| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
with not terminating their arrays because they knew the limits of the
value used to look up strings in the value_string array, but the
dfilter_expr_dlg does not know these limits and must rely on the terminating
{0, NULL} record.
Also, in SNA fixed a bug in which a field should have been defined as FT_UINT8
but was defined as FT_BOOLEAN.
In WTP, fixed a value string which had duplicate keys.
svn path=/trunk/; revision=2817
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
|
|
Make sure that if _gtime is null, a bad format message returned.
Also noticed that I am going to have to do something about Unicode strings soon and the SMBopenX dissect is slightly wrong ... Oh well, it is the Xmas break soon :-) No rest for the Wicca'd (please don't interpret that as a statement of my religious affiliation, it is just a cute saying :-)
svn path=/trunk/; revision=2764
|
|
svn path=/trunk/; revision=2699
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
|
|
Jeff Foster.
svn path=/trunk/; revision=2523
|
|
This keeps tvbuff.c generic; it doesn't have to pull in packet.h and all
of it's included files.
svn path=/trunk/; revision=2409
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
|
|
filtering in packet-smb.c ...
svn path=/trunk/; revision=2220
|
|
dissectors when you do 'ethereal -G' ...
svn path=/trunk/; revision=2180
|
|
a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
svn path=/trunk/; revision=2031
|
|
svn path=/trunk/; revision=2000
|
|
svn path=/trunk/; revision=1999
|
|
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
|
|
null "request_val->last_transact_command" to "col_add_fstr()".
svn path=/trunk/; revision=1738
|
|
duplicate abbreviations. All mods to packet-*.c files are fixes to remove
those cases.
svn path=/trunk/; revision=1733
|
|
svn path=/trunk/; revision=1695
|
|
"packet-smb.c" up into several files.
svn path=/trunk/; revision=1629
|
|
month number, add 1 to "tm_mon".
svn path=/trunk/; revision=1519
|
|
svn path=/trunk/; revision=1437
|
|
and return if TransactName == NULL.
svn path=/trunk/; revision=1431
|
|
Don't use a global variable named "gmtime" - some versions of
NetBSD define it in <time.h> - use "_gmtime" instead, so we can
build on those NetBSD systems.
svn path=/trunk/; revision=1375
|
|
responses and adds some more stuff.
I will have to decode NTcreateAndX requests and responses soon as well
as the MSRPC stuff ...
svn path=/trunk/; revision=1356
|
|
Now should be decoding the names of lots more LanMan API request. These
were culled from Samba. Would be good to go through and give names to the
fields as well.
Will soon decode the response structures returned and then will look at
ways to specify that built-in routines should be called to decode an element.
I also need some captures with UNICODE in them. Anyone got any? Someone
sent in a patch for UNICODE handling, but I did not realize what it was and
now the code has diverged so far it is hard to apply the patch ...
Send captures to rsharpe@ns.aus.com./
svn path=/trunk/; revision=1334
|
|
from Guy, plus a few more of my own.
Also added in basic response decoding where we don't know what it is ...
Got more to do, as well as decoding returned data ... Thinking about that
now, and will have a data-drived approach.
I need some way to specify that an internal routine be called for some types
of data where we know what type it is, in the case of Server Types for
example ...
svn path=/trunk/; revision=1294
|
|
svn path=/trunk/; revision=1284
|
|
Next will handle responses, and data returned ...
svn path=/trunk/; revision=1283
|
|
Fixed up some bugs to do with NetShareEnum. There is still a persistent bug
left that looks like an alignment problem. Damn documentation does not talk
about the need to align the response structures for a NetServerEnum2 on SHORT
boundaries, but it sure looks like they should be so.
svn path=/trunk/; revision=1235
|
|
Will have to do some more soon.
svn path=/trunk/; revision=1216
|
|
marking 26 * EntCount bytes as Server entries.
svn path=/trunk/; revision=1160
|
|
seen.
svn path=/trunk/; revision=1122
|
|
UNICODE strings in transact SMBs.
Added decode of NetShareEnum transact request. Will have to clean that all
up and use the decode engine when I get it done.
Still more fix ups to be done, but the book is calling, and I have to write
some stuff after an interview with LinuxCare.
svn path=/trunk/; revision=1113
|
|
ugly wannings, and added start of general params decode. May all change
drastically though.
svn path=/trunk/; revision=1093
|
|
svn path=/trunk/; revision=1082
|
|
I still have compile warnings, but I am too tired to chase them down.
Have also fixed a number of problems.
Next thing to add is a general engine that can decode Transact messages
as they can be decode from the descriptors in the Parameters area, and I
can feed in a list of names where we know what a structure looks like,
otherwise we use made up names.
svn path=/trunk/; revision=1079
|
|
info.
Still need someone to look at the times I have in there ... Guy?
svn path=/trunk/; revision=1055
|
|
(remove commas following the last member of an enum, make all bit fields
"guint32" - GCC lets you get away with that, but at least some other
compilers don't).
svn path=/trunk/; revision=1052
|
|
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
|
|
might be NULL from strchr().
svn path=/trunk/; revision=1044
|
|
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
|
|
There was a core dump because of a coding oversight. Should be fixed
now Gilbert.
Should now handle names of form \<somepipe>
Will screw up if there is no leading slash, but in a non-fatal way, I
think.
svn path=/trunk/; revision=1041
|
|
much more complete decoding of browse messages.
They are now shown in the parent tree as well.
I still have problems with:
1. Times
2. Election criteral
I also haven't been able to see a BecomeBackup request, nor a
GetBackupListResp with more than one browser ... Should run a Windows NT
server or another Samba on my network.
I am also not sure of there are any more message types. Damn! Old, and
wrong MS documents!
svn path=/trunk/; revision=1025
|
|
MS Windows Browser messages. Can decode host announcements now.
Still need to decode more. Also need to break the new code out.
I also have the Browse tree at the wrong location. Can I get at the
parent of the tree somewhere, or do I have to pass it in as a variable?
svn path=/trunk/; revision=1024
|
|
exposed by Win2000 interacting with a Samba server ...
svn path=/trunk/; revision=1010
|
|
svn path=/trunk/; revision=937
|
|
svn path=/trunk/; revision=929
|
|
Replace "add_to_conversation()" with:
"conversation_new()", which creates a new conversation, given
source and destination addresses and ports, and returns a
pointer to the structure for the conversation;
"find_conversation()", which tries to find a conversation for
given source and destination addresses and ports, and returns a
pointer to the structure for the conversation if found, and a
null pointer if not found.
Add a private data pointer field to the conversation structure, and have
"conversation_new()" take an argument that specifies what to set that
pointer to; that lets clients of the conversation code hang arbitrary
data off the conversation (e.g., a hash table of protocol requests and
replies, in case the protocol is a request/reply protocol wherein the
reply doesn't say what type of request it's a reply to, and you need
that information to dissect the reply).
svn path=/trunk/; revision=920
|
|
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
|
|
Is this file generated code ?
If not, please :
- get rid of compilation warnings
- put the # of preprocessor macros at the first column
svn path=/trunk/; revision=863
|
|
Added decoder for transact SMBs.
Changed things a lot for state keeping.
Next thing is to decode transacts and transact2s more.
svn path=/trunk/; revision=860
|
