git.samba.org - obnox/wireshark/wip.git/log

When a new display filter is to be applied, don't set "cf.dfilter" or
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.

This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.

This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@803 f5534014-38df-0310-8fa8-9805f1628bb7

Have "get_host_ipaddr()" return a Boolean indicating whether it
succeeded or failed, and, if it succeeded, have it fill in the IP
address if found through a pointer passed as the second argument.

Have it first try interpreting its first argument as a dotted-quad IP
address, with "inet_aton()", and, if that fails, have it try to
interpret it as a host name with "gethostbyname()"; don't bother with
"gethostbyaddr()", as we should be allowed to filter on IP addresses
even if there's no host name associated with them (there's no guarantee
that "gethostbyaddr()" will succeed if handed an IP address with no
corresponding name - and it looks as if FreeBSD 3.2, at least, may not
succeed in that case).

Add a "dfilter_fail()" routine that takes "printf()"-like arguments and
uses them to set an error message for the parse; doing so means that
even if the filter expression is syntactically valid, we treat it as
being invalid. (Is there a better way to force a parse to fail from
arbitrary places in routines called by the parser?)

Use that routine in the lexical analyzer.

If that error message was set, use it as is as the failure message,
rather than adding "Unable to parse filter string XXX" to it.

Have the code to handle IP addresses and host names in display filters
check whether "get_host_ipaddr()" succeeded or failed and, if it failed,
arrange that the parse fail with an error message indicating the source
of the problem.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@802 f5534014-38df-0310-8fa8-9805f1628bb7

The #defines to turn "yy{lex,error}" into names specific to the
parser/lexical analyzer in question are needed only in the ".c" files
for the generated parser and lexical analyzer, and Flex and Byacc/Bison
put them there; don't bother putting them in a header file, just
directly declare the functions with the right names.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@801 f5534014-38df-0310-8fa8-9805f1628bb7

Add reference to tcpdump manual page for capture filter syntax.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@800 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@799 f5534014-38df-0310-8fa8-9805f1628bb7

Big bunch of fixes to packet-smb.c for things I need.

Also added first pass of state keeping. I am using glib's hash
functions.

Modelled after packet-ncp.c.

We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...

I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@798 f5534014-38df-0310-8fa8-9805f1628bb7

Changed the macro XDLC_HAS_PAYLOAD(control) to look at only the first
bit of 'control' to check to see if it's an information frame:

#define XDLC_HAS_PAYLOAD(control) \
(((control) & 0x1) == XDLC_I || (control) == (XDLC_UI|XDLC_U))

I had erroneously AND'ed with 0x3 when I first put the AND in there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@797 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo in error message.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@796 f5534014-38df-0310-8fa8-9805f1628bb7

- fix a segmentation violation with big "match selected" filters.
- fix a memory leak.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@795 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@794 f5534014-38df-0310-8fa8-9805f1628bb7

- dissect data if type unknown
- add display filters

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@793 f5534014-38df-0310-8fa8-9805f1628bb7

- correct bound checkings in string parsing
- add display filters

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@792 f5534014-38df-0310-8fa8-9805f1628bb7

The abbreviation for a protocol is generally all-lower-case, as it's
used as a display filter to match all packets that contain data for that
protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@791 f5534014-38df-0310-8fa8-9805f1628bb7

Christophe Tronche's BPDU dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@790 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@789 f5534014-38df-0310-8fa8-9805f1628bb7

Move some definitions of stuff not used outside the Lucent/Ascend
capture file reading code from "ascend.h" to "ascend-int.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@788 f5534014-38df-0310-8fa8-9805f1628bb7

Add an "ascend-int.h" file, to declare routines used by more than one of
the files in the Lucent/Ascend capture file code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@787 f5534014-38df-0310-8fa8-9805f1628bb7

Include "main.h", to pull in the external declarations of several
routines defined in this file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@786 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the include-guard #define to be "__MAIN_H__", matching the name of
the file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@785 f5534014-38df-0310-8fa8-9805f1628bb7

Phil Techau's patch to allocate colors read-only and, if we can't get
that color from the system colormap, get the best color mode from GTK+,
allocate a new colormap, and use that colormap.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@784 f5534014-38df-0310-8fa8-9805f1628bb7

Make "dfilter_error()" available to the lexical analyzer.

