git.samba.org - obnox/wireshark/wip.git/log

Remove the include of <sys/time.h> from "file.h" - it's neither
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).

Include <time.h> in "file.c", to declare "struct tm".

Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@549 f5534014-38df-0310-8fa8-9805f1628bb7

Don't check to make sure "-k" was specified with "-S" or "-F" but not
with "-W" unless we actually support "libpcap", as "fork_mode" isn't
defined unless HAVE_LIBPCAP is defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@548 f5534014-38df-0310-8fa8-9805f1628bb7

Put "packet-atm.c" in.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@547 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the pcap-encapsulation-to-wiretap-encapsulation mapping table.

Have the code that opens "libpcap" files for writing check to make sure
that the Wiretap encapsulation can be written to a "libpcap" file, and
return -1 and supply a new WTAP_ERR_UNSUPPORTED_ENCAP error code if it
can't.

Handle that new error code in "wtap_strerror()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@546 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "wtap_strerror()" routine, which takes as an argument an error
code supplied by a Wiretap routine (whether a positive UNIX "errno" code
or a negative Wiretap error code), and returns an error message
corresponding to it.

Use that to construct the message Ethereal put up in a message box for
those errors for which we don't have Ethereal put up a message of its
choice.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@545 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of some cruft left in by previous checkins as placeholders.

Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't
support".

Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").

Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").

Print unsigned quantities in Wiretap messages with "%u", not "%d".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@544 f5534014-38df-0310-8fa8-9805f1628bb7

FreeBSD and OpenBSD both use 23 for AF_IPX (that may have been in
4.4-Lite), but they use different values for AF_INET6; define and handle
both of them.

Add AF_ISO as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@543 f5534014-38df-0310-8fa8-9805f1628bb7

Add a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@542 f5534014-38df-0310-8fa8-9805f1628bb7

Have the message boxes put up for "libpcap" errors include the error
message from "libpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@541 f5534014-38df-0310-8fa8-9805f1628bb7

DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:

1) PPP-over-HDLC (some version of ISDN4BSD?);

2) big-endian AF_ value (BSD on big-endian platforms);

3) little-endian AF_ value (BSD on little-endian platforms);

4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").

Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.

Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.

Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.

Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.

Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).

Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@540 f5534014-38df-0310-8fa8-9805f1628bb7

Richard J�rgensen <ric@tbit.dk> pointed out that ICMP and IGMP checksums
were printed in the wrong byteorder.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@539 f5534014-38df-0310-8fa8-9805f1628bb7

Move the code to set "max_data" in "dissect_nbss()" earlier, so that
it's set before we dissect continuations.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@538 f5534014-38df-0310-8fa8-9805f1628bb7

Jochen Friedrich's patch to add IPv6 support for DLT_NULL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@537 f5534014-38df-0310-8fa8-9805f1628bb7

This is the code in packet-nbns that handles continuation messages.

It checks to see if the packet we have in front of us does not start with
one of the four NetBIOS over TCP/IP message types, or if it is a data
message, then looks for \0377SMB in the first four bytes ...

It seems to work well on one large trace of Samba activity that I have.
`

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@536 f5534014-38df-0310-8fa8-9805f1628bb7

The 16-bit and 32-bit fields in the "frame4" record header in ATM
Sniffer captures are little-endian; convert them as necessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@535 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the e-mail address for Jeff Foster.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@534 f5534014-38df-0310-8fa8-9805f1628bb7

Call "init_mib()" in "proto_register_snmp()"; not doing so causes core
dumps (probably because the SNMP libraries expect it to have been
called).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@533 f5534014-38df-0310-8fa8-9805f1628bb7

Changed some symbols inside parser, fixed default error message in
dfilter_compile, and removed debug printf that I left in match_selected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@532 f5534014-38df-0310-8fa8-9805f1628bb7

Include "snprintf.h" if necessary, to squelch some "gcc -Wall"
complaints.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@531 f5534014-38df-0310-8fa8-9805f1628bb7

Enabled error reporting for bad ETHER values in display filters. A new
global variable, dfilter_error_msg is now available, being NULL when there
was no error, or pointing to a string when an error occurred. The three
places that dfilter_compile() is called now use this global variable to
report the error message to the user. A default error message is put
in that string if no context-specific error message is available (since
I only have one context-specifici error message, namely, ETHER values,
that will be most of the time).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@530 f5534014-38df-0310-8fa8-9805f1628bb7

Cleaned up the two routines besides the main display filter mechanism
that use display filters, TCP follow and Match Selected.

