| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=2460
|
|
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
|
|
This keeps tvbuff.c generic; it doesn't have to pull in packet.h and all
of it's included files.
svn path=/trunk/; revision=2409
|
|
just in case time goes backwards (yes, it sometimes does happen in
captures).
svn path=/trunk/; revision=2407
|
|
Remove tvb_get_stringz from quake dissector and add tvb_get_nstringz,
tvb_get_nstringz0, and tvb_strnlen to tvbuff.c.
Remove multiple definitions of pntohl and friends from various places
(except for wiretap) and put into pint.h
Consolidate duplicate code for turning FT_* enums into strings (ala the
glossary).
svn path=/trunk/; revision=2382
|
|
svn path=/trunk/; revision=2336
|
|
the middle mouse button. The marked packets are displayed in
reverse video but this should change in the future (the color
should be configurable via the GUI).
Then, the marked packets can be saved (via the "Save as"
window dialog).
Other features will be added in the future (I am waiting for
your comments and wishes).
svn path=/trunk/; revision=2322
|
|
svn path=/trunk/; revision=2313
|
|
SCTP ports in "col_set_port()", and add a "get_sctp_port()" routine to
resolve SCTP port numbers to services.
Also, make the "get_XXX_port()" routines format the port number as an
unsigned integer, rather than a signed integer, if the service name for
the port isn't found (the port number passed in is unsigned).
svn path=/trunk/; revision=2295
|
|
supplied in the "p_add_proto_data()" call that created the entry, not
the pointer to the data structure that holds the protocol and data
arguments to "p_add_proto_data()" (the protocol is uninteresting, as
its value is the value supplied as the "proto" argument to
"p_get_proto_data()".
The "frame_proto_data" structure isn't needed outside the code that
handles it; remove its definition from "packet.h" and put it in
"packet.c".
svn path=/trunk/; revision=2260
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
to refer to 64-bit integral quantities, add "pntohll()" and "phtonll()"
macros, and "tvb_get_ntohll()" and "tvb_get_letohll()" routines, for
fetching 64-bit integral quantities.
(They're still a pain to *print*, as there's no standard "printf" format
code for them - some systems use "%ll[dox]", some use "%q[dox]", and I
think some use formats different from all of them.)
svn path=/trunk/; revision=2243
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
|
|
Move max_len settings in various col_* functions outside of loop.
Add 'writable' flag to col_info. check_col() honors its. dissect_packet()
sets it as TRUE. dissect_ah() optionally sets it to FALSE.
Add col_set_writable() function to set the 'writable' flag. Accepts
frame_data arg just like the rest of the column functions. It checks to
make sure fd->cinfo is not NULL.
svn path=/trunk/; revision=2125
|
|
svn path=/trunk/; revision=2012
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
|
|
Convert ethertype() and dissect_null() to use tvbuff.
svn path=/trunk/; revision=1979
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
Non-tvbuff dissectors create a tvbuff when calling dissect_llc()
Changed name of current_proto to match string in COL_PROTO ("FDDI" instead of "fddi")
Changed short text to be: [Short Frame: %s] where %s is current_proto.
svn path=/trunk/; revision=1943
|
|
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
|
|
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
|
|
destination network-layer addresses of the servers, and the NCP
connection number, and use the pointer to the conversation and the
request sequence number as the hash key for the table of requests used
to find the request for a given response; this lets it work with
NCP-over-TCP and NCP-over-UDP.
Register the NCP dissector with the UDP dissector in the handoff
registration routine for NCP, just as we do with the TCP dissector.
svn path=/trunk/; revision=1878
|
|
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
svn path=/trunk/; revision=1850
|
|
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
|
|
"dissect_init()" and "dissect_cleanup()", in "packet.c", so that we
don't duplicate those routines in Ethereal and Tethereal (and so on),
and don't have to remember to update N different versions of them if we
have to change the way we do one-time initialization and cleanup.
svn path=/trunk/; revision=1790
|
|
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
|
|
hash table attached to "udp.port" out of "init_dissect_udp()" into
"proto_register_udp()", so that it's done the way TCP does it, and then
get rid of "init_dissect_udp()".
svn path=/trunk/; revision=1781
|
|
field, to allow dissectors to register their dissection routine in a
particular field's hash table with a particular "port" value, and to
make the TCP and UDP dissectors support that for their "port" field and
to look up ports in that hash table.
