| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
svn path=/trunk/; revision=6792
|
|
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
|
|
whether we have that much data.
svn path=/trunk/; revision=6675
|
|
svn path=/trunk/; revision=6577
|
|
svn path=/trunk/; revision=6576
|
|
which caused crashes sometimes.
svn path=/trunk/; revision=6546
|
|
ZeroWindow: ZeroWindow segments are detected and flagged
ZeroWindowProbe: detected and flagged
ZeroWindowViolation: attempts to write >1 byte of data to a zerowindow is detected and flagged.
svn path=/trunk/; revision=6543
|
|
detect suspected duplicate ACKs.
svn path=/trunk/; revision=6542
|
|
its starting sequence number, as the "fragment ID" when reassembling,
and include the source and destination port numbers in a
"tcp_segment_key" structure and use that as part of the key in the hash
table for segments, so that we don't get spoofed by segments in two
directions in the same conversation, or by segments in two separate
conversations between the same hosts, having the same starting sequence
number (which is not unlikely to happen if relative sequence numbers are
being used).
svn path=/trunk/; revision=6443
|
|
svn path=/trunk/; revision=6303
|
|
svn path=/trunk/; revision=6274
|
|
If the addresses are equal, compare the ports with '>' instead of '-'
since '>' will work regardless of whether the values are unsigned or not.
svn path=/trunk/; revision=6268
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
svn path=/trunk/; revision=6065
|
|
guaranteed to return 0, a positive number, or a negative number, based
on the result of the comparison. Furthermore, if it returns 0, meaning
the source and destination addresses are the same, we have to look at
the port numbers to decide which side of the conversation the frame is
from.
svn path=/trunk/; revision=6064
|
|
tcp sequence number analysis flags, such as retransmission , lost-segment, etc
to make it easier to search for all these conditions.
svn path=/trunk/; revision=6056
|
|
epan/packet.c
It was cut and pasted into seven other dissectors!
svn path=/trunk/; revision=6052
|
|
packets to display the ACK data for.
svn path=/trunk/; revision=6008
|
|
Fixed another tiny bug where it would forget to check ACKs outside the window
sometimes.
svn path=/trunk/; revision=6001
|
|
svn path=/trunk/; revision=5945
|
|
into it, as soon as we've extracted the source and destination ports
from the packet, so that if we throw an exception fetching something
else from the packet, we still have the protocol tree and ports.
svn path=/trunk/; revision=5943
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
1, Analyze TCP sequence numbers.
This option will keep track of sequence numbers for all tcp sessions
and flag the following:
a, If a new segment is seen which is beyong the right edge this is
an indication that the previous segment was lost and this will be
flagged as previous segment lost.
b, If a segment is seen which lies left of the right edge this is flagged
as retransmission.
c, if a keep-alive is seen (empty segment, seq==expected seq-1)
this is flagged as a retransmission.
d, if an ACK is seen which is beyond the right edge this is an indication
that a segment has been lost and it will be flagged as segment lost.
All ACKs which advance the left edge get the RTT displayed between the ACKed
segment and the ACK itself. The ACK also gets an indication of WHICH segment
it is an ACK for.
2, Relative sequence numbers. This option needs the first option to be selected
as well. This option will as best as it can try to get ethereal to use
relative sequence numbers instead of absolute ones.
The patch does not handle sequence number wrapping and unexpected results
can probably happen for such.
svn path=/trunk/; revision=5931
|
|
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
svn path=/trunk/; revision=5889
|
|
fetched the source and destination port numbers, so that they're
available to the "Follow TCP Stream" code even if we throw an exception
dissecting the rest of the TCP header.
svn path=/trunk/; revision=5811
|
|
in TCP, UDP, and SCTP, try the lower port number first, and then the
higher port number; this means that, for packets where a dissector is
registered for *both* port numbers:
1) we pick the same dissector for traffic going in both directions;
2) we prefer the port number that's more likely to be the right
one (as that prefers well-known ports to reserved ports);
although there is, of course, no guarantee that any such strategy will
always pick the right port number.
Ignore port numbers of 0, as some dissectors use a port number of 0 to
disable the port, and as RFC 768 says that the source port in UDP
datagrams is optional and is 0 if not used.
svn path=/trunk/; revision=5656
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
svn path=/trunk/; revision=5399
|
|
a negative value.
Use "tvb_ensure_length_remaining()" in "tcp_dissect_pdus()", rather than
checking the return value of "tvb_length_remaining()" ourselves, and
make various variables and parameters in it "guint" as appropriate.
svn path=/trunk/; revision=5396
|
|
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
|
|
visible in the summary display.
svn path=/trunk/; revision=5379
|
|
svn path=/trunk/; revision=5210
|
|
that it gets done even if the subdissector throws an exception (and so
that, if the subdissector modifies the addresses or ports, we still hand
the right values to "reassemble_tcp()").
svn path=/trunk/; revision=5140
|
|
svn path=/trunk/; revision=5062
|
|
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
svn path=/trunk/; revision=5025
|
|
hash table before freeing the memory chunks for those elements.
Destroy that hash table when we're done, and set the pointer to it to
null so that we'll reallocate it.
svn path=/trunk/; revision=4794
|
|
as raw TCP segment data under the TCP protocol tree item, rather than as
a top-level data item - and do so even for the last of the segments
reassembled into that packet.
svn path=/trunk/; revision=4754
|
|
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
|
|
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
|
|
reassembled TCP data being able to indicate that they need still more
reassembly, so that, for example, a dissector can indicate that it needs
reassembly in order to dissect a header that says how long the PDU is
and, when that reassembly is done and it dissects the header, it can
then indicate that it needs more reassembly to get the entire PDU.
svn path=/trunk/; revision=4694
|
|
svn path=/trunk/; revision=4693
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
|
|
desegmentation even though we don't know whether the checksum is valid).
I've seen packets with bad TCP checksums in Solaris network traces, but
the traffic appears to indicate that the packet *was* received; I
suspect the packets were sent by the host on which the capture was being
done, on a network interface to which checksumming was offloaded, so
that DLPI supplied an un-checksummed packet to the capture program but a
checksummed packet got put onto the wire.
svn path=/trunk/; revision=4571
|
|
setting the "pinfo->fragmented" flag.
If a ReportedBoundsError occurs, flag the frame as being an
unreassembled packet, not an unreassembled fragmented packet, as it may
have been segmented across TCP segment boundaries rather than being part
of an IPv4/IPv6/CLNP/etc. fragmented/segmented packet.
svn path=/trunk/; revision=4558
|
|
the list of segments in a desegmented PDU as unsigned, rather than
signed.
Fix some other displays of unsigned quantities with "%d" while we're at
it.
svn path=/trunk/; revision=4516
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|
|
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
|
|
svn path=/trunk/; revision=4335
|
