| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=4332
|
|
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
|
|
formats we can read (and to put them in the order in which they're
mentioned in the man pages, to make it easier to make sure the lists are
the same).
svn path=/trunk/; revision=4330
|
|
and writing Visual Networks traffic capture files.
svn path=/trunk/; revision=4329
|
|
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
|
|
later trace formats that have an ASCII dump at the end of the line.
svn path=/trunk/; revision=4327
|
|
svn path=/trunk/; revision=4326
|
|
insensitive, make its label sensitive or insensitive too.
When "update list of packets in real time" mode is on, make the ring
buffer mode toggle button, and the "number of ring buffer files" spin
button, insensitive, as ring buffer mode is not supported in "update
list of packets in real time" captures.
When "update list of packets in real time" mode is off, make the
auto-scroll mode button insensitive, as auto-scroll mode is meaningless
unless you're doing an "update list of packets in real time" capture.
Bundle all the sensitivity setting into a single common routine.
Make "ring buffer" two words.
svn path=/trunk/; revision=4325
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4324
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
svn path=/trunk/; revision=4322
|
|
"prefs_module_foreach()".
svn path=/trunk/; revision=4321
|
|
svn path=/trunk/; revision=4320
|
|
SPIs.
svn path=/trunk/; revision=4319
|
|
only there's TCP in the current frame and it will be set to PT_UDP only
if there's UDP in the current frame. As such, there's no need to check
"ipproto" before checking "ptype" - and we should check "ptype" as well
as "ipproto" when deciding whether we'll put up a "Decode As" dialog
with anything in it.
(Not that there's anything other than IPv4 or IPv6 over which we
currently dissect TCP or UDP....)
svn path=/trunk/; revision=4318
|
|
whether the port type is PT_TCP or PT_UDP, don't check the IP protocol
type at the network layer (except to check whether it's set at all, to
decide whether it's IP/IPv6 - if it's not, the transport isn't TCP or
UDP); that way, we don't have to keep track of which IP protocol numbers
are being decoded as TCP or UDP.
svn path=/trunk/; revision=4317
|
|
svn path=/trunk/; revision=4316
|
|
svn path=/trunk/; revision=4315
|
|
plugin APIs, and add the new "dissector_add_handle()".
Add an entry in the dissector table structure for
"create_dissector_handle".
svn path=/trunk/; revision=4314
|
|
IP protocol numbers to be decoded as TCP and as UDP should be reset as
well.
svn path=/trunk/; revision=4313
|
|
pointer to a "struct dissector_table", containing a pointer to a hash
table and a pointer to a list of handles. Fix
"dissector_all_tables_foreach_func()" to understand that.
svn path=/trunk/; revision=4312
|
|
dissector table contain both a hash table, to use to look up port
numbers to find a dissector, and a list of all dissectors that *could*
be assigned to ports in that hash table, to be used by user interface
code.
Make the "Decode As" dialog box code use that.
Also make it *not* let you choose whether to set the dissector for both
the UDP and TCP versions of a port; some protocols run only atop TCP,
some run only atop UDP, and even those that can run atop both may have
different dissector handles to use over TCP and UDP, so handling a
single merged list would be a mess. (If the user is setting the
dissector for a TCP port, only those protocols that Ethereal can handle
over TCP should be listed; if the user is setting the dissector for a
UDP port, only those protocols that Ethereal can handle over TCP should
be listed; if the user is setting a dissector for both, only those
protocols that Ethereal can handle over *both* TCP *and* UDP should be
listed, *and* there needs to be a way to let the "Decode As" code get
both the TCP handle *and* the UDP handle and use the right ones. If
somebody really wants that, they need to implement all of the above if
they want the code to be correct.)
Fix the code that handles setting the dissection for the IP protocol
number to correctly update the lists of protocols being dissected as TCP
and as UDP; the code before this change wasn't updating the single such
list to add new protocols.
svn path=/trunk/; revision=4311
|
|
if found, return the dissector handle for that port.
