| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
packets were correct. Bad packets could cause segfaults.
svn path=/trunk/; revision=641
|
|
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:
tr.sr
or by its negation:
!tr.sr
svn path=/trunk/; revision=591
|
|
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.
svn path=/trunk/; revision=589
|
|
svn path=/trunk/; revision=565
|
|
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
|
|
svn path=/trunk/; revision=456
|
|
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.
The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.
All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.
I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29
I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
ipx.srcnet == 0xc0a82c00
rather than this:
ipx.srcnet == c0:a8:2c:00
I can supposrt the byte-range type IPXNET in the future, very trivially.
I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!
svn path=/trunk/; revision=414
|
|
allowing users to filter on the existence of these protocols. I also
added packet-clip.c to the Nmake makefile.
svn path=/trunk/; revision=402
|
|
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.
Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".
Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.
svn path=/trunk/; revision=364
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
|
for RIF bytes w/o the source-route bit being set.
svn path=/trunk/; revision=316
|
|
to use the decode_*_bitfield() routines. This needed to happen anyway, but
I finally made the change so that I can figure out how I'm going to handle
bitfield fields in my experiment of changing the implementation of the
protocol tree in ethereal.
svn path=/trunk/; revision=311
|
|
reference the protocol tree with struct proto_tree and struct proto_item
objects. That way, the packet decoding source code file can be used with
non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged
some of the information in packet.h to more appropriate places (like other
packet-*.[ch] files).
svn path=/trunk/; revision=223
|
|
svn path=/trunk/; revision=197
|
|
update the packet counts and percentages in the dialog box popped up
during a capture, even for non-Ethernet captures.
svn path=/trunk/; revision=184
|
|
proper bounds checking. Fixed.
svn path=/trunk/; revision=164
|
|
* Added check_col(), add_col_str() and add_col_fmt() to replace references
to ft->win_info.
* Added column prefs handling code.
svn path=/trunk/; revision=97
|
|
because it is still in its infancy, but it can be compiled in optionally.
The library exists in its own subdirectory ethereal/wiretap. This patch also
edits all the packet-*.c files to remove the #include <pcap.h> line which is
unnecessary in these files. In the ethereal code, file.c is the most heavily
modified with #ifdef WITH_WIRETAP lines for the optional library.
svn path=/trunk/; revision=82
|
|
svn path=/trunk/; revision=41
|
|
generalizes the column printing code, adds a "frame" tree item to
the tree view, and fixes a bunch of miscellaneous coding bugs.
svn path=/trunk/; revision=31
|
|
fields. I got rid of a lot of pd[x] type stuff. I also made the TR code
a bit smarter again. With Linux 2.0.x and oltr, the source-route bit is
cleared before we get it. I can now detect more packets that were source-
routed but had their SR bit cleared.
svn path=/trunk/; revision=16
|
|
svn path=/trunk/; revision=11
|
|
svn path=/trunk/; revision=7
|
|
svn path=/trunk/; revision=2
|
