| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
|
| |
|
|
|
|
|
|
|
| |
Tim Newsham.
Add in missing item for WTAP_ENCAP_CISCO_IOS in the Wiretap
encapsulation type table.
svn path=/trunk/; revision=4290
|
| |
|
|
|
|
| |
structure; they're no longer used.
svn path=/trunk/; revision=4236
|
| |
|
|
|
|
|
|
|
|
|
| |
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
|
| |
|
|
| |
svn path=/trunk/; revision=4088
|
| |
|
|
|
|
|
| |
that should cause it to show up in a console window if run from Ethereal
on Windows.
svn path=/trunk/; revision=4075
|
| |
|
|
|
|
| |
warning before the capture starts.
svn path=/trunk/; revision=4074
|
| |
|
|
| |
svn path=/trunk/; revision=3560
|
| |
|
|
|
|
|
|
|
|
| |
byte count of zero, don't bother allocating a buffer for that message,
as we wouldn't do anything with that buffer.
Null-terminate the error message once we read it, before using it as a
string.
svn path=/trunk/; revision=3551
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
|
| |
|
|
|
|
| |
members, from Joerg Mayer.
svn path=/trunk/; revision=3501
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
control whether we have a child process do the capturing; a user might
want the packet list to be updated as packets arrive but *not* want it
to scroll so that the most recently arrived packets are shown.
"prefs.capture_auto_scroll", not "auto_scroll_live", should control
whether we scroll a real-time-update capture's packet list;
"auto_scroll_live" isn't set by the capture dialog box,
"prefs_capture_auto_scroll" is.
svn path=/trunk/; revision=3388
|
| |
|
|
| |
svn path=/trunk/; revision=3298
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
binaries, so users only need to make sure they have that version
installed in order to have Ethereal (and tcpdump, and snort, and so on)
accept "lanN"-style names (i.e., names of the sort reported by lanscan
and handled by ifconfig), rather than "dlpiN".
Get rid of the patches to update libpcap, get rid of the discussion in
"README.hpux" of patching libpcap and just say "get 0.6.2", and make the
notes on HP-UX kernel patches to fix problems with capturing outgoing
packets a separate item in the list of items in "README.hpux".
Also update the error messages Ethereal and Tethereal display if they
can't open a device and the error is "can't find PPA for XXX" to say
"get 0.6.2" rather than "patch libpcap and recompile.
svn path=/trunk/; revision=3288
|
| |
|
|
|
|
|
| |
about Token Ring in the "sorry, we couldn't open the capture device"
dialog box on Windows.
svn path=/trunk/; revision=3257
|
| |
|
|
|
|
| |
"ppp_hdlc" capture routine.
svn path=/trunk/; revision=3209
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
|
| |
|
|
|
|
| |
yet another Windows #define.
svn path=/trunk/; revision=3034
|
| |
|
|
|
|
| |
dropped packets from the child to the parent.
svn path=/trunk/; revision=3019
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
list of packets in real time" capture so that "!" always indicates an
error, with the "!" preceded by a count of characters in the error
message and followed by the text of the error, and so that those error
messages can be sent after the capture has started.
Use that to report capture errors, and errors writing to the capture
file, while the capture is under way.
Use #defines for the message type characters in that protocol.
svn path=/trunk/; revision=3018
|
| |
|
|
|
|
|
|
|
|
|
| |
Print the "Capturing on <interface>" message, the running count of
packets captured, and error messages to the standard error in Tethereal,
so that you can pipe the output of a live capture that's printing
packets to a program or script without that script having to worry about
parsing stuff other than dissected packet summaries or details (tcpdump
does the same).
svn path=/trunk/; revision=3017
|
| |
|
|
|
|
|
|
|
|
|
|
| |
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
|
| |
|
|
|
|
|
|
| |
Report errors when writing or closing a capture file.
Clean up some I/O error messages.
svn path=/trunk/; revision=3011
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2954
|
| |
|
|
| |
svn path=/trunk/; revision=2889
|
| |
|
|
|
|
| |
necessary, and won't necessarily work.
svn path=/trunk/; revision=2846
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doesn't work like the read timeout in BPF - the timer doesn't start
until at least one packet has arrived.
I think that's the way read timeouts should work on *all* packet capture
mechanisms, but it does mean that Solaris will, on a quiet net, exhibit
the same symptoms that Linux used to exhibit before we put in a
"select()" call to wait until either packets arrive or a timer expires -
the "pcap_dispatch()" call blocks until a packet arrives, so the display
doesn't get updated and Ethereal doesn't respond to user input until a
packet arrives.
Furthermore, Linux isn't the only OS that lacks any read timeout
on its packet capture mechanism; the others will also have that problem.
We therefore do the "select()" on *all* platforms other than the BSDs
(where the timer starts when the read is done, and can be used for
polling); I don't know whether it's necessary on Digital UNIX, but I
suspect it's necessary on SunOS 4.x (as the 5.x "bufmod" is probably
derived from the 4.x one, and the 5.x one, as per the above, starts the
timer when a packet arrives), and it may even be necessary on 3.x, those
(BSD, SunOS including 5.x, and Digital UNIX) apparently being the only
UNIXes that appear to have such a read timeout.
svn path=/trunk/; revision=2790
|
| |
|
|
|
|
|
|
|
|
| |
on it, such as the exit status if it exited "normally" but unexpectedly.