Use that routine in the X.25 dissector; revert to attaching a dissector
handle to an X.25 virtual circuit.
svn path=/trunk/; revision=4310
|
|
current calling sequence for "dissector_add()".
svn path=/trunk/; revision=4309
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
|
|
svn path=/trunk/; revision=4307
|
|
rather than a function pointer, "dissect_wtp_fromudp()" no longer needs
to be global; make it static, register it by name, and have the WSP
dissector get the handle by calling "find_dissector()" rather than by
constructing its own handle for it.
Fix up some attributions.
svn path=/trunk/; revision=4306
|
|
svn path=/trunk/; revision=4305
|
|
a subdissector.
svn path=/trunk/; revision=4304
|
|
svn path=/trunk/; revision=4303
|
|
Handle ISO 8602 as a protocol ID on top of X.25.
svn path=/trunk/; revision=4302
|
|
Adds an "Add Expression..." button to the color filter
creation dialog.
Improve the look of the "Add color to protocols" window.
Clean up some ugly code.
Give John credit in the AUTHORS file for the coloring stuff.
svn path=/trunk/; revision=4301
|
|
identifier, but means X.29 when used as an X.263/ISO 9577 secondary
protocol identifier.
Add support for the IPv6 NLPID, and Ethernet type, in more places.
Fix up the handling of the user data of a CALL REQUEST packet to more
correctly distinguish between user data containing an NLPID and user
data containing an X.264/ISO 11570 UN TPDU. If it's an NLPID, use
"nlpid_vals" to show its value.
Put that user data in a subtree.
Create a new "x.25.spi" dissector table, for protocols running atop
X.25, rather than having a built-in switch statement, so that other
protocols can register themselves by NLPID.
svn path=/trunk/; revision=4300
|
|
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
|
|
Relay dissector.
svn path=/trunk/; revision=4298
|
|
svn path=/trunk/; revision=4297
|
|
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
svn path=/trunk/; revision=4296
|
|
it; it'll be null if the matching request hasn't been seen.
svn path=/trunk/; revision=4295
|
|
svn path=/trunk/; revision=4294
|
|
for ReadAndX and WriteAndX.
svn path=/trunk/; revision=4293
|
|
"smb_saved_info_t" in the table of requests whose replies have been
found, don't look it up in the table of requests whose replies have not
been found - if the request in question has no reply in the capture,
that may find some later frame in the same conversation with the same
MID, and we don't need that information anyway - the only reason we
*need* that structure is to save information in it for use when
processing its reply, and we already did that the first time we
processed the request. (The information for the later frame may be bad,
e.g. having a null "extra_info" pointer, or having one that points to
information for another request.)
Arrange that we don't use the pointer to the "smb_saved_info_t" when
processing a request except to save information if the request hasn't
already been processed, as that pointer may not be valid if the request
has already been processed, as per the above.
svn path=/trunk/; revision=4292
|
|
Add some checks for null tvbuff arguments.
When dissecting transaction setup, parameters, and data when we couldn't
dissect it as a pipe or mailslot transaction, use the reported length of
the supplied tvbuff, not the actual length, as the amount of data
present.
svn path=/trunk/; revision=4291
|
|
Tim Newsham.
Add in missing item for WTAP_ENCAP_CISCO_IOS in the Wiretap
encapsulation type table.
svn path=/trunk/; revision=4290
|
|
svn path=/trunk/; revision=4289
|
|
Make some static that don't need to be exported.
svn path=/trunk/; revision=4288
|
|
preceded by 4 bytes of zero padding.
svn path=/trunk/; revision=4287
|
|
indicate that it's to be used for SMB transactions; a different table,
using different dissectors, would be needed for, say, reads and writes
over a named pipe, as those are byte streams and SMB transactions are
packets, so the dissectors for the first one need to worry about
multiple PDUs per segment and desegmentation, while the dissectors for
the second one don't - and, in fact, can't do desegmentation stuff.
svn path=/trunk/; revision=4286
|
|
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
svn path=/trunk/; revision=4285
|
|
compilers.
svn path=/trunk/; revision=4284
|
|
infrastructure do it for the dissectors.
Make some WCP dissector routines static.
svn path=/trunk/; revision=4283
|
