guy [Mon, 11 Oct 1999 06:39:26 +0000 (06:39 +0000)]
When a new display filter is to be applied, don't set "cf.dfilter" or
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@803
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 11 Oct 1999 03:03:12 +0000 (03:03 +0000)]
Have "get_host_ipaddr()" return a Boolean indicating whether it
succeeded or failed, and, if it succeeded, have it fill in the IP
address if found through a pointer passed as the second argument.
Have it first try interpreting its first argument as a dotted-quad IP
address, with "inet_aton()", and, if that fails, have it try to
interpret it as a host name with "gethostbyname()"; don't bother with
"gethostbyaddr()", as we should be allowed to filter on IP addresses
even if there's no host name associated with them (there's no guarantee
that "gethostbyaddr()" will succeed if handed an IP address with no
corresponding name - and it looks as if FreeBSD 3.2, at least, may not
succeed in that case).
Add a "dfilter_fail()" routine that takes "printf()"-like arguments and
uses them to set an error message for the parse; doing so means that
even if the filter expression is syntactically valid, we treat it as
being invalid. (Is there a better way to force a parse to fail from
arbitrary places in routines called by the parser?)
Use that routine in the lexical analyzer.
If that error message was set, use it as is as the failure message,
rather than adding "Unable to parse filter string XXX" to it.
Have the code to handle IP addresses and host names in display filters
check whether "get_host_ipaddr()" succeeded or failed and, if it failed,
arrange that the parse fail with an error message indicating the source
of the problem.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@802
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 10 Oct 1999 18:16:43 +0000 (18:16 +0000)]
The #defines to turn "yy{lex,error}" into names specific to the
parser/lexical analyzer in question are needed only in the ".c" files
for the generated parser and lexical analyzer, and Flex and Byacc/Bison
put them there; don't bother putting them in a header file, just
directly declare the functions with the right names.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@801
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 10 Oct 1999 16:25:28 +0000 (16:25 +0000)]
Add reference to tcpdump manual page for capture filter syntax.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@800
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 10 Oct 1999 16:09:33 +0000 (16:09 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@799
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Sun, 10 Oct 1999 11:50:45 +0000 (11:50 +0000)]
Big bunch of fixes to packet-smb.c for things I need.
Also added first pass of state keeping. I am using glib's hash
functions.
Modelled after packet-ncp.c.
We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...
I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@798
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Sun, 10 Oct 1999 03:59:29 +0000 (03:59 +0000)]
Changed the macro XDLC_HAS_PAYLOAD(control) to look at only the first
bit of 'control' to check to see if it's an information frame:
#define XDLC_HAS_PAYLOAD(control) \
(((control) & 0x1) == XDLC_I || (control) == (XDLC_UI|XDLC_U))
I had erroneously AND'ed with 0x3 when I first put the AND in there.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@797
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 9 Oct 1999 14:14:53 +0000 (14:14 +0000)]
Fix a typo in error message.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@796
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 9 Oct 1999 14:05:04 +0000 (14:05 +0000)]
- fix a segmentation violation with big "match selected" filters.
- fix a memory leak.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@795
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 9 Oct 1999 13:31:30 +0000 (13:31 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@794
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 9 Oct 1999 13:05:55 +0000 (13:05 +0000)]
- dissect data if type unknown
- add display filters
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@793
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 9 Oct 1999 11:56:15 +0000 (11:56 +0000)]
- correct bound checkings in string parsing
- add display filters
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@792
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 21:20:23 +0000 (21:20 +0000)]
The abbreviation for a protocol is generally all-lower-case, as it's
used as a display filter to match all packets that contain data for that
protocol.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@791
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 20:50:39 +0000 (20:50 +0000)]
Christophe Tronche's BPDU dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@790
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Fri, 8 Oct 1999 13:57:31 +0000 (13:57 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@789
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 07:45:31 +0000 (07:45 +0000)]
Move some definitions of stuff not used outside the Lucent/Ascend
capture file reading code from "ascend.h" to "ascend-int.h".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@788
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 07:41:33 +0000 (07:41 +0000)]
Add an "ascend-int.h" file, to declare routines used by more than one of
the files in the Lucent/Ascend capture file code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@787
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 07:31:10 +0000 (07:31 +0000)]
Include "main.h", to pull in the external declarations of several
routines defined in this file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@786
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 8 Oct 1999 07:29:42 +0000 (07:29 +0000)]
Fix the include-guard #define to be "__MAIN_H__", matching the name of
the file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@785
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 7 Oct 1999 22:50:45 +0000 (22:50 +0000)]
Phil Techau's patch to allocate colors read-only and, if we can't get
that color from the system colormap, get the best color mode from GTK+,
allocate a new colormap, and use that colormap.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@784
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 7 Oct 1999 21:47:20 +0000 (21:47 +0000)]
Make "dfilter_error()" available to the lexical analyzer.
