Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=878
|
|
svn path=/trunk/; revision=845
|
|
as BGP is a protocol on top of TCP, it may have trouble parsing
out-of-sync data (in most cases data is aligned on packet, it seems).
svn path=/trunk/; revision=843
|
|
svn path=/trunk/; revision=838
|
|
for converting IPv[46] numeric notation to/from binary form.
recent BIND includes those functions so fallback is not necessary on
most of the platforms.
sorry if it raises any portability problem on other platforms.
remove partial inclusion of inet_ntop() in packet-ipv6.c.
move ip6_to_str() to packet.c, it fits better there than packet-ipv6.c.
svn path=/trunk/; revision=829
|
|
svn path=/trunk/; revision=828
|
|
for ip.ip_p and ip6.ip6_nxt (and other IPv6 header chain).
use val_to_str() as much as possible in dissect_{ipv6,pim,ripng}().
make --disable-zlib a default for netbsd (temporary workaround).
svn path=/trunk/; revision=827
|
|
protocols.
svn path=/trunk/; revision=824
|
|
well.
Add some more protocols to the list of value/string pairs for IP
protocol types.
svn path=/trunk/; revision=822
|
|
and RIPng decoding.
svn path=/trunk/; revision=818
|
|
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
|
|
Also added first pass of state keeping. I am using glib's hash
functions.
Modelled after packet-ncp.c.
We will need to standardize the <proto>_init_protocol functions called in
file.c at some stage ...
I will have a couple of more goes at the state keeping before I am finished.
At the moment, the infrastructure is there but I do nothing with it.
svn path=/trunk/; revision=798
|
|
svn path=/trunk/; revision=790
|
|
1. Fix some silly errors.
2. Dont decode beyond Word Count if errcode > 0
3. Decode a bunch mode SMBs
Next is to keep state so we can do a better job ...
svn path=/trunk/; revision=758
|
|
specified number of bytes of captured data in the frame at the specified
offset, and a "IS_DATA_IN_FRAME()" macro, to test whether there are any
bytes of captured data in the frame at the specified offset, and convert
some bounds checks to use them.
Add a dissector for the Internet Printing Protocol.
svn path=/trunk/; revision=685
|
|
svn path=/trunk/; revision=677
|
|
the "File/Print" dialog box; "Expand all levels" means that all levels
of the protocol tree should be printed, while "Print as displayed" means
that only those levels shown in the display should be printed.
Free the table of column widths once printing is done.
svn path=/trunk/; revision=671
|
|
prints the protocol tree, and summary prints the fields in the summary
clist, with a header line at the beginning of the printout.
Print only packets selected by the current packet filter.
Just have "ARP" and "RARP" in the "Protocol" field for ARP packets;
whether it's a request or a reply can be seen in the "Info" field.
Add to the "Frame" section of the protocol tree the time between the
current packet and the previous displayed packet, and the packet number.
Have FT_RELATIVE_TIME fields be a "struct timeval", and display them as
seconds and fractional seconds (we didn't have any fields of that type,
and that type of time fits the delta time above).
Add an FT_DOUBLE field type (although we don't yet have anything using
it).
svn path=/trunk/; revision=666
|
|
to recognize and handle protocol field compression.
svn path=/trunk/; revision=651
|
|
Move some defines that would be used even by a non-GTK+-based Ethereal
from "gtk/main.h" to "globals.h".
Remove the byte-order #defines from "packet.h", as they're now in
"globals.h" (having been moved there from "gtk/main.h").
Fix up some files that use those #defines to include "globals.h".
"resolv.c" doesn't use any GTK stuff, so it needn't include <gtk/gtk.h>
nor "gtk/main.h" - it only did so to get the byte-order #defines for the
benefit of "packet-ipv6.h", and "packet-ipv6.h" now includes them
itself.
svn path=/trunk/; revision=649
|
|
Frame protocol (that being what this dissects).
If you're cutting up something into bitfields, the bitfield dissection
returned by "dissect_bitfield_XXX()" should be the first text on the
line - if not, then if the text items that come before the various
bitfields aren't all the same length, the bits don't line up.
Cope with packets from one of Gilbert's captures, where the sender
"name" in some NBF datagrams isn't a NetBIOS name, it's 10 octets of 0
followed by a MAC address!
The "name type" in the "Data2" field of NBF frames is 0x00 for unique
names and 0x01 for group names, not a "16th character of a NetBIOS name"
name type.
Fix up various other things.
svn path=/trunk/; revision=633
|
|
according to what NetMon thinks the bits are).
svn path=/trunk/; revision=629
|
|
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
|
|
of option code, one octet of length (which includes the two option code
and length bytes), followed by 0 or more octets of option data, with
some options being fixed-length and some being variable-length. Put
some stuff from the PPP control protocol option parsing code into the
IP-and-TCP option parsing code, and use the latter instead of the
former.
(That code might also be usable for CDP as well, with some stuff added
to it.)
