| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
properly handle ASCII vs. Unicode in the list of interfaces;
initialize Winsock before starting a capture, so that the code
in the Win32 libpcap to get the IP address and netmask by
translating the host name to an IP address works.
svn path=/trunk/; revision=1737
|
| |
|
|
|
|
|
| |
routine to be called every time a new capture file is opened instead of
calling it in read_cap_file() and do_capture().
svn path=/trunk/; revision=1651
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This function is used to re-initialize the hash table used by the X.25
dissector to record the upper layer protocol used by each VC. The hash
table should be re-initialized each time we read / start a new capture.
I moved the definition of the function from packet.h to packet-x25.h, and
added calls to reinit_x25_hashtable() in read_cap_file (file.c) and
do_capture (capture.c).
svn path=/trunk/; revision=1644
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
|
| |
|
|
|
|
| |
from WinDump with Ethereal. We now have packet capturing on Win32. :)
svn path=/trunk/; revision=1612
|
| |
|
|
|
|
| |
this is needed to get the last message from the pipe.
svn path=/trunk/; revision=1595
|
| |
|
|
| |
svn path=/trunk/; revision=1586
|
| |
|
|
|
|
|
|
|
|
| |
timeval" (if, say, it's a "struct bpf_timeval", with member sizes wired
to 32 bits, as it appears to be in SuSE 6.3 and will, I think, be in the
0.5 release of libpcap), copy the members of that field to the "ts"
field of the Wiretap per-packet header (which also lets us make it not a
"struct timeval" as well).
svn path=/trunk/; revision=1572
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whether we're building a protocol tree or not.
Make "dissect_eth()" use "BYTES_ARE_IN_FRAME()" to see if we have a full
Ethernet header - it can be called with a non-zero offset, if Ethernet
frames are encapsulated inside other frames (e.g., ATM LANE).
Make capture routines take an "offset" argument if the corresponding
dissect routine takes one (for symmetry, and for Cisco ISL or any other
protocol that encapsulates Ethernet or Token-Ring frames inside other
frames).
Pass the frame lengths to capture routines via the "pi" structure,
rather than as an in-line argument, so that they can macros such as
"BYTES_ARE_IN_FRAME()" the way the corresponding dissect routines do.
Make capture routines update "pi.len" and "pi.captured_len" the same way
the corresponding diseect routines do, if the capture routines then call
other capture routines.
Make "capture_vlan()" count as "other" frames that are too short, the
way other capture routines do.
svn path=/trunk/; revision=1525
|
| |
|
|
|
|
| |
above VINES.
svn path=/trunk/; revision=1514
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
update their libpcap probably isn't going to scale - the increasing
frequency with which "Ethereal hangs when I try to capture packets"
shows up on "ethereal-dev" suggests that, unless and until a libpcap
with the "select()" in it becomes ubiquitous on Linux, that'll be the
source of a constant support burden - so we'll just put the "select()"
in Ethereal if it's being built for Linux.
(Putting it in for platforms where the read timeout argument to
"pcap_open_live()" works adds an extra useless system call at best and,
at worst, could make Ethereal not work - "select()" doesn't work on
"/dev/bpf" devices on FreeBSD 3.3, at least, unless you're in "immediate
mode", and, whilst "immediate mode" would make Ethereal respond more
quickly when packets arrive, it might cause Ethereal to respond too
quickly, doing reads for every new packet rather than waiting for
multiple packets to arrive and reading them all with one "read()", which
appears to be at least part of the intent of the read timeout on
"/dev/bpf" devices in BSD.)
svn path=/trunk/; revision=1451
|
| |
|
|
|
|
| |
and move it to "simple_dialog.h" and "gtk/simple_dialog.c".
svn path=/trunk/; revision=1414
|
| |
|
|
|
|
|
|
|
|
|
| |
of routines to enable and disable various sets of menu items; call only
those routines, not routines to enable or disable particular menu items,
from files in the top-level directory, as other UIs may not refer to
menu items with path strings of the sort used in GTK+, and as this
buries knowledge of the menu items available in "gtk/menu.c" rather than
requiring stuff outside of "gtk/menu.c" to know what menu items exist.
svn path=/trunk/; revision=1410
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
into "gtk/ui_util.c", and move the declarations of those UI utilities
out of "util.h" into "ui_util.h". (The header file is in the top-level
directory, rather than the "gtk" directory, because it declares
window-system-independent interfaces to routines with
window-system-dependent implementations.)