Get rid of the declaration of the non-existent "dfilter_yyerror()", and
put in some #defines to work around the fact that the #defines to
replace "yy" with "dfilter_" in the names of Flex-generated and
Yacc-generated routines aren't put into a header file, they're put into
".c" files.
Have it remember the error message it was handed (unless it's Yacc's
boring "parse error" message).
When generating the message to be shown to the user on a parse error,
make it be the "Unable to parse filter string" message, and, if a
non-boring error message was supplied to "dfilter_error()", take that
error message onto the end.
Don't panic if a field type we don't yet support in the parser is seen;
generate an error, telling the user we don't support filter on that type
yet.
Don't assume that "global_df" has been set if we see an empty statement
(if the first token was the end-marker, because, say, the first token
the lexical analyzer found was a field of a type not yet supported in
filter expressions, "global_df" won't have been set).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@783
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Thu, 7 Oct 1999 17:11:11 +0000 (17:11 +0000)]
- add display filters
- check for truncated header
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@782
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 7 Oct 1999 09:21:38 +0000 (09:21 +0000)]
A DNS or NBNS name may contain pointers to other names in the packet; if
the stuff referred to by those pointers goes past the end of the packet,
that's not a reason not to return the length of the DNS or NBNS name
itself - you can tag that name even though it's bad. Therefore,
"get_dns_name()" should return the length of the part of the name it's
looked at even if that name contains a pointer to stuff that goes past
the end of the packet.
This means you can't check its return value to see if it's negative, and
treat it as an error if it is; remove that stuff.
Add checks to make sure the type and class fields in an RR don't go past
the end of the packet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@781
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 7 Oct 1999 07:55:12 +0000 (07:55 +0000)]
Add NBNS support.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@780
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 7 Oct 1999 07:44:29 +0000 (07:44 +0000)]
Add more packet bounds checking to DNS, and add some to NetBIOS-over-TCP
as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@779
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 7 Oct 1999 02:26:45 +0000 (02:26 +0000)]
Fixed the infinite-loop problem in the DNS dissector, at least for
the random packets I generated. I'm not convinced that all the problems
are gone. We now:
1. Check that the bytes are indded in the frame before accessing them
in dissect_dns_query() and dissect_dns_answer(). If not, we
return 0, which means "0-byte increment".
2. Check the return value of the two functions above in
dissect_query_records() and dissect_answer_records(), which have
loops that call those two functions above. If a 0-byte
increment is found, the loop is broken to avoid an infinite loop.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@778
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 6 Oct 1999 20:29:26 +0000 (20:29 +0000)]
Added ICMP and DNS to randpkt.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@777
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 6 Oct 1999 18:42:40 +0000 (18:42 +0000)]
Fix dfilter scanner to accept hyphenated hostnames for IPv4 addresses.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@776
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 6 Oct 1999 03:38:37 +0000 (03:38 +0000)]
Give it a copyright notice and RCS ID.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@775
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 6 Oct 1999 03:33:48 +0000 (03:33 +0000)]
Give them RCS IDs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@774
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 6 Oct 1999 03:30:21 +0000 (03:30 +0000)]
Whitespace cleanup.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@773
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 6 Oct 1999 03:29:36 +0000 (03:29 +0000)]
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@772
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 5 Oct 1999 18:10:34 +0000 (18:10 +0000)]
Make "create_color_sel_win()" static to "colors.c" - it's not used
outside that file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@771
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 5 Oct 1999 07:22:53 +0000 (07:22 +0000)]
Make "wtap_strerror()" handle zlib errors *correctly*.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@770
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 5 Oct 1999 07:06:08 +0000 (07:06 +0000)]
Better handle errors from zlib:
Assign a range of Wiretap errors for zlib errors, and have
"wtap_strerror()" use "zError()" to get an error message for
them.
