| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
dissector, heuristic dissectors should be checked before, or after,
dissectors for specific port numbers.
Add a similar preference for UDP.
Clean up white space.
svn path=/trunk/; revision=8082
|
|
svn path=/trunk/; revision=8024
|
|
"dissect_ip_tcp_options()" but for options that are like IPv6 options
(i.e., the length byte has a value that doesn't include the option code
or length byte).
Add an "ip_opts.h" header to declare it, and move the declaration of
stuff used by it and "dissect_ip_tcp_options()", and the declaration of
"dissect_ip_tcp_options()", to that header.
Use "dissect_ipv6_options()" for Mobile IPv6 options.
Get rid of the unused "mip6_opt_types[]" array in "packet-mip6.h".
svn path=/trunk/; revision=8015
|
|
a TCP segment, and probably don't want to hand the segment to a TCP tap,
if the TCP segment is included in an error packet.
svn path=/trunk/; revision=7780
|
|
length, we can't get the segment length (although we can at least try to
dissect the header). If that's the case, put in Ronnie's "short
segment" note.
Also, put into the information we pass to TCP taps an indication of
whether the segment length is valid or not.
svn path=/trunk/; revision=7705
|
|
TCP segment, as we might not have the entire segment.
svn path=/trunk/; revision=7704
|
|
knowing the actual length of the packet, as we don't know that length
(IP fragments don't contain the length of the full packet - you don't
know how big the reassembled packet is until you reassemble it).
We don't have to worry about dissecting the TCP header in them, though.
svn path=/trunk/; revision=7703
|
|
or the reported tcp header length.
This is probably caused either by a very very short capture length or by
nmap or someone playing firewall fragment games to the tcp flags field.
svn path=/trunk/; revision=7698
|
|
the rather brilliant keep-alive packets solaris use.
Solaris does not do RFC793 keepalives at all, instead they do a quite
brilliant workalike that gies them reliable keepalives.
svn path=/trunk/; revision=7685
|
|
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
svn path=/trunk/; revision=7543
|
|
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
|
|
ACK to the segment in frame" fields, so you can use the "Go To
Corresponding Frame" menu item.
svn path=/trunk/; revision=7379
|
|
Duplicate ACKs that are detected/suspected are now also flagged
with which frame the original ACK was seen in and the dup ack number.
This is displayed both in the summary pane as well as in the tree pane.
svn path=/trunk/; revision=7375
|
|
FIN flag would previously only add one to the sequence number if the
FIN packet was empty, i.e. did not carry any payload data.
This caused ethereal to incorrectly flag the ACK to such packets
(FIN+payload data) to be incorrectly flagged as
ACK to previously lost segment.
Change the algorithm to always add 1 to the segment length, and thus the sequence number for all packets with teh FIN bit set.
svn path=/trunk/; revision=7371
|
|
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
|
|
svn path=/trunk/; revision=7273
|
|
"tcpip" added.
-z io,users,tcpip will create a top talkers list of individual tcpip connections
svn path=/trunk/; revision=7264
|
|
values which seemed appropriate, but had the split them into two items
in the option tree.
svn path=/trunk/; revision=7260
|
|
do an add_uint_format(...). It was all too easy.
svn path=/trunk/; revision=7259
|
|
svn path=/trunk/; revision=7236
|
|
svn path=/trunk/; revision=7235
|
|
svn path=/trunk/; revision=7233
|
|
svn path=/trunk/; revision=7232
|
|
svn path=/trunk/; revision=7231
|
|
svn path=/trunk/; revision=7230
|
|
svn path=/trunk/; revision=7228
|
|
wasn't done, and, for TCP, use that mechanism if reassembly isn't done
is an incorrect TCP checksum.
svn path=/trunk/; revision=7212
|
|
"tcp_dissect_pdus()".
svn path=/trunk/; revision=7179
|
|
overflow.
svn path=/trunk/; revision=7169
|
|
belongs, as that's redundant.
Fix a bunch of cases where that was done, and map the old name to the
new name.
Instead of marking "mtp3.mtp3_standard" as obsolete, map it to
"mtp3.standard".
svn path=/trunk/; revision=7030
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
svn path=/trunk/; revision=6792
|
|
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
|
|
whether we have that much data.
svn path=/trunk/; revision=6675
|
|
svn path=/trunk/; revision=6577
|
|
svn path=/trunk/; revision=6576
|
|
which caused crashes sometimes.
svn path=/trunk/; revision=6546
|
|
ZeroWindow: ZeroWindow segments are detected and flagged
ZeroWindowProbe: detected and flagged
ZeroWindowViolation: attempts to write >1 byte of data to a zerowindow is detected and flagged.
svn path=/trunk/; revision=6543
|
|
detect suspected duplicate ACKs.
svn path=/trunk/; revision=6542
|
|
its starting sequence number, as the "fragment ID" when reassembling,
and include the source and destination port numbers in a
"tcp_segment_key" structure and use that as part of the key in the hash
table for segments, so that we don't get spoofed by segments in two
directions in the same conversation, or by segments in two separate
conversations between the same hosts, having the same starting sequence
number (which is not unlikely to happen if relative sequence numbers are
being used).
svn path=/trunk/; revision=6443
|
|
svn path=/trunk/; revision=6303
|
|
svn path=/trunk/; revision=6274
|
|
If the addresses are equal, compare the ports with '>' instead of '-'
since '>' will work regardless of whether the values are unsigned or not.
svn path=/trunk/; revision=6268
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
svn path=/trunk/; revision=6065
|
|
guaranteed to return 0, a positive number, or a negative number, based
on the result of the comparison. Furthermore, if it returns 0, meaning
the source and destination addresses are the same, we have to look at
the port numbers to decide which side of the conversation the frame is
from.
svn path=/trunk/; revision=6064
|
|
tcp sequence number analysis flags, such as retransmission , lost-segment, etc
to make it easier to search for all these conditions.
svn path=/trunk/; revision=6056
|
|
epan/packet.c
It was cut and pasted into seven other dissectors!
svn path=/trunk/; revision=6052
|
|
packets to display the ACK data for.
svn path=/trunk/; revision=6008
|
|
Fixed another tiny bug where it would forget to check ACKs outside the window
sometimes.
svn path=/trunk/; revision=6001
|