Add to "gtk/ui_util.c" a routine to set the window and icon title.
Use that routine to make the title of an Ethereal top-level window be
{filename} - Ethereal
if there's a capture open, and have "{filename}" be "<capture>" if it's
a temporary capture file.
svn path=/trunk/; revision=1255
|
| |
|
|
| |
svn path=/trunk/; revision=1173
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"capture.c", along with the other code that deals with the sync pipe.
Close the sync pipe, and get rid of the temporary capture file, on
errors.
Split "tail_cap_file()" into routines to set up to read from the capture
file, to read a specified number of packets from it when told to do so
by the child process, and to read the rest of the capture file and
finish up the capture, to provide the code in "capture.c" the hooks it
needs.
Have a common routine to set the status bar to report the file name and
number of dropped packets, to use both when reading in a capture file in
its entirety all at once and when done with a "read it while the capture
is writing to it" live capture.
svn path=/trunk/; revision=1137
|
| |
|
|
|
|
| |
couldn't open the temporary capture file" dialog box.
svn path=/trunk/; revision=1132
|
| |
|
|
|
|
|
|
| |
we put up a special error, just use "wtap_strerror()" to generate the
error message - it'll handle both "errno" errors and Wiretap-specific
errors.
svn path=/trunk/; revision=1108
|
| |
|
|
| |
svn path=/trunk/; revision=896
|
| |
|
|
|
|
|
|
| |
Print a usage message if an illegal command-line flag is seen.
Clean up the usage message a bit.
svn path=/trunk/; revision=755
|
| |
|
|
|
|
|
|
|
|
|
|
| |
from "globals.h" to "capture.h".
Only "capture.c" needs to include <pcap.h>; move the include of <pcap.h>
from "capture.h" to "capture.c".
We no longer need any DLT_ defines (that's handled inside Wiretap);
remove the defines of DLT_ from "capture.h".
svn path=/trunk/; revision=753
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
file to which to write the capture; if it's NULL, create a temporary
file and use that.
Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.
This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".
svn path=/trunk/; revision=748
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.
"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.
svn path=/trunk/; revision=747
|
| |
|
|
|
|
|
|
| |
"quit_after_cap", and "capture_child" from "gtk/main.c" to "capture.c",
so that the definitions don't have to be duplicated in "main.c" for
other UIs if, as, and when we do versions of Ethereal with other UIs.
svn path=/trunk/; revision=746
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
|
| |
|
|
|
|
|
|
| |
us, at that point, a character with the 8th bit set) complaint about a
"char" array subscript in an "isdigit()" call by making the character
unsigned.
svn path=/trunk/; revision=724
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
current capture file if it's a temporary file, out of paranoia (so that
we don't get into a state where we have a capture file open but unlinked
- it's probably harmless to be in that state, as the file will remain
around until close, modulo NFS fun, and we may never be in that state
for very long, but I'd rather have it obviously stated in the code).
Remove the close in "capture()", and put one before the other call to
"capture()", in "main_realize_cb()" (is that call necessary, e.g. if you
pass "-r <filename>" *and* "-k", for some perverse reason, as
command-line arguments?).
If "cf.save_file" is non-null, free it before setting it, regardless of
whether it refers to a temporary file name or not.
svn path=/trunk/; revision=712
|
| |
|
|
|
|
|
|
|
|
|
| |
list of packets in real time" in the "Capture/Start" dialog box,
"ethereal -F" won't work - you get your choice of non-forked capture or
"-S".
Don't have "fork_mode" track "sync_mode"; instead, in those places where
we check for "fork_mode", check for "sync_mode" as well.
svn path=/trunk/; revision=711
|
| |
|
|
|
|
|
|
|
|
|
|
| |
child will nuke that file before we get to open the capture in
"tail_cap_file()" - assuming we do, because the capture may not start.
