| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
building a protocol tree or not.
Fix up white space.
svn path=/trunk/; revision=6378
|
|
NDPS runs on top of SPX and TCP.
svn path=/trunk/; revision=6323
|
|
socket 4001.
svn path=/trunk/; revision=6264
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
svn path=/trunk/; revision=5817
|
|
"broadcast message waiting" indications.
When handing off dissection from the IPX dissector:
Check the socket numbers before we check the packet type;
we've seen IPX message packets with a type of NCP and a
destination socket of IPX_SOCKET_IPX_MESSAGE, and SAP
packets with a type of NCP and a destination socket of
IPX_SOCKET_SAP.
Assume the lower-numbered socket number is more likely
to be the right one, along the lines of what we do for
TCP and UDP. We've seen NCP packets with a type of NCP,
a source socket of IPX_SOCKET_NCP, and a destination
socket of IPX_SOCKET_IPX_MESSAGE, and we've seen NCP
packets with a type of NCP, a source socket of
IPX_SOCKET_IPX_MESSAGE, and a destination socket of
IPX_SOCKET_NCP.
svn path=/trunk/; revision=5810
|
|
svn path=/trunk/; revision=5767
|
|
svn path=/trunk/; revision=5764
|
|
svn path=/trunk/; revision=5233
|
|
longer contains length fields, so there's no need to pass a "packet_info
*" argument to "set_actual_length()".
svn path=/trunk/; revision=4748
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
svn path=/trunk/; revision=4605
|
|
svn path=/trunk/; revision=4592
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|
|
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
|
|
svn path=/trunk/; revision=4264
|
|
table to the proper sorted location.
svn path=/trunk/; revision=4261
|
|
svn path=/trunk/; revision=4260
|
|
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
|
|
svn path=/trunk/; revision=4199
|
|
Make the source and destination socket fields enumerated types, so we
don't have to use "proto_tree_add_uint_format()" on them, and so that
you can match on them by service name.
Use lower-case letters when formatting the hex value of sockets; that's
what's done with fields not added with "proto_tree_add_XXX_format".
svn path=/trunk/; revision=4046
|
|
these services
svn path=/trunk/; revision=4012
|
|
packet information in tvbuffified dissectors.
svn path=/trunk/; revision=3645
|
|
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
svn path=/trunk/; revision=3561
|
|
from Paul Ionescu.
svn path=/trunk/; revision=3398
|
|
otherwise, the filtering GUI gets very upset when you try to construct a
filter expression to test the value of that field. Make them BASE_DEC.
svn path=/trunk/; revision=3334
|
|
"etypes.h".
svn path=/trunk/; revision=3314
|
|
include it.
svn path=/trunk/; revision=3303
|
|
to_str.{c,h}. Resolved strange situation where ipx_addr_to_str was
declared in packet.h but defined in packet-ipx.c by moving
ipx_addr_to_str, ipxnet_to_str_punct, and ipxnet_to_str from packet-ipx.{c,h} to to_str.{c,h}
svn path=/trunk/; revision=3219
|
|
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
|
|
usages of tvb_get_ptr(). packet-ieee80211.c still has one bad usage,
in which it *does* modify the tvbuff's data.
svn path=/trunk/; revision=3128
|
|
name-server-over-IPX and mailslot-datagram-over-IPX packets, based on
stuff dredged out of a pile of documents on the Web.
svn path=/trunk/; revision=3079
|
|
statements.
Move the setting of the Protocol column in the Appletalk ARP and IPX
dissectors before anything is fetched from the packet, and also clear
the Info column at that point in those and some other dissectors, so
that if an exception is thrown, the columns don't reflect the previous
protocol.
Fix the registration of the IPX RIP dissector to use the right protocol
ID.
svn path=/trunk/; revision=2928
|
|
dissectors for protcools that can be encapsulated inside GRE in that
table.
Fix a bug in the handling of WCCPv2 IP encapsulation (it was
constructing the next tvbuff before, rather than after, advancing the
offset past the redirection header).
svn path=/trunk/; revision=2893
|
|
its own; it's used not only by LLC, but by Frame Relay with RFC 2427 and
ATM with RFC 2684.
Support for RFC 2427-encapsulation Frame Relay packets, from Paul
Ionescu.
Get rid of the CISCO_IP PPP protocol type - Cisco HDLC uses, in most
cases, Ethernet packet types, so use ETHERTYPE_IP instead (they're both
0x0800).
svn path=/trunk/; revision=2854
|
|
handle.
Call the IP dissector through a handle in the Frame Relay dissector.
svn path=/trunk/; revision=2851
|
|
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
|
|
handle and call it through the handle. Make it static; this renders
"packet-nbipx.h" unnecessary.
Get rid of the "tvb_compat()" call in the IPX dissector - it calls all
dissectors through handles or lookup tables, and thus any
backwards-compatibility stuff is done by the code in libethereal.
svn path=/trunk/; revision=2735
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
|
|
svn path=/trunk/; revision=2654
|
|
the BSD AF_ type values it uses into an "aftypes.h" header file for
dissectors that register themselves in that dissector table include.
svn path=/trunk/; revision=2653
|
|
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
|
|
compiles.
Doing so reveals that the NBIPX dissector needs to be fixed, as it calls
routines in "packet-netbios.c" whose calling sequence changed; doing so
involves tvbuffifying it.
svn path=/trunk/; revision=2602
|
|
not COL_PROTOCOL.
svn path=/trunk/; revision=2528
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
|