Have the internal "file_error()" routine return 0 for no error
and a Wiretap error code for an error.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@769
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Tue, 5 Oct 1999 04:34:00 +0000 (04:34 +0000)]
Added Santeri Paavolainen's <santtu@ssh.fi> patch to set default colors
in the color selection wheel.
Added his patch to file.c to look for bogus frame_data pointers, but made
it a g_assert().
Modified my previous patch to colors.c to skip bad color display filters.
I skipped them, but they still appeared in the color dialogue. Now bad
filtes are not put into the color filter list, so they don't appear in
the color dialogue. As a [good] side-effect, the next time you save
your color filter list, the bad filters are removed from the colorfilters
file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@768
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 4 Oct 1999 18:53:26 +0000 (18:53 +0000)]
Corrected comment regarding usage.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@767
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 4 Oct 1999 18:09:05 +0000 (18:09 +0000)]
Removed dummy protocol and removed bug which prevented the first
registered protocol's name from being used in a display filter.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@766
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 4 Oct 1999 15:00:20 +0000 (15:00 +0000)]
Let color filter routines survive a bad display filter. It used to
segfault on a bad colorfilters file. This file now works as expected;
that is, the second filter is ignored:
# DO NOT EDIT THIS FILE! It was created by Ethereal
@ipx@ipx@[65535,65535,65535][65535,19104,22902]
@bad@bad@[65535,65535,65535][65535,19104,22902]
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@765
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 3 Oct 1999 17:12:15 +0000 (17:12 +0000)]
- add ARP display filters
- check for truncated header
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@764
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 3 Oct 1999 15:21:11 +0000 (15:21 +0000)]
Oops, forgot to check truncated header.
Please, please in new dissector routines, check for
truncated packets, especially when string operations
or loop on bytes are used (to avoid display of erroneous
data and infinite loop or segmentation violation) !
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@763
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 3 Oct 1999 15:06:28 +0000 (15:06 +0000)]
packet-aarp.c:
- add display filter for AARP
proto.c:
- register a dummy protocol before the first one (aarp)
since the first entry can not be filtered (bug ?)
Gilbert, could you check this ?
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@762
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 3 Oct 1999 13:44:32 +0000 (13:44 +0000)]
Fix request argument display with some pop clients
that send only '\n' instead of '\r''\n' and handle
more correctly truncated packets.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@761
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 3 Oct 1999 05:01:56 +0000 (05:01 +0000)]
"gmtime()" takes a pointer to a "time_t", not a pointer to a "guint32",
as an argument. ("time_t" could be 64 bits - I think it is 64 bits on
some platforms, e.g. Alpha Linux - and it's typically signed rather
than unsigned.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@760
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Sun, 3 Oct 1999 01:19:25 +0000 (01:19 +0000)]
A small fix to the handling of NetBIOS continuation messages where a
POSITIVE_SESSION_ACK was treated as a continuation :-(
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@759
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Sun, 3 Oct 1999 01:14:33 +0000 (01:14 +0000)]
A bunch of fixes for SMB decode.
1. Fix some silly errors.
2. Dont decode beyond Word Count if errcode > 0
3. Decode a bunch mode SMBs
Next is to keep state so we can do a better job ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@758
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 20:25:45 +0000 (20:25 +0000)]
Don't initialize the file name field in the "File/Open" dialog box with
the name of the current save file - we no longer have the "-F" flag, and
"-S" automatically reads from the capture file as packets arrive, so
there's no need to manually open the capture file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@757
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 20:23:53 +0000 (20:23 +0000)]
Get rid of some unused fields in a "capture_file" structure.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@756
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 20:00:46 +0000 (20:00 +0000)]
Get rid of "-F" - "-S" works, and has a more convenient UI.
Print a usage message if an illegal command-line flag is seen.
Clean up the usage message a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@755
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 19:33:14 +0000 (19:33 +0000)]
Wrap stufff that's used only if we have "libpcap" in "#ifdef
HAVE_LIBPCAP"/"#endif".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@754
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 19:24:27 +0000 (19:24 +0000)]
Move the declaration of global variables involved with packet capture
from "globals.h" to "capture.h".
Only "capture.c" needs to include <pcap.h>; move the include of <pcap.h>
from "capture.h" to "capture.c".