Get rid of the declaration of the non-existent "dfilter_yyerror()", and
put in some #defines to work around the fact that the #defines to
replace "yy" with "dfilter_" in the names of Flex-generated and
Yacc-generated routines aren't put into a header file, they're put into
".c" files.

Have it remember the error message it was handed (unless it's Yacc's
boring "parse error" message).

When generating the message to be shown to the user on a parse error,
make it be the "Unable to parse filter string" message, and, if a
non-boring error message was supplied to "dfilter_error()", take that
error message onto the end.

Don't panic if a field type we don't yet support in the parser is seen;
generate an error, telling the user we don't support filter on that type
yet.

Don't assume that "global_df" has been set if we see an empty statement
(if the first token was the end-marker, because, say, the first token
the lexical analyzer found was a field of a type not yet supported in
filter expressions, "global_df" won't have been set).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@783 f5534014-38df-0310-8fa8-9805f1628bb7

- add display filters
- check for truncated header

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@782 f5534014-38df-0310-8fa8-9805f1628bb7

A DNS or NBNS name may contain pointers to other names in the packet; if
the stuff referred to by those pointers goes past the end of the packet,
that's not a reason not to return the length of the DNS or NBNS name
itself - you can tag that name even though it's bad. Therefore,
"get_dns_name()" should return the length of the part of the name it's
looked at even if that name contains a pointer to stuff that goes past
the end of the packet.

This means you can't check its return value to see if it's negative, and
treat it as an error if it is; remove that stuff.

Add checks to make sure the type and class fields in an RR don't go past
the end of the packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@781 f5534014-38df-0310-8fa8-9805f1628bb7

Add NBNS support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@780 f5534014-38df-0310-8fa8-9805f1628bb7

Add more packet bounds checking to DNS, and add some to NetBIOS-over-TCP
as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@779 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed the infinite-loop problem in the DNS dissector, at least for
the random packets I generated. I'm not convinced that all the problems
are gone. We now:

1. Check that the bytes are indded in the frame before accessing them
in dissect_dns_query() and dissect_dns_answer(). If not, we
return 0, which means "0-byte increment".

2. Check the return value of the two functions above in
dissect_query_records() and dissect_answer_records(), which have
loops that call those two functions above. If a 0-byte
increment is found, the loop is broken to avoid an infinite loop.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@778 f5534014-38df-0310-8fa8-9805f1628bb7

Added ICMP and DNS to randpkt.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@777 f5534014-38df-0310-8fa8-9805f1628bb7

Fix dfilter scanner to accept hyphenated hostnames for IPv4 addresses.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@776 f5534014-38df-0310-8fa8-9805f1628bb7

Give it a copyright notice and RCS ID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@775 f5534014-38df-0310-8fa8-9805f1628bb7

Give them RCS IDs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@774 f5534014-38df-0310-8fa8-9805f1628bb7

Whitespace cleanup.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@773 f5534014-38df-0310-8fa8-9805f1628bb7

Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).

Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@772 f5534014-38df-0310-8fa8-9805f1628bb7

Make "create_color_sel_win()" static to "colors.c" - it's not used
outside that file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@771 f5534014-38df-0310-8fa8-9805f1628bb7

Make "wtap_strerror()" handle zlib errors *correctly*.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@770 f5534014-38df-0310-8fa8-9805f1628bb7

Better handle errors from zlib:

Assign a range of Wiretap errors for zlib errors, and have
"wtap_strerror()" use "zError()" to get an error message for
them.

Have the internal "file_error()" routine return 0 for no error
and a Wiretap error code for an error.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@769 f5534014-38df-0310-8fa8-9805f1628bb7

Added Santeri Paavolainen's <santtu@ssh.fi> patch to set default colors
in the color selection wheel.

Added his patch to file.c to look for bogus frame_data pointers, but made
it a g_assert().

