Ethereal-dev: Re: [ethereal-dev] Ethereal Win32 libpcap patch.
On Tue, Feb 01, 2000 at 02:46:54PM -0500, Meaney, Ed wrote:
> All,
> I've finally had some time to clean up the win32 libpcap support.
> I use the WinDump libpcap from http://netgroup-serv.polito.it/windump/ under
> NT 4.0 SP4.
> There may be a problem in get_interface_list in util.c for Win98/95. NT
> returns Driver names in WCHARs.
> 98/95 should return the names in standard char * format but I don't have
> access to 95/98 right now.
> Attached is my patch. let me know if there are any problems.
>
> Ed <<win32.patch>>
Great! Thanks. I haven't tried the patch yet; I'll try it at
work tomorrow. But just by readin the patch, I have a couple of
questions.
diff -u -r1.71 packet-ip.c
--- packet-ip.c 2000/01/24 04:44:35 1.71
+++ packet-ip.c 2000/02/01 19:35:07
@@ -1047,6 +1047,9 @@
case IP_PROTO_IPV6:
dissect_ipv6(pd, offset, fd, tree);
break;
+ case IP_PROTO_IPV4:
+ dissect_ip(pd, offset, fd, tree);
+ break;
case IP_PROTO_PIM:
dissect_pim(pd, offset, fd, tree);
break;
True, we should put that in for correctness. Out of curiosity, do
you have a trace file with packets like that, IP-in-IP ?
#ifdef WIN32
-#define MONO_MEDIUM_FONT "-*-lucida console-medium-*-*-*-*-100-*-*-*-*-*-*"
-#define MONO_BOLD_FONT "-*-lucida console-bold-*-*-*-*-100-*-*-*-*-*-*"
+/* font that allows bold and regular */
+#define MONO_MEDIUM_FONT "-unknown-courier new-normal-r-normal-*-*-110-*-*-m-*-windows-russian"
+#define MONO_BOLD_FONT "-unknown-courier new-bold-r-normal-*-*-110-*-*-m-*-windows-russian"
I think I'll avoid applying this patch. Nye vcye govaryat po-russki.
diff -u -r1.13 proto_draw.c
--- proto_draw.c 2000/01/25 03:45:45 1.13
+++ proto_draw.c 2000/02/01 19:35:08
@@ -158,6 +158,9 @@
scrollval = MIN(linenum * lineheight,bv->vadj->upper - bv->vadj->page_size);
gtk_adjustment_set_value(bv->vadj, scrollval);
+ /* set the current highlight visible in window */
+ gtk_text_set_point(GTK_TEXT(bv), (bstart/16) * 76);
+ gtk_editable_set_position(GTK_EDITABLE(bv), (bstart/16) * 76);
}
}
What are the gtk_text_set_point() and gtk_editable_set_position()
calls for?
diff -u -r1.31 libpcap.c
--- libpcap.c 2000/01/22 06:22:39 1.31
+++ libpcap.c 2000/02/01 19:35:09
@@ -160,6 +160,13 @@
WTAP_ENCAP_LINUX_ATM_CLIP
};
#define NUM_PCAP_ENCAPS (sizeof pcap_encap / sizeof pcap_encap[0])
+/*
+ * New Data-link level type for win32.
+ */
+#ifdef WIN32
+#define DLT_EN100MB 100 /* Ethernet (100Mb) */
+#define DLT_PPP_WIN32 101 /* Win32 dial up connection */
+#endif
int libpcap_open(wtap *wth, int *err)
{
@@ -456,6 +463,13 @@
int wtap_pcap_encap_to_wtap_encap(int encap)
{
+#ifdef WIN32
+ /* 2 NEW Encaps for win32 100 - 100Mb Eth and 101 - PPP wan */
+ if (encap == DLT_EN100MB)
+ return WTAP_ENCAP_ETHERNET;
+ if (encap == DLT_PPP_WIN32)
+ return WTAP_ENCAP_PPP;
+#endif
Do you have a "DLT_PPP_WIN32" trace available? We discovered that the
NDIS type for "WAN" indicates a packet with a fake ethernet header on it.
It is possible, if libpcap for win32 uses the same NDIS facility as
NetXRay, that "DLT_PPP_WIN32" should really return WTAP_ENCAP_ETHERNET.
--gilbert