On UNIX systems, #define the various POSIX <sys/wait.h> macros (and the
non-POSIX WCOREDUMP()" macro) if they're not defined by <sys/wait.h> (or
if we don't have <sys/wait.h>), and use them to dissect the exit status.
svn path=/trunk/; revision=2788
|
| |
|
|
|
|
|
|
|
|
|
| |
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
|
| |
|
|
|
|
|
|
|
|
| |
we're capturing, just use a netmask of 0, and warn the user in Tethereal
(doing it in Ethereal would be more disruptive, and doing so only once
per interface in a session is a bit of work, as, in an "Update list of
packets in real time" capture the child process would have to tell the
parent that it couldn't get the netmask).
svn path=/trunk/; revision=2546
|
| |
|
|
| |
svn path=/trunk/; revision=2521
|
| |
|
|
|
|
|
| |
you stop an "Update list of packets in real time" capture from the main
window as well as from the capture statistics dialog.
svn path=/trunk/; revision=2487
|
| |
|
|
| |
svn path=/trunk/; revision=2481
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as far as I know, the only way to get IFF_UP, IFF_LOOPBACK, "struct
ifreq", and "struct ifconf" defined, and those are required in order to
get, via SIOCGIFCONF, the interface list, and to exclude interfaces that
aren't up and handle loopback interfaces differently from other
interfaces.
If we're on UNIX and have libpcap, we should do the same; that way, if
the system doesn't have <net/if.h> installed, the compile will fail with
an "I can't find <net/if.h>" error, rather than the configure indicating
that <net/if.h> can't be found, causing "util.c" not to include it,
causing it to fail with complaints about IFF_UP, IFF_LOOPBACK, and
various structures not being defined - the former tells you the root
cause, the latter doesn't.
svn path=/trunk/; revision=2442
|
| |
|
|
|
|
|
| |
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
|
| |
|
|
|
|
| |
work
svn path=/trunk/; revision=2438
|
| |
|
|
| |
svn path=/trunk/; revision=2434
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the influenza virus, if "wtap_pcap_encap_to_wtap_encap()" returns
WTAP_ENCAP_UNKNOWN, indicating that the libpcap encapsulation type can't
be mapped to a Wiretap encapsulation type, include the data link type in
the message, so the user can at least give us a clue as to what type it
is that we don't support (or, at least, the DLT_ value for that type -
it could well be some standard type whose value just got gratuitously
changed).
svn path=/trunk/; revision=2333
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
generate the name of the boldface font from the Roman font; if the two
fonts don't have the same widths, the display will look weird when a
field is selected, and it's a bit of a pain for the user to have to
select *two* fonts.
On UNIX/X, default to
"-*-fixed-medium-r-semicondensed-*-*-120-*-*-*-*-*-" rather than to
"-*-lucidatypewriter-medium-r-normal-*-*-120-*-*-*-*-iso8859-1" - some
Linux distributions appear to lack the Lucida typewriter font.
Add a "gui.font_name" preference to the preferences file, specifying the
normal-weight font to use. Have it settable from the "GUI" tab in the
Preferences dialog box - the "Font..." button, when clicked, pops up a
font selection dialog box.
If we either can't open the selected font or the boldfaced version of
the font, default to "6x13" and "6x13bold" as fallbacks - the former
will probably be "fixed", and the latter would be "fixedbold" if X
actually created such an alias, but it doesn't so we use "6x13bold"
instead.
svn path=/trunk/; revision=2304
|
| |
|
|
| |
svn path=/trunk/; revision=2298
|
| |
|
|
|
|
|
|
|
| |
on NT/2000.
Refer to Tethereal, not to Ethereal, in the long explanations of capture
problems in Tethereal.
svn path=/trunk/; revision=2270
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
about checking permissions, as the capture devices are probably
available to all users, and talking about permissions will only confuse
the user. Do, however, warn that Ethereal can't capture on Token Ring
or PPP/WAN interfaces.
On UNIX, if the attempt to open the capture device fails, and the error
message starts with "can't find PPA for ", they are probably running on
HP-UX with a version of libpcap not patched to properly look up PPAs for
network interfaces given the interface name; give them a detailed
warning about this, telling them that they'll have to fix libpcap and
build Ethereal from source, and pointing them at the "README.hpux" file.
svn path=/trunk/; revision=2265
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
| |
|
|
| |
svn path=/trunk/; revision=2184
|
| |
|
|
| |
svn path=/trunk/; revision=2182
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
|
| |
|
|
| |
svn path=/trunk/; revision=2150
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to use "warning" dialog boxes only to warn the user "if you do that, bad
things may happen" *and* to offer them the option either to drive on or
quit, so perhaps ESD_TYPE_CRIT should be used for all errors).
However, put "Ethereal: Error" rather than "Ethereal: Critical" in the
title bar, in the hopes that it'll make it clearer that Something Bad
Happened.
If the user specifies that captures should be saved to a user-specified
file rather than a temporary file, report errors trying to create that
file with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
svn path=/trunk/; revision=2143
|
