tree:
1) The value of "level" field of GTK+ tree items appears to
depend on various random things - see a change I made to
"packet-dns.c" a while ago, to change the order in which
items were put in the tree, so that DNS trees printed with
correct indentation - and, right now, we appear to be doing
*something* wrong, as some packets I printed from one file
here had randomly bogus indentation; I could probably track
the problem down and fix it, but that might just hold us
until we accidentally do something *else* wrong by GTK+'s
lights.
The new code provides its own tree level as it goes.
2) The new code is independent of GTK+, so it could be used with
other toolkits, or with non-GUI variants of Ethereal.
3) This may make it easier to add a "Print..." menu item to let
the user print packets other than the currently selected
packet.
Make the internal routines used to print the packet static.
For the "Print Packet" menu item, put up a message box if they haven't
yet selected a packet.
svn path=/trunk/; revision=362