Wireshark · Ethereal-dev: Re: [Ethereal-dev] Enhancement for long sniffing sessions with ethereal

Ethereal-dev: Re: [Ethereal-dev] Enhancement for long sniffing sessions with ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Remi Cohen-Scali <Remi@xxxxxxxxxxxxxxx>

Date: Wed, 30 May 2001 20:28:44 -0400

Oops, I made a mistake when I generated the patch. The -r option have been
forgotten.
Here is the complete patch.
The url link have also been updated.

Sorry

Remi Cohen-Scali a ï¿½crit :

> Hello
>
> I'am newbie on this list and I hope I do not miss some discussions about
> the subject I'am interrested in.
> I'am debugging a proprietary protocol to find a bug appearing while a
> test at a very random time (can go from half an hour to 3 or 4 days).
> To get some clues for debug I need to sniff packets but of course I
> cannot sniff all packets while 4 days (I might ran out of memory, the
> protocol tests are generating a huge traffic).
> So i made some changes in ethereal to meet my needs. These changes
> consists in the possibility to set the ethereal
> packets buffer in a 'circular mode'. When a max packet number is
> reached, the next packet will discard the older one.
>
> I did it in a hurry way (bug are always urgent, and are to do for
> yesterday  :-) ) but it seems to be stable. Then I post
> it here 1) hoping it will be usefull to others, 2) to have some thought
> about the way I implement, 3) hope that this
> functionnality will be in the next release (your soft is really a must
> have for me).
>  Eventually if you want to apply the patch I could change things that
> would have to be. I changed a little bit
> the gtkclist code and don't know if this is acceptable for you.
>
> The patch is attached or downloadable from:
> http://www.rcsnet.net/pub/ethereal-0.8.18-circular-buf.patch
>
> BTW: There is still a little problem in it, as the first row in the
> clist, when selected is not correctly drawn (background is not filled in
> blue, instead row is just surrounded with a rectangle)
>
>
> --
>                                      Remi Cohen-Scali
>    _/_/_/   _/    _/  _/      /      Development engineer
>    _/      _/    _/  _/_/   _/       International Center for Network Computing
>   _/_/_/  _/    _/  _/  _/ _/        Network Service Provider Division
>      _/  _/    _/  _/   _/_/         Phone:     +33-139-447-509  x44509
> _/_/_/   _/_/_/   _/     _/          E-mails: Remi.Cohen-Scali@xxxxxxx
> M  I  C  R  O  S  Y  S  T  E  M  S            Remi@xxxxxxxxxxxxxxx
>                                      WAPmail: Remi.CohenScali@xxxxxxxxxxxx
>
>   ------------------------------------------------------------------------
> diff -u ethereal-0.8.18/file.c ethereal-0.8.18-circ/file.c
> --- ethereal-0.8.18/file.c      Tue May 15 14:36:02 2001
> +++ ethereal-0.8.18-circ/file.c Wed May 30 00:27:15 2001
> @@ -177,9 +177,10 @@
>    cf->snap      = wtap_snapshot_length(cf->wth);
>    cf->progbar_quantum = 0;
>    cf->progbar_nextstep = 0;
> +  cf->n_packets = 0;
>    firstsec = 0, firstusec = 0;
>    prevsec = 0, prevusec = 0;
> -
> +
>    cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
>         sizeof(frame_data),
>         FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
> @@ -765,9 +766,28 @@
>    frame_data   *plist_end;
>    epan_dissect_t *edt;
>
> -  /* Allocate the next list entry, and add it to the list. */
> -  fdata = g_mem_chunk_alloc(cf->plist_chunk);
> -
> +  if (cf->max_count && cf->n_packets == cf->max_count) {
> +
> +      fdata = cf->plist;
> +      cf->plist = cf->plist->next;
> +
> +      if (cf->first_displayed && cf->first_displayed == fdata)
> +        cf->first_displayed = cf->first_displayed->next;
> +      if (cf->last_displayed && cf->last_displayed == fdata)
> +        cf->last_displayed = cf->last_displayed->prev;
> +      if (fdata) cf->plist->prev = fdata->prev;
> +
> +      if (fdata->pfd)
> +        g_slist_free(fdata->pfd);
> +      if (fdata->data_src)
> +        g_slist_free(fdata->data_src);
> +  }
> +  else {
> +      /* Allocate the next list entry, and add it to the list. */
> +      fdata = g_mem_chunk_alloc(cf->plist_chunk);
> +      cf->n_packets++;
> +  }
> +
>    fdata->next = NULL;
>    fdata->prev = NULL;
>    fdata->pfd  = NULL;
> @@ -799,9 +819,10 @@
>      else
>        cf->plist = fdata;
>      cf->plist_end = fdata;
> -
> +
>      cf->count++;
>      fdata->num = cf->count;
> +
>      add_packet_to_packet_list(fdata, cf, pseudo_header, buf, TRUE);
>    } else {
>      /* XXX - if we didn't have read filters, or if we could avoid
> @@ -812,7 +833,8 @@
>         ...but, at least in one test I did, where I just made the chunk
>         a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
>         seem to save a noticeable amount of time or space. */
> -    g_mem_chunk_free(cf->plist_chunk, fdata);
> +      if (!cf->max_count || cf->n_packets != cf->max_count)
> +        g_mem_chunk_free(cf->plist_chunk, fdata);
>    }
>  }
>
> diff -u ethereal-0.8.18/file.h ethereal-0.8.18-circ/file.h
> --- ethereal-0.8.18/file.h      Wed Apr 18 08:37:35 2001
> +++ ethereal-0.8.18-circ/file.h Tue May 29 08:36:34 2001
> @@ -100,6 +100,9 @@
>    proto_tree  *protocol_tree; /* Protocol tree for currently selected packet */
>    epan_dissect_t *edt; /* Protocol dissection fo rcurrently selected packet */
>    FILE        *print_fh;  /* File we're printing to */
> +  gboolean     is_ring;
> +  guint               max_count;
> +  guint               n_packets;
>  } capture_file;
>
>  /* Return values from "read_cap_file()", "continue_tail_cap_file()",
> diff -u ethereal-0.8.18/prefs.c ethereal-0.8.18-circ/prefs.c
> --- ethereal-0.8.18/prefs.c     Mon Apr 16 13:05:05 2001
> +++ ethereal-0.8.18-circ/prefs.c        Tue May 29 07:15:17 2001
> @@ -616,6 +616,7 @@
>      prefs.capture_real_time   =     0;
>      prefs.capture_auto_scroll =     0;
>      prefs.name_resolve=     1;
> +    prefs.infinite_ring_buffer=     0;
>
>    }
>
> diff -u ethereal-0.8.18/prefs.h ethereal-0.8.18-circ/prefs.h
> --- ethereal-0.8.18/prefs.h     Mon Apr 16 13:05:05 2001
> +++ ethereal-0.8.18-circ/prefs.h        Tue May 29 07:12:12 2001
> @@ -54,6 +54,7 @@
>    gboolean capture_prom_mode;
>    gboolean capture_real_time;
>    gboolean capture_auto_scroll;
> +  gboolean infinite_ring_buffer;
>
>  } e_prefs;
>

