- at least some versions of makewhatis (e.g., the Solaris version)
uses that name in a case-sensitive fashion, so you can't do "man
ethereal", say, you have to do "man Ethereal", and that doesn't work as
the man page file is "ethereal.1", not "Ethereal.1".
svn path=/trunk/; revision=3656
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
files. See text2pcap.1 (built from doc/text2pcap.pod) for details.
Changed 'tethereal -x' output to match hex dump format of text2pcap,
Ethereal and others.
svn path=/trunk/; revision=3421
traffic engineering TLV dissection, IS neighbor and IP reachability TLVs
given their own subtree types), from Jean-Christian Pennetier.
svn path=/trunk/; revision=3413
people don't blindly insert the old address into new dissectors, which
is probably how it got into the dissectors being fixed here.
svn path=/trunk/; revision=3348
"proto_tree_add_text()" any more, so the scripts that take that output
and massage it into various forms don't have to check for it any more.
Get rid of the FT_-name-to-description filtering in eproto2sgml, as it's
not used, and fix it in the other two scripts to correspond to the
current list of FT_ values.
svn path=/trunk/; revision=3336
make the dissector function in the sample dissector code a static
function, and to leave out the "CHECK_DISPLAY_AS_DATA()" call and the
line to set "pinfo->current_proto" in the sample dissector, as the
sample dissector is called through a dissector table, and the code to
call through a dissector table does both of those for you.
svn path=/trunk/; revision=3278
containing OSI transport layer PDUs).
Enable the Q.931-inside-TPKT code (but not the H.225 stuff, as that
requires Andreas Sikkema's H.225 dissector). Update it to match his
current modified Q.931 dissector.
svn path=/trunk/; revision=3199
prints a list of all network interfaces it found on which it can capture
(the same list as the one that shows up in the "Interface" combo box in
Ethereal's "Capture Preferences" dialog).
svn path=/trunk/; revision=3194
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
perl and man2html. Don't call this makefile from the parent makefile
as not everyone will want to create documentation.
Add a couple variables to config.nmake to support this.
svn path=/trunk/; revision=3119
expect - it means "same as fully-buffered". This means that the "-l"
flag is a no-op on Windows.
Instead of setting line-buffered mode with "setvbuf()", set a flag and,
if that flag is set, flush the standard output after the information for
ever packet is printed; this isn't "line-buffered", either, but, as the
reason for doing line-buffering is to allow the output of Tethereal to
be piped to a program and to have that program see the output for a
packet as soon as the packet is seen and dissected, it should be just as
good as line-buffered.
svn path=/trunk/; revision=3047
that button doesn't undo edits you've made to the list of filters it's
displaying.
Don't show an "OK" button if the dialog isn't attached to a text entry
box, as the "OK" button means "enter the current filter into the
attached text entry box, and close the dialog", and if there *is* no
attached text entry box, "OK" doesn't do what you might expect (it's
equivalent to "Close").
svn path=/trunk/; revision=2952
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2951
use the capture filter lists, and others use the display filter list, as
appropriate.
Have separate menu items for editing the capture and display filter
lists.
Have separate "~/.ethereal/cfilters" and "~/.ethereal/dfilters" files
for the two lists; if either of those files isn't found, we try
"~/.ethereal/filters", which means that you will start out with two
identical lists holding all your filters - if certain filters belong
only in one list, you'll have to delete them by hand from the other
list.
Do I/O error checking when reading and writing filter lists; when
writing a filter list, write it to a new file, and then rename the new
file on top of the old file, so that you don't lose your old filter list
if, for example, you run out of disk space or disk quota.
svn path=/trunk/; revision=2948
display tree, based on Jeff Foster's dialog box for selecting fields.
Make the dialog box for browsing filters into a dialog box for
constructing filters; make the "Apply" button and the "OK" button apply
the filter in the text entry box in the dialog, not the currently
selected filter (selecting a filter puts it in that text entry box, but
the user may edit it afterwards, or may use the aforementioned dialog
box to construct a filter not in the list).
Get rid of extra declarations of "m_r_font" and "m_b_font" in
"proto_draw.c"; they're declared in "gtk/gtkglobals.h", which it includes.
svn path=/trunk/; revision=2805
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
"cancel", and "delete" methods, give them:
"fetch" - fetch from the notebook tab any values not already
stored in "prefs", and store them there, but doesn't apply them;
"apply" - apply the settings in "prefs";
"destroy" - clean up any windows created from the tab.
As we no longer have "cancel" methods, we don't have per-preference code
to revert preference values; instead, we have the common preference
dialog box code make a copy of all the current preferences, and, when
the "Cancel" button is clicked, free the current preferences and copy
the saved preferences to it, and apply the preferences.
Add an "Apply" button to the preference dialog box, which applies the
current preferences without closing the dialog box.
Treat a request to delete the preferences dialog box as equivalent to
clicking "Cancel".
Have a "remember_ptree_widget()" routine to remember all protocol tree
widgets, and use the list of those widgets when we set GUI preferences
for the protocol tree widgets, rather than setting the main protocol
tree widget and then using the list of packet windows. Move that code
out of "main.c" to "proto_draw.c", as it's not used by anything in
"main.c", but is used by stuff in "proto_draw.c".