In Match Selected, I made it put the display filter that it creates
in the text entry widget. The code was already there, but it didn't work
because code was missing in the GUI initialization routine that runs
when Ethereal starts. The text entry widget pointer was not being passed
to the Match Selected menu item.

In TCP follow, I made it _not_ put the display filter that it creates
in the text entry widget. I find it annoying that a really long
display filter is left in the widget, and others have voiced their
opinion on this too. In addition, after applying the display filter
and retreiving the TCP data, the display filter (if any) that the user
had in place _before_ running TCP follow is put back and the packet
list is set back to the way it was before TCP follow is run. I think this
is more expected. The drawback is that display filtering is run twice,
once to retreive the TCP data and once to reset the display.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@529 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@528 f5534014-38df-0310-8fa8-9805f1628bb7

Add Olivier Abad to the list of Wiretap authors, as the code to read
RADCOM WAN/LAN Analyzer capture files is his.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@527 f5534014-38df-0310-8fa8-9805f1628bb7

Note that we now have the ability to read Ethernet and X.25 captures
from RADCOM WAN/LAN Analyzers.

(BTW, the previous checkin also removed the comments about the hack
wherein we pretended that ATM Sniffer captures were really Ethernet,
Token-Ring, or RFC 1483 captures, given that said hack was itself
removed.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@526 f5534014-38df-0310-8fa8-9805f1628bb7

Remove the stuff about filters in Wiretap, as that capability was
removed when a more powerful display filtering mechanism was added to
Ethereal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@525 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of an unused variable left stranded on the beach when a wave
washed out to sea the code that used to pretend that an ATM Sniffer
capture was an Ethernet or Token-Ring Sniffer capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@524 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for reading Full Frontal ATM from an ATM Sniffer capture
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.

Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@523 f5534014-38df-0310-8fa8-9805f1628bb7

Made handling of byte strings in scanner and parser much simpler,
improving size of grammar and creating the possibility of dfilter_compile
reporting errors back to user. In this case, if an ETHER variable is
compared against a byte string that is not 6 bytes, an error condition is
flagged appropriately. I have not put in the code to conver that error flag
to a message to the user, but that's what I'm working on next.

Also, fixed sample debug session in README to show correct gdb prompt.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@522 f5534014-38df-0310-8fa8-9805f1628bb7

Made LanAlyzer smarter about reading trace files, thereby removing a
variable from lanalyzer_t (plus an additional variable which wasn't being
used). While I was in there I cleaned up some comments and renamed a couple
variables to make more sense.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@521 f5534014-38df-0310-8fa8-9805f1628bb7

"open_cap_file()" calls "close_cap_file()" if its attempt to open the
capture file succeeds, so that it cleans out any state in the
"capture_file" structure it was handed before filling it in with new
state for the new capture file.

This means it destroys any read filter associated with the
"capture_file" structure it was handed, so the "rfcode" field must be
set *after* calling "open_cap_file()" but *before* calling
"read_cap_file()". Do so for the "capture file (and possibly read
filter) supplied on the command line" case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@520 f5534014-38df-0310-8fa8-9805f1628bb7

Made iptrace wiretap module return error on partial packets, instead of
expecting it as normal. Added paragraph about iptrace oddities to README.
I also added a section to the README about how to report bugs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@519 f5534014-38df-0310-8fa8-9805f1628bb7

Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.

Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.

Add some new error codes for them to return.

Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.

Handle the additional errors we can get when opening a capture file.

If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@518 f5534014-38df-0310-8fa8-9805f1628bb7

Use "g_strdup()" rather than "strdup()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@517 f5534014-38df-0310-8fa8-9805f1628bb7

Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.

Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.

Add some new error codes for them to return.

Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.

Handle the additional errors we can get when opening a capture file.