If we fail while writing to, or closing, a capture file we've opened for
writing, don't treat that as a capture error, as we may have saved at
least some packets to the capture file (that's the way it worked before
my recent checkins).
svn path=/trunk/; revision=710
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and to fork off and run a separate copy of "ethereal" for "-S" and "-F"
captures or just call "capture()" otherwise, out of "gtk/capture_dlg.c"
and into a routine in "capture.c".
If the attempt to create said temporary capture file fails, pop up a
dialog box and don't do the capture.
Have the child capture process send a message upstream after it either
successfully starts the capture and syncs out the header of the capture
file, or fails to start the capture; the message indicates whether it
succeeded or failed, and, if it failed, includes a failure message.
This:
avoids the use of a signal, and thus means we don't have to
worry about whether to capture the signal, or whether to start
or stop capturing depending on whether this particular capture
is in sync mode or not;
lets us pop up the message box for the error in the parent
process if we're in sync mode, rather than doing it in the
child, which didn't work well.
Add a check button to the Capture/Start dialog box, so that we can
control, for each capture, whether it's to be done in sync mode or not.
svn path=/trunk/; revision=708
|
| |
|
|
|
|
|
|
|
|
|
|
| |
now in "gtk/capture_dlg.c" - so it doesn't need to include
<sys/sockio.h> on, for example, Solaris...
...but "gtk/capture_dlg.c" does need to include it.
"gtk/capture_dlg.c" also may need to include "snprintf.h", as it uses
"snprintf()".
svn path=/trunk/; revision=655
|
| |
|
|
| |
svn path=/trunk/; revision=636
|
| |
|
|
| |
svn path=/trunk/; revision=635
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
box interfaces we can't open; this filters out loopback interfaces on
e.g. Solaris (which you can't get at with a DLPI device, so you can't
capture traffic on them), and also means we don't report *any*
interfaces if you don't have permission to open any (which means you
don't have permission to capture packets).
If we don't find any interfaces, pop up a message box saying so.
Free up the interface "ioctl" buffer, and close the socket we were
using, before returning from "get_interface_list()".
If "get_interface_list()" returns a null pointer (meaning it failed),
don't pop up the "capture" dialog box.
svn path=/trunk/; revision=634
|
| |
|
|
|
|
| |
preferences, and menus to gtk subdirectory.
svn path=/trunk/; revision=623
|
| |
|
|
| |
svn path=/trunk/; revision=565
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't
support".
Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").
Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").
Print unsigned quantities in Wiretap messages with "%u", not "%d".
svn path=/trunk/; revision=544
|
| |
|
|
|
|
| |
message from "libpcap".
svn path=/trunk/; revision=541
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
|
| |
|
|
| |
svn path=/trunk/; revision=517
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
|
| |
|
|
|
|
|
|
|
|
|
|
| |
can't translate the encapsulation type, it should return an
encapsulation type; we add a new one, WTAP_ENCAP_UNKNOWN. and have it
return that.
Have "capture()" handle "wtap_pcap_encap_to_wtap_encap()" returning that
encapsulation type (if it happens, we need to add a new Wiretap
encapsulation type to handle the new "libpcap" encapsulation type).
svn path=/trunk/; revision=513
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
for errors when closing a file to which we've written packets (we don't
bother checking if we're giving up on a capture).
Add some more error checks in Wiretap.
Make a single list of all Wiretap error codes, giving them all different
values (some can be returned by more than one routine, so they shouldn't
be per-routine).
svn path=/trunk/; revision=510
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
|
| |
|
|
|
|
| |
definition from "capture.h" to "capture.c".
svn path=/trunk/; revision=499
|
| |
|
|
|
|
|
| |
that means it destroys any read filter we had, so we don't need to
destroy it in "capture()" after "open_cap_file()" succeeds.
svn path=/trunk/; revision=498
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
want to read the next file with the same filter that you used on the
last file.
In the "File/Open" dialog box, parse the read filter before trying to
open the file, and if the parse fails, leave the dialog box up so the
user still has the filter and file name around and can try to fix the
problem.
Keep the compiled read filter attached to the "capture_file" structure,
so you don't have to reparse it on a "File/Reload".
svn path=/trunk/; revision=497
|