Make the font one of the preferences we can set on the fly for protocol
tree widgets. Also make it something we can set on the fly for the
packet list widget.
svn path=/trunk/; revision=2317
protocols running atop SCTP can register themselves with a particular
SCTP port number.
Also, clean up the credits for him - there were two entries, one for
some initial SCTP support in "ipprotostr()" and in the capture dialog,
and one for the SCTP dissector itself - the latter subsumes the former,
so just keep the latter.
svn path=/trunk/; revision=2296
plugin is enabled -> disabled -> re-enabled due to the fact that
the protocol registration is performed at each plugin_init() call
(and there is no protocol cleanup like with dfilter_cleanup).
Now we use the proto_xxx static variable to check if it is the first
activation or not (in this case, the proto_register_xxx routines are
not called.
svn path=/trunk/; revision=2290
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2268
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2255
the addition of support for Cisco Secure Intrusion Detection
System IPlog output;
support for selecting only one side of a conversation, for
showing a conversation in hex, and for saving the displayed data
to a file, in the "Filter TCP Stream" window.
svn path=/trunk/; revision=2238
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
a framework for the dissector; of the more than 400 NCP packet types, only
a handful are defined. But this dissector framework is much better than
the previous one.
svn path=/trunk/; revision=2173
a waste of time. Instead, set $(PERL) to @PERL_PATH@ in the Makefile and
call dfilter2pod.pl via $(PERL) $(src_dir)/dfilter2pod.pl
svn path=/trunk/; revision=2171
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
pages for various protocol preferences, and the existence of the global
and personal preferences files.
We still need to document the values that can be put in the preferences
file.
svn path=/trunk/; revision=2127
potentially long-running operation that has a progress indicator, pop up
a modal dialog box with
an indication of what is being done;
a progress bar;
a "Cancel" button to stop the operation.
This:
leaves more room on the status line for a filter expression;
provides a mechanism to allow the user to cancel long-running
operations (although the way we do so may not back out of them
as nicely as the user might like, if it's not obvious what the
"right" way is or if the "right" way is difficult to implement
or involves doing as much work as letting the operation
continue);
means that, because the dialog box is modal, we don't have to
worry about the user performing arbitrary UI operations out from
under the operation and changing arbitrary bits of state being
used by that operation.
svn path=/trunk/; revision=2103
tvbuffs.
In doing so, I realied that my recommendation for using
tvb_new_subset(pi.compat_top_tvb, -1, -1) was incorrect, because
some dissectors (ethernet!) change pi.len and pi.cap_len. So, I have
to take those two variables into account instead of using -1 and -1.
So, I provide a macro called tvb_create_from_top(offset), where
offset is the name of your offset variable. It is a wrapper around
tvb_new_subset().
I converted the lines that followed my suggestion to use
tvb_create_from_top().
In proto.c I added
proto_tree_add_debug_text(proto_tree*, const char*, ...)
It's much like proto_tree_add_text(), except that it takes no offset
or length; it's soley for temporarily putting debug text into the
proto_tree while debugging a dissector. In making sure that its
use is temporary, the funciton also prints the debug string to stdout
to remind the programmer that the debug code needs to be removed
before shipping the code.
svn path=/trunk/; revision=2068
display to be sorted by the value in that column (and to reverse the sort
order the next time you click on that column).
Use "F<>" rather than "B<>" for file names in the Ethereal man page.
svn path=/trunk/; revision=1931
snapshot length before writing them to the output file; this may come in
handy if you are translating the file to a different format so that it
can be read by a program that can't handle packets above a certain size
(e.g., the snoop in Solaris 2.5.1 or 2.6, which reject Ethernet packets
larger than the Ethernet MTU, and thus can't handle gigabit Ethernet
captures using jumbo frames).
svn path=/trunk/; revision=1891
"proto_tree_add_item_format()" into multiple routines for different item
types, and to note that a subtree can be added under any item.
svn path=/trunk/; revision=1809
On Win32, always save a temporary capture file by copying -
Win32 systems don't allow you to rename a file that is open, and
we have the temporary file open.
When saving by copying the raw bytes of a capture file, create
the target file with "open()", using the O_BINARY flag, rather
than with "creat()"; on Win32 systems, "creat()" apparently
opens the file as a text file rather than a binary file.
svn path=/trunk/; revision=1757
properly handle ASCII vs. Unicode in the list of interfaces;
initialize Winsock before starting a capture, so that the code
in the Win32 libpcap to get the IP address and netmask by
translating the host name to an IP address works.
svn path=/trunk/; revision=1737
Get rid of the paragraph about C++-style comments at the beginning of
the document, as it also appears in section 1.1.1 "Comments".