We no longer need any DLT_ defines (that's handled inside Wiretap);
remove the defines of DLT_ from "capture.h".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@753
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 2 Oct 1999 16:58:41 +0000 (16:58 +0000)]
Check for truncated header.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@752
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 2 Oct 1999 16:21:07 +0000 (16:21 +0000)]
Add ICMP display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@751
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sat, 2 Oct 1999 15:55:28 +0000 (15:55 +0000)]
Fix IGMP dfilter (some fields were registered and so
documented in man but the new dfilter functions were
not used).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@750
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 07:13:20 +0000 (07:13 +0000)]
Add a file name field to the "Capture/Start" dialog box; if it's blank,
the capture will be done to a temporary file, otherwise it'll be done to
the specified file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@749
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 06:26:53 +0000 (06:26 +0000)]
Have "do_capture()" take, as an argument, a pointer to the name of the
file to which to write the capture; if it's NULL, create a temporary
file and use that.
Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.
This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@748
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 2 Oct 1999 06:00:07 +0000 (06:00 +0000)]
A child process for a "-S" or "-F" capture should *always* exit when the
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.
"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@747
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 1 Oct 1999 21:52:03 +0000 (21:52 +0000)]
Move the definitions of "sync_mode", "sync_pipe", "fork_mode",
"quit_after_cap", and "capture_child" from "gtk/main.c" to "capture.c",
so that the definitions don't have to be duplicated in "main.c" for
other UIs if, as, and when we do versions of Ethereal with other UIs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@746
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 1 Oct 1999 21:41:38 +0000 (21:41 +0000)]
Uwe Girlich's patch to handle OSes (e.g., SINIX) that lack
"strncasecmp()" or "mkstemp()"; add in source to the GNU "libc"
versions, and have the "configure" script check for the routines in
question and set up the Makefile to build from our versions if they're
missing.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@745
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 20:34:26 +0000 (20:34 +0000)]
A "time units" value of 5 means "microseconds", according to an FDDI
Sniffer trace, and printout therefrom, sent to me by Jeff Foster. (The
Sniffer manuals I'd had a chance to read didn't say what the units
were.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@744
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 30 Sep 1999 16:24:07 +0000 (16:24 +0000)]
Added check for <sys/wait.h> #ifdef'ed the SIGSYS block of code, since
some platforms (Linux) don't have SIGSYS. Linux's rationalization is that
SIGSYS is not a POSIX-defined signal.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@743
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 07:19:35 +0000 (07:19 +0000)]
If we specify a save file name with "-w", mark it as "user saved", so
that we don't delete it if we later start a new capture.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@742
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 07:15:19 +0000 (07:15 +0000)]
When we get an EOF on the sync pipe in sync mode, wait for the child to
exit, so that it doesn't hang around as an unreaped zombie until the
parent exits, and, if it stopped or terminated due to a signal, report
that in a message box.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@741
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 06:50:01 +0000 (06:50 +0000)]
Add a new global flag "capture_child", which is TRUE if we're a child
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@740
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 06:11:51 +0000 (06:11 +0000)]
If we're given the "-k" flag, don't start the capture until after we've:
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@739
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 30 Sep 1999 02:57:26 +0000 (02:57 +0000)]
GTK 1.2.5 version (not that it matters, given that GLib declares
"gboolean" to be a typedef of "gint").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@738
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 29 Sep 1999 22:25:41 +0000 (22:25 +0000)]
Enable "Print hex" only if "Print detail" is on.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@737
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 29 Sep 1999 22:19:24 +0000 (22:19 +0000)]
Add an item to the "File/Print" dialog box to ask that the full hex data
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).
If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.
Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@736
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 29 Sep 1999 22:11:51 +0000 (22:11 +0000)]
Fixed assert error reported by Dewi Morgan <dewim@sco.com>.
After some bad dfilter parses, the top-level dfilter tree (global_df->dftree)
would erroneously be set to the last good dfilter_node that was parsed.
Later, the non-NULLness of the dftree made us clear it.. really confusing
GTK internals. After _that_, new GNodes created via g_node_new() would
all have the same address!