Modified my previous patch to colors.c to skip bad color display filters.
I skipped them, but they still appeared in the color dialogue. Now bad
filtes are not put into the color filter list, so they don't appear in
the color dialogue. As a [good] side-effect, the next time you save
your color filter list, the bad filters are removed from the colorfilters
file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@768 f5534014-38df-0310-8fa8-9805f1628bb7

Corrected comment regarding usage.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@767 f5534014-38df-0310-8fa8-9805f1628bb7

Removed dummy protocol and removed bug which prevented the first
registered protocol's name from being used in a display filter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@766 f5534014-38df-0310-8fa8-9805f1628bb7

Let color filter routines survive a bad display filter. It used to
segfault on a bad colorfilters file. This file now works as expected;
that is, the second filter is ignored:

# DO NOT EDIT THIS FILE! It was created by Ethereal
@ipx@ipx@[65535,65535,65535][65535,19104,22902]
@bad@bad@[65535,65535,65535][65535,19104,22902]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@765 f5534014-38df-0310-8fa8-9805f1628bb7

- add ARP display filters
- check for truncated header

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@764 f5534014-38df-0310-8fa8-9805f1628bb7

Oops, forgot to check truncated header.

Please, please in new dissector routines, check for
truncated packets, especially when string operations
or loop on bytes are used (to avoid display of erroneous
data and infinite loop or segmentation violation) !

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@763 f5534014-38df-0310-8fa8-9805f1628bb7

packet-aarp.c:
- add display filter for AARP

proto.c:
- register a dummy protocol before the first one (aarp)
since the first entry can not be filtered (bug ?)
Gilbert, could you check this ?

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@762 f5534014-38df-0310-8fa8-9805f1628bb7

Fix request argument display with some pop clients
that send only '\n' instead of '\r''\n' and handle
more correctly truncated packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@761 f5534014-38df-0310-8fa8-9805f1628bb7

"gmtime()" takes a pointer to a "time_t", not a pointer to a "guint32",
as an argument. ("time_t" could be 64 bits - I think it is 64 bits on
some platforms, e.g. Alpha Linux - and it's typically signed rather
than unsigned.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@760 f5534014-38df-0310-8fa8-9805f1628bb7

A small fix to the handling of NetBIOS continuation messages where a
POSITIVE_SESSION_ACK was treated as a continuation :-(

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@759 f5534014-38df-0310-8fa8-9805f1628bb7

A bunch of fixes for SMB decode.

  1. Fix some silly errors.
  2. Dont decode beyond Word Count if errcode > 0
  3. Decode a bunch mode SMBs

Next is to keep state so we can do a better job ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@758 f5534014-38df-0310-8fa8-9805f1628bb7

Don't initialize the file name field in the "File/Open" dialog box with
the name of the current save file - we no longer have the "-F" flag, and
"-S" automatically reads from the capture file as packets arrive, so
there's no need to manually open the capture file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@757 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of some unused fields in a "capture_file" structure.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@756 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of "-F" - "-S" works, and has a more convenient UI.

Print a usage message if an illegal command-line flag is seen.

Clean up the usage message a bit.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@755 f5534014-38df-0310-8fa8-9805f1628bb7

Wrap stufff that's used only if we have "libpcap" in "#ifdef
HAVE_LIBPCAP"/"#endif".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@754 f5534014-38df-0310-8fa8-9805f1628bb7

Move the declaration of global variables involved with packet capture
from "globals.h" to "capture.h".

Only "capture.c" needs to include <pcap.h>; move the include of <pcap.h>
from "capture.h" to "capture.c".

We no longer need any DLT_ defines (that's handled inside Wiretap);
remove the defines of DLT_ from "capture.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@753 f5534014-38df-0310-8fa8-9805f1628bb7

Check for truncated header.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@752 f5534014-38df-0310-8fa8-9805f1628bb7

Add ICMP display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@751 f5534014-38df-0310-8fa8-9805f1628bb7

Fix IGMP dfilter (some fields were registered and so
documented in man but the new dfilter functions were
not used).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@750 f5534014-38df-0310-8fa8-9805f1628bb7

Add a file name field to the "Capture/Start" dialog box; if it's blank,
the capture will be done to a temporary file, otherwise it'll be done to
the specified file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@749 f5534014-38df-0310-8fa8-9805f1628bb7

Have "do_capture()" take, as an argument, a pointer to the name of the
file to which to write the capture; if it's NULL, create a temporary
file and use that.

Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.

This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@748 f5534014-38df-0310-8fa8-9805f1628bb7

A child process for a "-S" or "-F" capture should *always* exit when the
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.

"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@747 f5534014-38df-0310-8fa8-9805f1628bb7

Move the definitions of "sync_mode", "sync_pipe", "fork_mode",
"quit_after_cap", and "capture_child" from "gtk/main.c" to "capture.c",
so that the definitions don't have to be duplicated in "main.c" for
other UIs if, as, and when we do versions of Ethereal with other UIs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@746 f5534014-38df-0310-8fa8-9805f1628bb7

Uwe Girlich's patch to handle OSes (e.g., SINIX) that lack
"strncasecmp()" or "mkstemp()"; add in source to the GNU "libc"
versions, and have the "configure" script check for the routines in
question and set up the Makefile to build from our versions if they're
missing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@745 f5534014-38df-0310-8fa8-9805f1628bb7

A "time units" value of 5 means "microseconds", according to an FDDI
Sniffer trace, and printout therefrom, sent to me by Jeff Foster. (The
Sniffer manuals I'd had a chance to read didn't say what the units
were.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@744 f5534014-38df-0310-8fa8-9805f1628bb7

Added check for <sys/wait.h> #ifdef'ed the SIGSYS block of code, since
some platforms (Linux) don't have SIGSYS. Linux's rationalization is that
SIGSYS is not a POSIX-defined signal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@743 f5534014-38df-0310-8fa8-9805f1628bb7

If we specify a save file name with "-w", mark it as "user saved", so
that we don't delete it if we later start a new capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@742 f5534014-38df-0310-8fa8-9805f1628bb7

When we get an EOF on the sync pipe in sync mode, wait for the child to
exit, so that it doesn't hang around as an unreaped zombie until the
parent exits, and, if it stopped or terminated due to a signal, report
that in a message box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@741 f5534014-38df-0310-8fa8-9805f1628bb7

Add a new global flag "capture_child", which is TRUE if we're a child
process for a sync mode or fork mode capture.

Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).

Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".

Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).

For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.

All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@740 f5534014-38df-0310-8fa8-9805f1628bb7

If we're given the "-k" flag, don't start the capture until after we've:

popped up the top-level window (so that it looks like a capture
started from "Capture/Start");

initialized the colors (so that we don't dump core when reading
in the capture file);

popped up any message box for failure to read the preferences
file.

This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.

If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that

1) it shows up in a "ps" with a special name;

2) we don't have to invent Yet Another Flag to say "you're the
child".

(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)

If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@739 f5534014-38df-0310-8fa8-9805f1628bb7

GTK 1.2.5 version (not that it matters, given that GLib declares
"gboolean" to be a typedef of "gint").

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@738 f5534014-38df-0310-8fa8-9805f1628bb7

Enable "Print hex" only if "Print detail" is on.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@737 f5534014-38df-0310-8fa8-9805f1628bb7

Add an item to the "File/Print" dialog box to ask that the full hex data
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).

If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.

Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@736 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed assert error reported by Dewi Morgan <dewim@sco.com>.
After some bad dfilter parses, the top-level dfilter tree (global_df->dftree)
would erroneously be set to the last good dfilter_node that was parsed.
Later, the non-NULLness of the dftree made us clear it.. really confusing
GTK internals. After _that_, new GNodes created via g_node_new() would
all have the same address!