If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@516 f5534014-38df-0310-8fa8-9805f1628bb7

Changes to compile in win32.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@515 f5534014-38df-0310-8fa8-9805f1628bb7

In "wtap_dump_close()", don't shove the return value of "fclose()" into
the variable for the return value of "wtap_dump_close()", just check it
against EOF; shoving it into "ret" means it gets set to 0 on a
successful close, but a return value of 0 means "wtap_dump_close()"
failed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@514 f5534014-38df-0310-8fa8-9805f1628bb7

"wtap_pcap_encap_to_wtap_encap()" shouldn't return a file type if it
can't translate the encapsulation type, it should return an
encapsulation type; we add a new one, WTAP_ENCAP_UNKNOWN. and have it
return that.

Have "capture()" handle "wtap_pcap_encap_to_wtap_encap()" returning that
encapsulation type (if it happens, we need to add a new Wiretap
encapsulation type to handle the new "libpcap" encapsulation type).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@513 f5534014-38df-0310-8fa8-9805f1628bb7

Re-arranged Ethereal's definitions of DLT_RAW et al. since capture.c
is the only file that uses them. I hope to avoid some compiler warnings
with this.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@512 f5534014-38df-0310-8fa8-9805f1628bb7

Small change to create_tempfile, initializing static vars.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@511 f5534014-38df-0310-8fa8-9805f1628bb7

Make "wtap_dump()" and "wtap_dump_close()" return error codes, and check
for errors when closing a file to which we've written packets (we don't
bother checking if we're giving up on a capture).

Add some more error checks in Wiretap.

Make a single list of all Wiretap error codes, giving them all different
values (some can be returned by more than one routine, so they shouldn't
be per-routine).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@510 f5534014-38df-0310-8fa8-9805f1628bb7

Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.

When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@509 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up the call to "reassemble_tcp()" to use "pi.len" and
"pi.captured_len" to compute the total amount of TCP payload and the
captured amount of TCP payload.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@508 f5534014-38df-0310-8fa8-9805f1628bb7

Make a "create_tempfile()" routine that constructs the template to be
used by "mkstemp()" into a buffer supplied as an argument, trying
several directories for the tempfile, in the same fashion that the BSD
(and probably other) "tempnam()" routines do.

Have that routine cope with temporary-file directory names that don't
end with "/", as "P_tmpdir" doesn't necessarily end with "/" (and
doesn't, in GNU "libc" 2.x, at least on Linux); thanks to Gilbert
Ramirez for catching this one, and supplying the code to cope with that.

Have the code that creates the temporary file for the "Follow TCP
Stream" text use it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@507 f5534014-38df-0310-8fa8-9805f1628bb7

Declare the "packet_info" structure "pi" in "packet.h", rather than in a
bunch of source files.

Replace the "payload" field of a "packet_info" structure with "len" and
"captured_len" fields, which contain the total packet length and total
captured packet length (including all headers) at the current protocol
layer (i.e., if a given layer has a length field, and that length field
says its shorter than the length we got from the capture, reduce the
"pi.len" and "pi.captured_len" values appropriately). Those fields can
be used in the future if we add checks to make sure a field we're
extracting from a packet doesn't go past the end of the packet, or past
the captured part of the packet.

Get rid of the additional payload argument to some dissection functions;
use "pi.captured_len - offset" instead.

Have the END_OF_FRAME macro use "pi.captured_len" rather than
"fd->cap_len", so that "dissect the rest of the frame" becomes "dissect
the rest of the packet", and doesn't dissect end-of-frame padding such
as padding added to make an Ethernet frame 60 or more octets long. (We
might want to rename it END_OF_PACKET; if we ever want to label the
end-of-frame padding for the benefit of people curious what that extra
gunk is, we could have a separate END_OF_FRAME macro that uses
"fd->cap_len".)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@506 f5534014-38df-0310-8fa8-9805f1628bb7

Converted more of the IP fields to filterable fields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@505 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo in a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@504 f5534014-38df-0310-8fa8-9805f1628bb7

Expand some comments.

Check for errors reading the "Follow TCP Stream" temporary file.