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@735
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 29 Sep 1999 14:41:34 +0000 (14:41 +0000)]
Added and extended Santeri Paavolainen's <santtu@ssh.fi> patch
to avoid applying NULL dfilters while setting colorization dfilters
during an ongoing, screen-updating, capture.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@734
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 28 Sep 1999 01:19:01 +0000 (01:19 +0000)]
"snoop" seems to treat "IEEE 802.3" and "Ethernet" datalink types the
same (which raises the question "so why the heck are there two types?" -
note that the way you're supposed to tell Ethernet from 802.3 packets is
by looking at the value of the type/length field; both of them can be
transmitted on the same wire), so we'll treat them the same.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@733
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 27 Sep 1999 13:51:54 +0000 (13:51 +0000)]
Replace the parens around 'control' in the two macros that I modified. I
accidentally removed them.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@732
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 27 Sep 1999 08:39:10 +0000 (08:39 +0000)]
Don't bother setting the length of the LLC header when we create the LLC
tree to anything other than 0, as we're going to change it to the right
value once the control field has been parsed and we know the right value.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@731
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 27 Sep 1999 08:33:26 +0000 (08:33 +0000)]
When checking whether a control field is for a UI frame, you have to
check all the bits of the control field (otherwise, you're just checking
whether it's a U frame).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@730
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 27 Sep 1999 03:12:55 +0000 (03:12 +0000)]
Mask out unnecessary bits in control guint16 in order to properly
compare against XDLC_I, XDLC_UI, and XDLC_U in XDLC_HAS_PAYLOAD() and
XDLC_CONTROL_LEN() macros.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@729
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 26 Sep 1999 20:40:00 +0000 (20:40 +0000)]
Handle the length of the LLC(+SNAP) header correctly for SNAP frames.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@728
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 26 Sep 1999 20:31:51 +0000 (20:31 +0000)]
Have "get_xdlc_control()" and "dissect_xdlc_control()" return the
xDLC control field, so that its caller can not only determine from it
whether the frame has a payload, but can also determine how long the
control field is. Put macros in "xdlc.h" to determine both of those.
Have "capture_llc()" and "dissect_llc()" use that information
appropriately.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@727
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 26 Sep 1999 14:40:01 +0000 (14:40 +0000)]
Added name resolution in GUI part:
- Capture->Start->"Active name resolution"
Allows the user to turn on/off name resolution
during a live capture.
- Display->Options->"Name resolution"
Turn on/off name resolution for the displayed
data (or during the -S mode).
E.g. clicking on a packet captured with
resolution disabled will resolve names in
the detailed list if this option is set.
And applying or resetting a display filter
allows the update of the packet list as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@726
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Sun, 26 Sep 1999 13:34:10 +0000 (13:34 +0000)]
Make Information Frame honor is_extended variable when reading Control.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@725
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 25 Sep 1999 02:02:11 +0000 (02:02 +0000)]
Squelch a (justified, although the child process *shouldn't* ever send
us, at that point, a character with the 8th bit set) complaint about a
"char" array subscript in an "isdigit()" call by making the character
unsigned.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@724
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 24 Sep 1999 14:59:32 +0000 (14:59 +0000)]
Changed version to 0.7.5
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@722
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 24 Sep 1999 06:38:22 +0000 (06:38 +0000)]
DO NOT check for "unistd.h"; due to an unfortunate botch in the way
"zlib" was built in FreeBSD 3.2 (and possibly other 4.4-Lite-derived
BSDs), if HAVE_UNISTD_H is defined before "zlib.h" is included, the
declaration of "gzseek()" in "zlib.h" expands to something that doesn't
match what's in the OS's "zlib".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@721
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 24 Sep 1999 05:49:53 +0000 (05:49 +0000)]
Fix it so that it builds with "--disable-zlib".
The "fh" member of a "wtap" structure points to something constructed
from the "fd" member of that structure, so that closing the stream
referred to by "fh" also closes the underlying file descriptor; get rid
of an unnecessary close of "wth->fd".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@720
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 24 Sep 1999 05:22:28 +0000 (05:22 +0000)]
Re-enable progress bar movement during display filter processing.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@718
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 24 Sep 1999 04:59:52 +0000 (04:59 +0000)]
Many more packaging changes. Lets compilation with new gtk subdirectory
work if build tree is different than source tree. Some wiretap files
had to be added to the list of deliverables.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@717
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 24 Sep 1999 04:14:43 +0000 (04:14 +0000)]
In "try_tempfile()", if the buffer is too short for the temporary file
name, stuff as much of the name as will fit into the buffer before
returning an error, so the error message that gets displayed isn't
completely mangled.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@716
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 24 Sep 1999 03:43:09 +0000 (03:43 +0000)]
Packaging changes
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@715
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 24 Sep 1999 03:28:59 +0000 (03:28 +0000)]
Moved version to 0.7.4; updated documentation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@714
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 19:05:28 +0000 (19:05 +0000)]
Dirk Bonne's fix to ICMP timestamp dissection.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@713
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 07:57:23 +0000 (07:57 +0000)]
Close the capture file in "do_capture()", right before unlinking the
current capture file if it's a temporary file, out of paranoia (so that
we don't get into a state where we have a capture file open but unlinked
- it's probably harmless to be in that state, as the file will remain
around until close, modulo NFS fun, and we may never be in that state
for very long, but I'd rather have it obviously stated in the code).
