Ethereal-dev: [Ethereal-dev] Enhancement for long sniffing sessions with ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Remi Cohen-Scali <Remi@xxxxxxxxxxxxxxx>
Date: Wed, 30 May 2001 02:07:14 -0400
Hello
I'am newbie on this list and I hope I do not miss some discussions about the subject I'am interrested in. I'am debugging a proprietary protocol to find a bug appearing while a test at a very random time (can go from half an hour to 3 or 4 days). To get some clues for debug I need to sniff packets but of course I cannot sniff all packets while 4 days (I might ran out of memory, the protocol tests are generating a huge traffic). So i made some changes in ethereal to meet my needs. These changes consists in the possibility to set the ethereal packets buffer in a 'circular mode'. When a max packet number is reached, the next packet will discard the older one.
I did it in a hurry way (bug are always urgent, and are to do for yesterday :-) ) but it seems to be stable. Then I post it here 1) hoping it will be usefull to others, 2) to have some thought about the way I implement, 3) hope that this functionnality will be in the next release (your soft is really a must have for me). Eventually if you want to apply the patch I could change things that would have to be. I changed a little bit 
the gtkclist code and don't know if this is acceptable for you.

The patch is attached or downloadable from:
http://www.rcsnet.net/pub/ethereal-0.8.18-circular-buf.patch
BTW: There is still a little problem in it, as the first row in the clist, when selected is not correctly drawn (background is not filled in blue, instead row is just surrounded with a rectangle) 


--
                                    Remi Cohen-Scali
  _/_/_/   _/    _/  _/      /      Development engineer
  _/      _/    _/  _/_/   _/       International Center for Network Computing
 _/_/_/  _/    _/  _/  _/ _/        Network Service Provider Division
    _/  _/    _/  _/   _/_/         Phone:     +33-139-447-509  x44509
_/_/_/   _/_/_/   _/     _/          E-mails: Remi.Cohen-Scali@xxxxxxx
M  I  C  R  O  S  Y  S  T  E  M  S            Remi@xxxxxxxxxxxxxxx
                                    WAPmail: Remi.CohenScali@xxxxxxxxxxxx




diff -u ethereal-0.8.18/file.c ethereal-0.8.18-circ/file.c
--- ethereal-0.8.18/file.c	Tue May 15 14:36:02 2001
+++ ethereal-0.8.18-circ/file.c	Wed May 30 00:27:15 2001
@@ -177,9 +177,10 @@
   cf->snap      = wtap_snapshot_length(cf->wth);
   cf->progbar_quantum = 0;
   cf->progbar_nextstep = 0;
+  cf->n_packets = 0;
   firstsec = 0, firstusec = 0;
   prevsec = 0, prevusec = 0;
- 
+
   cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
 	sizeof(frame_data),
 	FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
@@ -765,9 +766,28 @@
   frame_data   *plist_end;
   epan_dissect_t *edt;
 
-  /* Allocate the next list entry, and add it to the list. */
-  fdata = g_mem_chunk_alloc(cf->plist_chunk);
-
+  if (cf->max_count && cf->n_packets == cf->max_count) {
+      
+      fdata = cf->plist;
+      cf->plist = cf->plist->next;
+
+      if (cf->first_displayed && cf->first_displayed == fdata) 
+        cf->first_displayed = cf->first_displayed->next;
+      if (cf->last_displayed && cf->last_displayed == fdata) 
+        cf->last_displayed = cf->last_displayed->prev;
+      if (fdata) cf->plist->prev = fdata->prev;
+      
+      if (fdata->pfd)
+        g_slist_free(fdata->pfd);
+      if (fdata->data_src)
+        g_slist_free(fdata->data_src);
+  }
+  else {
+      /* Allocate the next list entry, and add it to the list. */
+      fdata = g_mem_chunk_alloc(cf->plist_chunk);
+      cf->n_packets++;
+  }
+  
   fdata->next = NULL;
   fdata->prev = NULL;
   fdata->pfd  = NULL;
@@ -799,9 +819,10 @@
     else
       cf->plist = fdata;
     cf->plist_end = fdata;
-
+      
     cf->count++;
     fdata->num = cf->count;
+
     add_packet_to_packet_list(fdata, cf, pseudo_header, buf, TRUE);
   } else {
     /* XXX - if we didn't have read filters, or if we could avoid
@@ -812,7 +833,8 @@
        ...but, at least in one test I did, where I just made the chunk
        a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
        seem to save a noticeable amount of time or space. */
-    g_mem_chunk_free(cf->plist_chunk, fdata);
+      if (!cf->max_count || cf->n_packets != cf->max_count) 
+        g_mem_chunk_free(cf->plist_chunk, fdata);
   }
 }
 
diff -u ethereal-0.8.18/file.h ethereal-0.8.18-circ/file.h
--- ethereal-0.8.18/file.h	Wed Apr 18 08:37:35 2001
+++ ethereal-0.8.18-circ/file.h	Tue May 29 08:36:34 2001
@@ -100,6 +100,9 @@
   proto_tree  *protocol_tree; /* Protocol tree for currently selected packet */
   epan_dissect_t *edt; /* Protocol dissection fo rcurrently selected packet */
   FILE        *print_fh;  /* File we're printing to */
+  gboolean     is_ring;
+  guint	       max_count;
+  guint	       n_packets;
 } capture_file;
 
 /* Return values from "read_cap_file()", "continue_tail_cap_file()",
diff -u ethereal-0.8.18/prefs.c ethereal-0.8.18-circ/prefs.c
--- ethereal-0.8.18/prefs.c	Mon Apr 16 13:05:05 2001
+++ ethereal-0.8.18-circ/prefs.c	Tue May 29 07:15:17 2001
@@ -616,6 +616,7 @@
     prefs.capture_real_time   =     0;
     prefs.capture_auto_scroll =     0;
     prefs.name_resolve=     1;
+    prefs.infinite_ring_buffer=     0;
 
   }
 
diff -u ethereal-0.8.18/prefs.h ethereal-0.8.18-circ/prefs.h
--- ethereal-0.8.18/prefs.h	Mon Apr 16 13:05:05 2001
+++ ethereal-0.8.18-circ/prefs.h	Tue May 29 07:12:12 2001
@@ -54,6 +54,7 @@
   gboolean capture_prom_mode;
   gboolean capture_real_time;
   gboolean capture_auto_scroll;
+  gboolean infinite_ring_buffer;
 
 } e_prefs;