Unlink the temporary file after attempting to open and read the file,
even if the attempt to open it failed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@503 f5534014-38df-0310-8fa8-9805f1628bb7

Pick up a change from the OpenBSD ports collection, to use "mkstemp()"
to create the temporary file to which the "Follow TCP Stream" code
writes the contents of the TCP stream; this was presumably done to close
a potential security hole opened by the possibility of somebody
replacing the file referred to by the name generated by "tmpnam()"
before we open it.

(We may have to provide our own version of "mkstemp()" if there are any
platforms on which we run that lack it. Note that Solaris 2.5.1 has it,
even though it's not documented and isn't declare in its "stdlib.h".)

Have the "Follow TCP Stream" code put up a dialog box, rather than
spitting a message out to the standard error, if the attempt to create
the temporary file fails.

Check also whether the attempt to open the "Follow TCP Stream" temporary
file for reading fails, and put up a dialog box for that as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@502 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of the comments saying "make ["decode_numeric_bitfield()"] shift
the value appropriately!" - a change from Olivier Abad did so.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@501 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed segfault with new gtk_tree_item deselection routine and -S option.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@500 f5534014-38df-0310-8fa8-9805f1628bb7

The "loop_data" structure is used only in "capture.c"; move its
definition from "capture.h" to "capture.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@499 f5534014-38df-0310-8fa8-9805f1628bb7

"open_cap_file()", if it succeeds, closes any capture file we had open;
that means it destroys any read filter we had, so we don't need to
destroy it in "capture()" after "open_cap_file()" succeeds.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@498 f5534014-38df-0310-8fa8-9805f1628bb7

Don't preserve the read filter from file to file - you won't necessarily
want to read the next file with the same filter that you used on the
last file.

In the "File/Open" dialog box, parse the read filter before trying to
open the file, and if the parse fails, leave the dialog box up so the
user still has the filter and file name around and can try to fix the
problem.

Keep the compiled read filter attached to the "capture_file" structure,
so you don't have to reparse it on a "File/Reload".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@497 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed the problem with an assert coming from gtkwidget.c:3196 when
selecting a field from more than one protocol tree. It turns out that
gtktree.c doesn't clear the tree-item selection list when you use
gtk_tree_clear_items() (which calls gtk_tree_remove_items() ). So the next
time a tree item is selected in a new protocol tree (which is our old
protocol tree, with everything removed, and new things added), gtk_tree
tries to _deselect_ our old selection. But that tree-item which is trying
to be deselected is long gone, resulting in the assert because widget == NULL.
A function needs to be added to gtk_tree to deselect the tree-item selection
for us. (or we need to go through the hassle of creating a new gtk_tree
instead of recycling tree_view over and over).

I stole some code from another section of gtktree.c which lets us clear
the selection in clear_tree_and_hex_views().

Also, I modified the argument to gtk_tree_set_view_mode. We were using
"TRUE", when really we should have used a member of the GtkTreeViewMode
enumeration, namely GTK_TREE_VIEW_ITEM ( which is 1, which is TRUE :-)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@496 f5534014-38df-0310-8fa8-9805f1628bb7

Have "wtap_open_offline()" return, on failure, an indication of the
reason for the failure, and have it do the checks to make sure the file
being opened is a plain file or a pipe.

Have "open_cap_file()" make use of that.

Don't automatically set "last_open_dir" if a "-r" flag was specified on
the command line - do so only if the file in question could actually be
opened.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@495 f5534014-38df-0310-8fa8-9805f1628bb7

"read_cap_file()" doesn't need to be passed a file name as an argument -
it's called after "open_cap_file()" has been called, and is always
passed the file name passed to "open_cap_file()", and that file name is
stored as "cf->filename", so "read_cap_file()" can just use
"cf->filename" as the pathname of the file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@494 f5534014-38df-0310-8fa8-9805f1628bb7

Oops, forgot to get rid of the "open_cap_file()" in "load_cap_file()"
when I turned the latter into "read_cap_file()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@493 f5534014-38df-0310-8fa8-9805f1628bb7

Split "load_cap_file()" into "open_cap_file()" and "read_cap_file()".
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer.  The
latter reads the file already opened by "read_cap_file()".