Add a section on how to extract data from packets, which explains the
"pd" and "offset" arguments to a dissector, and notes that you should
not just blithely cast pointers into the packet data to 2-byte or 4-byte
integral types and dereference them, as the pointer may not be aligned,
and the field may not have the same byte order as the processor on which
Ethereal is running (in fact, it's probably *guaranteed* not to on at
least one machine, as Ethereal runs on both big-endian and little-endian
platforms...).
svn path=/trunk/; revision=1710
specifies with "-f" and "-R" flags, respectively, or specified with
non-flag command-line arguments, as tcpdump and snoop allow.
svn path=/trunk/; revision=1663
* fix a bug in packet-tftp.c dissecting TFTP Option Acknowledgement
packets. The is no Block-Id in TFTP Option Acknowledgements, as it is
in TFTP Acknowledgements.
* Extension of manuf by ethernet addresses from ELSA (my company), a german
vendor of ISDN routers, cable modems, etc.
* New dissector for Time Protocol [RFC 0868]. That protocol works on port
37 of UDP and TCP. The implementation in this patch only dissects the
more usual UDP version. It could print the time in a more fashion way,
but thats for a later version.
svn path=/trunk/; revision=1609
the IPv4 TOS field as a TOS field or as a DiffServ field, and allow that
field to be controlled by a command-line option or an option in the
"Display:Options" dialog box.
svn path=/trunk/; revision=1532
or when reading a saved capture file; if "-w" is specified, the packets
captured or read from the file are written to the specified file rather
than being dissected and printed, and if "-R" is specified, only packets
that pass the specified read filter are dissected and printed or
written.
svn path=/trunk/; revision=1523
whether, in a live capture that updates the display as packets arrive,
the packet list pane should scroll to show the most recently captured
packets or not.
svn path=/trunk/; revision=1506
specified. This will be of more use when I allow "-w" to be used when
reading an existing capture file rather than doing a live capture (which
will also allow you to specify a read filter, and thus to write a
capture file containing those packets from an existing capture file that
match a given display filter).
Fix up some messages to say "tethereal" rather than "ethereal".
svn path=/trunk/; revision=1499
to "util.c", and provide a routine to free that list as well.
When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.
svn path=/trunk/; revision=1495
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.
svn path=/trunk/; revision=1482
I did this:
First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.
Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.
I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.
svn path=/trunk/; revision=1393
Reformat some (source) paragraphs, for the benefit of those with editors
that don't wrap lines in the display.
Delete some extra "=back" directives.
Fix the description of the "Preferences" dialog (it lets you control
various preferences, not just print preferences; it's the "Print" tab
that lets you control print preferences).
svn path=/trunk/; revision=1352
option right now is the placement of the vertical scrollbars in the 3 panes.
(it's one decision; you can't have the placement of the vertical scrollbar
in the packet list pane different than the placement in the protocol tree
pane, for example).
I did this because I find it convenient to have the vertical scrollbars
on the *left* side of the text. My mouse cursor is usually expanding and
collapsing the protocol tree widgets, and once the protocol tree changes
size, I usually have to scroll. I'd rather move my mouse cursor just a few
pixels over to find the vertical scrollbar.
svn path=/trunk/; revision=1351
"Edit:Preferences" and put it directly under "Edit:Filters", and to add
an "Apply" button to it, which makes the currently selected filter the
current filter and applies it to the current capture.
svn path=/trunk/; revision=1275
treat CONNECT as an HTTP request;
add DELETE and OPTIONS as request names.
Make the order of names in the AUTHORS file match that of the man page
and the About box.
svn path=/trunk/; revision=1231
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
Document changes in this version.
Add Greg to ever-growing list of authors (he was in AUTHORS, but not
in manpage nor in main.c)
svn path=/trunk/; revision=1097
and a $HOME/.ethereal/ipxnets file. get_ipxnet_name() and other functions,
similar to get_ether_name() and friends, have been added.
svn path=/trunk/; revision=1085
dashes or colons as punctuation. Added period as a valid separator, to make
the resolve routines congruent with the display filter syntax options.
Document the fact that both /etc/ethers and $HOME/.ethereal/ethers are
used for resolving hardware address names. I did not know this until
I discovered it in resolv.c!
svn path=/trunk/; revision=1074
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
svn path=/trunk/; revision=1046
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
svn path=/trunk/; revision=1032
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
svn path=/trunk/; revision=983
added misc. constants for parsing flags, and converting time
stamps;
added flags and primary sources explanations;
added function for converting time stamps;
improved item analysis;
new item definitions;
from Tomislav Vujec.
svn path=/trunk/; revision=908
than a command name of "ethereal-dump-fields", to decide whether to run
as normal Ethereal or to just dump out the list of fields that can be
used in a display filter.
This allows us to continue to make that check without doing the regular
command line flag parsing (which we don't want to do, as we don't want
to call "gtk_init()" before making that check, as "gtk_init()" tries to
open an X display, and some people want not to have to have X running in
order to build Ethereal, or want not to have Ethereal try to open an X
connection over a slow line if it's just going to print field names to
the standard output), without having to make a link to "../ethereal"
from the "doc" directory (said link couldn't be a hard link, as ATK
apparently disallows hard links between directories, and I have the
vague impression that a symbolic link might cause other problems).
svn path=/trunk/; revision=902