Remove the close in "capture()", and put one before the other call to
"capture()", in "main_realize_cb()" (is that call necessary, e.g. if you
pass "-r <filename>" *and* "-k", for some perverse reason, as
command-line arguments?).
If "cf.save_file" is non-null, free it before setting it, regardless of
whether it refers to a temporary file name or not.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@712
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 07:20:20 +0000 (07:20 +0000)]
If we forcibly turn off "fork_mode" if the user doesn't enable "Update
list of packets in real time" in the "Capture/Start" dialog box,
"ethereal -F" won't work - you get your choice of non-forked capture or
"-S".
Don't have "fork_mode" track "sync_mode"; instead, in those places where
we check for "fork_mode", check for "sync_mode" as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@711
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 07:04:23 +0000 (07:04 +0000)]
In fork mode, close the capture file in "do_capture()", because the
child will nuke that file before we get to open the capture in
"tail_cap_file()" - assuming we do, because the capture may not start.
If we fail while writing to, or closing, a capture file we've opened for
writing, don't treat that as a capture error, as we may have saved at
least some packets to the capture file (that's the way it worked before
my recent checkins).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@710
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 06:34:18 +0000 (06:34 +0000)]
Update to reflect changes to the "Capture/Start" and "Display/Options"
dialog boxes.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@709
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 06:27:27 +0000 (06:27 +0000)]
Move the toolkit-independent code to create a temporary capture file,
and to fork off and run a separate copy of "ethereal" for "-S" and "-F"
captures or just call "capture()" otherwise, out of "gtk/capture_dlg.c"
and into a routine in "capture.c".
If the attempt to create said temporary capture file fails, pop up a
dialog box and don't do the capture.
Have the child capture process send a message upstream after it either
successfully starts the capture and syncs out the header of the capture
file, or fails to start the capture; the message indicates whether it
succeeded or failed, and, if it failed, includes a failure message.
This:
avoids the use of a signal, and thus means we don't have to
worry about whether to capture the signal, or whether to start
or stop capturing depending on whether this particular capture
is in sync mode or not;
lets us pop up the message box for the error in the parent
process if we're in sync mode, rather than doing it in the
child, which didn't work well.
Add a check button to the Capture/Start dialog box, so that we can
control, for each capture, whether it's to be done in sync mode or not.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@708
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 05:55:56 +0000 (05:55 +0000)]
Make the buffer into which we read from the sync pipe one byte bigger
than the size of the reads we do, so that we have an extra byte at the
end into which we can stick a '\0' to guarantee null-termination of the
buffer.
When reading the capture file in "tail_cap_file()", use "file_open()"
rather than "fopen()", so that we work correctly if we're using "zlib"
to read capture files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@707
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 05:26:18 +0000 (05:26 +0000)]
Give it an RCS ID.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@706
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 05:20:18 +0000 (05:20 +0000)]
Fix the calculation of the temporary file name length in
"try_tempfile()" - the first component of the name comes from the "dir"
argument, so use its length, not the length of the string in the buffer
it should fill in (said buffer may contain garbage, which may not *be* a
C string).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@705
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 05:03:32 +0000 (05:03 +0000)]
Give it an RCS ID.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@704
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 05:00:59 +0000 (05:00 +0000)]
When reading a capture file, we can detect whether it's compressed or
not, so it's OK to use "zlib" to read capture files, as it handles
uncompressed files correctly.
When *writing* capture files, however, we can't detect automatically
whether the user wanted to write the file out as a compressed file or
not, so we should *NOT* use "zlib" until we add a flag to the API
specifying whether to write the file out as a compressed file or not.
Furthermore, the code in Ethereal that implements the "-S" flag depends
on being able to get the "FILE *" for a capture file being written, so
that it can "fflush()" it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@703
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 23 Sep 1999 04:56:52 +0000 (04:56 +0000)]
Get rid of unused variable.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@702
f5534014-38df-0310-8fa8-
9805f1628bb7