Shuffle the arguments to "dissect_ip_tcp_options()" to resemble those of
various other dissectors (i.e., with the "proto_tree *" at the end).
Add in code to dissect a pile of PPP options documented in various RFCs.
svn path=/trunk/; revision=601
|
|
Add in the Identification and Time Remaining codes for LCP.
Add in a pile of other LCP options, albeit without anything more than
names for now.
Don't say "1 bytes", say "1 byte".
Don't use "dissect_data()" to dissect part of a *CP packet, and don't
dissect opaque data if there're zero bytes of it.
svn path=/trunk/; revision=578
|
|
Have a common routine to parse both LCP and IPCP, as IPCP is based on
LCP.
Have only one "value_string" array of PPP protocol types, with all the
types we know about.
svn path=/trunk/; revision=577
|
|
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=573
|
|
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
|
|
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
|
|
is the only file that uses them. I hope to avoid some compiler warnings
with this.
svn path=/trunk/; revision=512
|
|
bunch of source files.
Replace the "payload" field of a "packet_info" structure with "len" and
"captured_len" fields, which contain the total packet length and total
captured packet length (including all headers) at the current protocol
layer (i.e., if a given layer has a length field, and that length field
says its shorter than the length we got from the capture, reduce the
"pi.len" and "pi.captured_len" values appropriately). Those fields can
be used in the future if we add checks to make sure a field we're
extracting from a packet doesn't go past the end of the packet, or past
the captured part of the packet.
Get rid of the additional payload argument to some dissection functions;
use "pi.captured_len - offset" instead.
Have the END_OF_FRAME macro use "pi.captured_len" rather than
"fd->cap_len", so that "dissect the rest of the frame" becomes "dissect
the rest of the packet", and doesn't dissect end-of-frame padding such
as padding added to make an Ethernet frame 60 or more octets long. (We
might want to rename it END_OF_PACKET; if we ever want to label the
end-of-frame padding for the benefit of people curious what that extra
gunk is, we could have a separate END_OF_FRAME macro that uses
"fd->cap_len".)
svn path=/trunk/; revision=506
|
|
capture is in progress.
svn path=/trunk/; revision=491
|
|
packet and the previous *displayed* packet, rather than the previous
packet in a capture.
svn path=/trunk/; revision=486
|
|
LLC, the original NetBIOS encapsulation).
svn path=/trunk/; revision=466
|
|
N^2 in the ultimate size of the list (as "g_list_append()" is linear in
the size of the list, at least when used in the way the GLib
documentation says to use it); instead, maintain our own linked list of
"frame_data" structures for all packets read, including a pointer to the
last element.
"gtk_clist_set_row_data()" is linear in the row number, so if it's used
to attach a pointer to the "frame_data" structure for a packet to the
packet list GtkClist row for each packet, that's also N^2 in the number
of packets in that packet list; instead, store the row number in the
"frame_data" structure, and find the packet for a given row by scanning
the list for it (we were already scanning the list linearly to find that
packet's index in the list of all packets; that's only done when a
packet's selected, so it's not *too* bad, but it might be nice to avoid
having to do that scan).
svn path=/trunk/; revision=457
|
|
SDLC-derived protocols such as HDLC and derivatives of it such as LAPB,
IEEE 802.2 LLC, and so on. Have the LLC and LAPB dissectors use it.
Make "dissect_numeric_bitfield()" put the low-order bit of the bitfield
in the low-order bit of an integer when printing it, so that the right
value is printed.
svn path=/trunk/; revision=434
|
|
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
|
|
addresses, IP protocols, and TCP/UDP port numbers (as those are
unsigned).
svn path=/trunk/; revision=411
|
|
string pointer from the result of ip_to_str (statically allocated string).
Use the ip_src and the new field ip_dst in follow.c to build a correct
string display filter.
svn path=/trunk/; revision=408
|
|
with the ATM on Linux software from <http://lrcwww.epfl.ch/linux-atm/>.
svn path=/trunk/; revision=401
|
|
COL_INFO columns resize automatically even during a live
capture;
columns showing network addresses never resize automatically;
other columns resize only when a capture is done;
and make all columns resizeable by hand (once they've resized, for
auto-resizeable columns).
svn path=/trunk/; revision=394
|
|
svn path=/trunk/; revision=377
|
|
svn path=/trunk/; revision=375
|
|
svn path=/trunk/; revision=358
|
|
and some difficult things.
I should not have blown away any of Gilbert's stuff this time around ...
Hope not anyway ...
svn path=/trunk/; revision=357
|
|
Gilbert's new protocol-tree code (and to a bunch of other changes); put
all the missing changes back in.
svn path=/trunk/; revision=354
|
|
problems with single bit fields when declared as an enumerated field.
It shows an unknown ... Damn ... Can't see what the problem is.
svn path=/trunk/; revision=353
|
|
svn path=/trunk/; revision=350
|
|
new proto_tree routines. I also removed the check for lex and yacc from
wiretap's configure script. The IP dissector now uses
proto_register_field_array().
svn path=/trunk/; revision=348
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|