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@735 f5534014-38df-0310-8fa8-9805f1628bb7

Added and extended Santeri Paavolainen's <santtu@ssh.fi> patch
to avoid applying NULL dfilters while setting colorization dfilters
during an ongoing, screen-updating, capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@734 f5534014-38df-0310-8fa8-9805f1628bb7

"snoop" seems to treat "IEEE 802.3" and "Ethernet" datalink types the
same (which raises the question "so why the heck are there two types?" -
note that the way you're supposed to tell Ethernet from 802.3 packets is
by looking at the value of the type/length field; both of them can be
transmitted on the same wire), so we'll treat them the same.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@733 f5534014-38df-0310-8fa8-9805f1628bb7

Replace the parens around 'control' in the two macros that I modified. I
accidentally removed them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@732 f5534014-38df-0310-8fa8-9805f1628bb7

Don't bother setting the length of the LLC header when we create the LLC
tree to anything other than 0, as we're going to change it to the right
value once the control field has been parsed and we know the right value.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@731 f5534014-38df-0310-8fa8-9805f1628bb7

When checking whether a control field is for a UI frame, you have to
check all the bits of the control field (otherwise, you're just checking
whether it's a U frame).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@730 f5534014-38df-0310-8fa8-9805f1628bb7

Mask out unnecessary bits in control guint16 in order to properly
compare against XDLC_I, XDLC_UI, and XDLC_U in XDLC_HAS_PAYLOAD() and
XDLC_CONTROL_LEN() macros.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@729 f5534014-38df-0310-8fa8-9805f1628bb7

Handle the length of the LLC(+SNAP) header correctly for SNAP frames.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@728 f5534014-38df-0310-8fa8-9805f1628bb7

Have "get_xdlc_control()" and "dissect_xdlc_control()" return the
xDLC control field, so that its caller can not only determine from it
whether the frame has a payload, but can also determine how long the
control field is. Put macros in "xdlc.h" to determine both of those.

Have "capture_llc()" and "dissect_llc()" use that information
appropriately.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@727 f5534014-38df-0310-8fa8-9805f1628bb7

Added name resolution in GUI part:

- Capture->Start->"Active name resolution"

Allows the user to turn on/off name resolution
during a live capture.

- Display->Options->"Name resolution"

Turn on/off name resolution for the displayed
data (or during the -S mode).
E.g. clicking on a packet captured with
resolution disabled will resolve names in
the detailed list if this option is set.
And applying or resetting a display filter
allows the update of the packet list as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@726 f5534014-38df-0310-8fa8-9805f1628bb7

Make Information Frame honor is_extended variable when reading Control.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@725 f5534014-38df-0310-8fa8-9805f1628bb7

Squelch a (justified, although the child process *shouldn't* ever send
us, at that point, a character with the 8th bit set) complaint about a
"char" array subscript in an "isdigit()" call by making the character
unsigned.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@724 f5534014-38df-0310-8fa8-9805f1628bb7

Changed version to 0.7.5

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@722 f5534014-38df-0310-8fa8-9805f1628bb7

DO NOT check for "unistd.h"; due to an unfortunate botch in the way
"zlib" was built in FreeBSD 3.2 (and possibly other 4.4-Lite-derived
BSDs), if HAVE_UNISTD_H is defined before "zlib.h" is included, the
declaration of "gzseek()" in "zlib.h" expands to something that doesn't
match what's in the OS's "zlib".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@721 f5534014-38df-0310-8fa8-9805f1628bb7

Fix it so that it builds with "--disable-zlib".

The "fh" member of a "wtap" structure points to something constructed
from the "fd" member of that structure, so that closing the stream
referred to by "fh" also closes the underlying file descriptor; get rid
of an unnecessary close of "wth->fd".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@720 f5534014-38df-0310-8fa8-9805f1628bb7

Re-enable progress bar movement during display filter processing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@718 f5534014-38df-0310-8fa8-9805f1628bb7

Many more packaging changes. Lets compilation with new gtk subdirectory
work if build tree is different than source tree. Some wiretap files
had to be added to the list of deliverables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@717 f5534014-38df-0310-8fa8-9805f1628bb7

In "try_tempfile()", if the buffer is too short for the temporary file
name, stuff as much of the name as will fit into the buffer before
returning an error, so the error message that gets displayed isn't
completely mangled.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@716 f5534014-38df-0310-8fa8-9805f1628bb7

Packaging changes

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@715 f5534014-38df-0310-8fa8-9805f1628bb7

Moved version to 0.7.4; updated documentation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@714 f5534014-38df-0310-8fa8-9805f1628bb7

Dirk Bonne's fix to ICMP timestamp dissection.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@713 f5534014-38df-0310-8fa8-9805f1628bb7

Close the capture file in "do_capture()", right before unlinking the
current capture file if it's a temporary file, out of paranoia (so that
we don't get into a state where we have a capture file open but unlinked
- it's probably harmless to be in that state, as the file will remain
around until close, modulo NFS fun, and we may never be in that state
for very long, but I'd rather have it obviously stated in the code).