For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box.  (Other file selection boxes should be made to work the
same way.)  If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@492 f5534014-38df-0310-8fa8-9805f1628bb7

Add ICMP to the set of packet types counted in the window shown while a
capture is in progress.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@491 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed File|Save As (it was using wrong variable for source filename).
Ethereal now remembers the directory where it last opened a file, either
via the GUI File|Open or command-line '-r' option. The next time File|Open
is used, browsing starts from that directory.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@490 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed segfault with combination of new dfilter struct usage, rfcode,
and File | Open option.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@489 f5534014-38df-0310-8fa8-9805f1628bb7

Added dfilter-int.h to list of deliverables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@488 f5534014-38df-0310-8fa8-9805f1628bb7

Modified YACC grammar to use non-yy symbols, to avoid conflicts with
libpcap's that were compiled with symbols beginning with 'yy'.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@487 f5534014-38df-0310-8fa8-9805f1628bb7

Have the "delta" format for time stamps show the time delta between a
packet and the previous *displayed* packet, rather than the previous
packet in a capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@486 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up the code that changes the "command-line-specified" time format to
handle a display with a display filter.

(Also, don't have it recompute the time stamps - they were computed when
the packet was added to the packet list in the first place.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@485 f5534014-38df-0310-8fa8-9805f1628bb7

Enable the "Display/Options" menu item when we're capturing with "-S",
so you can change the time stamp column while you're capturing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@484 f5534014-38df-0310-8fa8-9805f1628bb7

In "change_time_formats()", you have to set "fd->cinfo" before you can
use "check_col()", otherwise "check_col()" always fails, and the time
column never gets changed. (How did I manage to break that?)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@483 f5534014-38df-0310-8fa8-9805f1628bb7

Removed unneeded 'color' field from header_field_info.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@482 f5534014-38df-0310-8fa8-9805f1628bb7

Added Brad's <brad@openbsd.org> patch to fix compilation from
separate directory.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@481 f5534014-38df-0310-8fa8-9805f1628bb7

Moved global memory alloction used in display filters (which was stored
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@480 f5534014-38df-0310-8fa8-9805f1628bb7

Create a "dfilter-int.h" file, containing stuff used internally to the
display filter code but not outside it (and not static to one of the
modules in the display filter code), with most of that stuff moved there
from "dfilter.h".

Add a declaration of "byte_str_to_guint8_array()" to "dfilter-int.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@479 f5534014-38df-0310-8fa8-9805f1628bb7

One small regex change, just to be safe.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@478 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed two bugs in display filter parsing.

1. Some IP addresses (like 0.0.0.0) would be interpreted as byte ranges.
2. Parens were being ignored.

Thanks to Guy for pointing these out to me.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@477 f5534014-38df-0310-8fa8-9805f1628bb7

"file_sel_ok_cb()" isn't used except with the "File/Open" dialog box;
rename it to "file_open_ok_cb()", move it next to the routine to create
that dialog box, and make it static.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@476 f5534014-38df-0310-8fa8-9805f1628bb7

Added Ashok's fix for RSVP and support for RSVP+.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@475 f5534014-38df-0310-8fa8-9805f1628bb7

The "-R" command-line filter is applied when reading the capture file;
it's not a display filter (packets that don't match the filter are
discarded completely, not just filtered out of the display), although it
has the same syntax as a display filter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@473 f5534014-38df-0310-8fa8-9805f1628bb7

The changes to file loading decreased file loading time rather than
increasing it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@472 f5534014-38df-0310-8fa8-9805f1628bb7

Changed two #include <>'s to #include "" 's, for stylistic reasons only.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@471 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed packaging problem (the list of deliverables in the doc/ directory).
Updated NEWS file.
Moved version to 0.7.2 for imminent release.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@470 f5534014-38df-0310-8fa8-9805f1628bb7

Modified the flex scanner to use symbols that start with "dfilter_"
instead of "yy". (dfilter-grammar.y was modified to #define yylex as
dfilter_lex).