--
                                     Remi Cohen-Scali
   _/_/_/   _/    _/  _/      /      Development engineer
   _/      _/    _/  _/_/   _/       International Center for Network Computing
  _/_/_/  _/    _/  _/  _/ _/        Network Service Provider Division
     _/  _/    _/  _/   _/_/         Phone:     +33-139-447-509  x44509
_/_/_/   _/_/_/   _/     _/          E-mails: Remi.Cohen-Scali@xxxxxxx
M  I  C  R  O  S  Y  S  T  E  M  S            Remi@xxxxxxxxxxxxxxx
                                     WAPmail: Remi.CohenScali@xxxxxxxxxxxx

Attachment: ethereal-0.8.18-circular-buf.patch.gz
Description: GNU Zip compressed data

Follow-Ups:
- Re: [Ethereal-dev] Enhancement for long sniffing sessions with ethereal
  - From: Remi Cohen-Scali

References:
- [Ethereal-dev] Enhancement for long sniffing sessions with ethereal
  - From: Remi Cohen-Scali

Prev by Date: [Ethereal-dev] iSCSI Dissector Available
Next by Date: Re: [Ethereal-dev] iSCSI Dissector Available
Previous by thread: Re: [Ethereal-dev] Wishlist: clear capture window
Next by thread: Re: [Ethereal-dev] Enhancement for long sniffing sessions with ethereal
Index(es):
- Date
- Thread