Remove the close in "capture()", and put one before the other call to
"capture()", in "main_realize_cb()" (is that call necessary, e.g. if you
pass "-r <filename>" *and* "-k", for some perverse reason, as
command-line arguments?).

If "cf.save_file" is non-null, free it before setting it, regardless of
whether it refers to a temporary file name or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@712 f5534014-38df-0310-8fa8-9805f1628bb7

If we forcibly turn off "fork_mode" if the user doesn't enable "Update
list of packets in real time" in the "Capture/Start" dialog box,
"ethereal -F" won't work - you get your choice of non-forked capture or
"-S".

Don't have "fork_mode" track "sync_mode"; instead, in those places where
we check for "fork_mode", check for "sync_mode" as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@711 f5534014-38df-0310-8fa8-9805f1628bb7

In fork mode, close the capture file in "do_capture()", because the
child will nuke that file before we get to open the capture in
"tail_cap_file()" - assuming we do, because the capture may not start.

If we fail while writing to, or closing, a capture file we've opened for
writing, don't treat that as a capture error, as we may have saved at
least some packets to the capture file (that's the way it worked before
my recent checkins).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@710 f5534014-38df-0310-8fa8-9805f1628bb7

Update to reflect changes to the "Capture/Start" and "Display/Options"
dialog boxes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@709 f5534014-38df-0310-8fa8-9805f1628bb7

Move the toolkit-independent code to create a temporary capture file,
and to fork off and run a separate copy of "ethereal" for "-S" and "-F"
captures or just call "capture()" otherwise, out of "gtk/capture_dlg.c"
and into a routine in "capture.c".

If the attempt to create said temporary capture file fails, pop up a
dialog box and don't do the capture.

Have the child capture process send a message upstream after it either
successfully starts the capture and syncs out the header of the capture
file, or fails to start the capture; the message indicates whether it
succeeded or failed, and, if it failed, includes a failure message.
This:

avoids the use of a signal, and thus means we don't have to
worry about whether to capture the signal, or whether to start
or stop capturing depending on whether this particular capture
is in sync mode or not;

lets us pop up the message box for the error in the parent
process if we're in sync mode, rather than doing it in the
child, which didn't work well.

Add a check button to the Capture/Start dialog box, so that we can
control, for each capture, whether it's to be done in sync mode or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@708 f5534014-38df-0310-8fa8-9805f1628bb7

Make the buffer into which we read from the sync pipe one byte bigger
than the size of the reads we do, so that we have an extra byte at the
end into which we can stick a '\0' to guarantee null-termination of the
buffer.

When reading the capture file in "tail_cap_file()", use "file_open()"
rather than "fopen()", so that we work correctly if we're using "zlib"
to read capture files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@707 f5534014-38df-0310-8fa8-9805f1628bb7

Give it an RCS ID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@706 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the calculation of the temporary file name length in
"try_tempfile()" - the first component of the name comes from the "dir"
argument, so use its length, not the length of the string in the buffer
it should fill in (said buffer may contain garbage, which may not *be* a
C string).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@705 f5534014-38df-0310-8fa8-9805f1628bb7

Give it an RCS ID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@704 f5534014-38df-0310-8fa8-9805f1628bb7

When reading a capture file, we can detect whether it's compressed or
not, so it's OK to use "zlib" to read capture files, as it handles
uncompressed files correctly.

When *writing* capture files, however, we can't detect automatically
whether the user wanted to write the file out as a compressed file or
not, so we should *NOT* use "zlib" until we add a flag to the API
specifying whether to write the file out as a compressed file or not.

Furthermore, the code in Ethereal that implements the "-S" flag depends
on being able to get the "FILE *" for a capture file being written, so
that it can "fflush()" it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@703 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of unused variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@702 f5534014-38df-0310-8fa8-9805f1628bb7