VERSION is no longer needed since the doc/Makefile now uses @VERSION@,
passed to it from 'configure'.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@469 f5534014-38df-0310-8fa8-9805f1628bb7

Modified autoconf/automake files for doc subdirectory so that all of
Ethereal can be compiled in a build directory separated from the source
directory.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@468 f5534014-38df-0310-8fa8-9805f1628bb7

Display counts of NetBEUI/NBF frames as "NetBIOS".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@467 f5534014-38df-0310-8fa8-9805f1628bb7

Jeff Foster's changes to add support for NetBEUI/NBF (NetBIOS atop 802.2
LLC, the original NetBIOS encapsulation).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@466 f5534014-38df-0310-8fa8-9805f1628bb7

Change the test of pcap_dispatch returned value
which might be -1.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@465 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the -S option timeout handling:
- when in a live capture mode no packet is received
during a timeout, the displayer process is notified
about any remaining captured packets. Note that this
fix works on Linux only with a patched libpcap.
- remove unnecessary time() call and sync_time
loop_data field.

Thanks to John McDermott for his help during fixing
and testing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@464 f5534014-38df-0310-8fa8-9805f1628bb7

More whitespace fixups, and fix a typo in a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@463 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up whitespace.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@462 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up some comments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@461 f5534014-38df-0310-8fa8-9805f1628bb7

Add the ability to specify a filter to be used when reading the file to
the "Open File" dialog box (the "Open File" dialog box equivalent of the
"-R" flag). Have "load_cap_file()" take the filter expression as an
argument, and make the global "rfilter" into a member of a
"capture_file" structure.

When reading a temporary capture file after a live capture, don't apply
any filter.

Move the code that pops up error boxes on file opens when reading a
capture file back to "load_cap_file()"; it also pops up error boxes if
the filter expression can't be parsed.

Don't enable "File/Save" or "File/Save As..." if an attempt to read a
capture file fails - if there was already an open capture file, it was
closed by "load_cap_file()", so we no longer have an open file to save.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@460 f5534014-38df-0310-8fa8-9805f1628bb7

Initialize the "next" pointer of a "frame_data" structure to NULL before
putting it on the list of frames.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@459 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the list of descriptions of codes in ICMP Unreachable messages.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@458 f5534014-38df-0310-8fa8-9805f1628bb7

Building a GList by adding elements to the end with "g_list_append()" is
N^2 in the ultimate size of the list (as "g_list_append()" is linear in
the size of the list, at least when used in the way the GLib
documentation says to use it); instead, maintain our own linked list of
"frame_data" structures for all packets read, including a pointer to the
last element.

"gtk_clist_set_row_data()" is linear in the row number, so if it's used
to attach a pointer to the "frame_data" structure for a packet to the
packet list GtkClist row for each packet, that's also N^2 in the number
of packets in that packet list; instead, store the row number in the
"frame_data" structure, and find the packet for a given row by scanning
the list for it (we were already scanning the list linearly to find that
packet's index in the list of all packets; that's only done when a
packet's selected, so it's not *too* bad, but it might be nice to avoid
having to do that scan).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@457 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed a bug in displaying RIF ring/bridge pairs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@456 f5534014-38df-0310-8fa8-9805f1628bb7

Added John McDermott's patch for handling ICMP Unreachable|Fragmentation
Required packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@455 f5534014-38df-0310-8fa8-9805f1628bb7

Jochen Friedrich's patch to add a "-R" flag, which takes a
display-filter syntax expression as an argument, and causes that filter
to be applied to all packets when a capture file is read in; packets
that don't match the filter are discarded.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@454 f5534014-38df-0310-8fa8-9805f1628bb7

Allow compilation of ethereal in a directory different than
the source directory. The doc makefile is still broken however.
Thanks to Jan Bernard van Doorn for raising this problem.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@453 f5534014-38df-0310-8fa8-9805f1628bb7

A further memory leak fix from Jochen Friedrich.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@452 f5534014-38df-0310-8fa8-9805f1628bb7

Move a comment, to correctly reflect which code in
"clear_tree_and_hex_views()" clears the hext dump window and which code
clears the protocol tree window.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@451 f5534014-38df-0310-8fa8-9805f1628bb7

Use "strrchr()", rather than "strchr()", to find the '/' in "argv[0]"
before the last component; thanks to Laurent Deniel for catching that one.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@450 f5534014-38df-0310-8fa8-9805f1628bb7

Changed version to 0.7.1

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@448 f5534014-38df-0310-8fa8-9805f1628bb7