This replaces the hash table that the UDP dissector was using.
There's still more work needed to make this useful - right now, the hash
tables are attached to the protocol field in the register routines for
the TCP and UDP protocols, which means that the register routines for
protocols that run atop TCP and UDP can't use this unless their register
routines happen to be called after those for TCP and/or UDP, and several
other protocols need to attach hash tables to fields, and there's no
single global field for Ethernet types so we can't even attach a hash
table to such a field to allow protocols to register themselves with a
particular Ethertype - but it's a start.
svn path=/trunk/; revision=1779
|
|
Use glib as far as possible. Currently have data structures and routines
defined ... Next will write the routines ...
svn path=/trunk/; revision=1748
|
|
which means we're already doing a "do something to the last row in the
packet list" operation on every frame we add to the list, so adding a
call to "gtk_clist_set_row_data()" won't make matters worse.
In addition, we already set one column in a row on a "change time
format" operation, so finding the row for a frame by calling
"gtk_clist_find_row_from_data()" doesn't turn a constant-time operation
into a linear-time operation, it just cranks the proportionality
constant up - it was quadratic before, alas, and it's still quadratic.
Adding calls to "gtk_clist_find_row_from_data()" to the "Find Frame" and
"Go To Frame" code does add an extra linear operation there, but those
operations shouldn't be common - and "Go To Frame", going to the last
frame on an ~100,000-frame big capture file, was quick, at least on my
450 MHz Pentium II machine, so maybe it won't be too bad.
And "select_packet()" either has to search the frame table for the frame
with the specified row number, or has to call "gtk_clist_get_row_data()"
to do that - the first is linear in the position of the frame in the
frame table, and the latter is linear in its position in the CList, and
the latter is less than or equal to the former, so the only thing making
it worse would be a change in the proportionality constant.
So it probably won't hurt performance by much.
Furthermore, if we add the ability to sort the display on an arbitrary
column, or to delete frames from the display - both of which are in the
wish list - storing the row number of the frame in the "frame_data"
structure won't necessarily work, as the row number can change out from
under us.
Therefore, reinstate the old way of doing things, where we associate
with each row a pointer to the "frame_data" structure for the row, using
"gtk_clist_set_row_data()".
svn path=/trunk/; revision=1703
|
|
This function is used to re-initialize the hash table used by the X.25
dissector to record the upper layer protocol used by each VC. The hash
table should be re-initialized each time we read / start a new capture.
I moved the definition of the function from packet.h to packet-x25.h, and
added calls to reinit_x25_hashtable() in read_cap_file (file.c) and
do_capture (capture.c).
svn path=/trunk/; revision=1644
|
|
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
|
|
* fix a bug in packet-tftp.c dissecting TFTP Option Acknowledgement
packets. The is no Block-Id in TFTP Option Acknowledgements, as it is
in TFTP Acknowledgements.
* Extension of manuf by ethernet addresses from ELSA (my company), a german
vendor of ISDN routers, cable modems, etc.
* New dissector for Time Protocol [RFC 0868]. That protocol works on port
37 of UDP and TCP. The implementation in this patch only dissects the
more usual UDP version. It could print the time in a more fashion way,
but thats for a later version.
svn path=/trunk/; revision=1609
|
|
svn path=/trunk/; revision=1603
|
|
svn path=/trunk/; revision=1601
|
|
svn path=/trunk/; revision=1537
|
|
whether we're building a protocol tree or not.
Make "dissect_eth()" use "BYTES_ARE_IN_FRAME()" to see if we have a full
Ethernet header - it can be called with a non-zero offset, if Ethernet
frames are encapsulated inside other frames (e.g., ATM LANE).
Make capture routines take an "offset" argument if the corresponding
dissect routine takes one (for symmetry, and for Cisco ISL or any other
protocol that encapsulates Ethernet or Token-Ring frames inside other
frames).
Pass the frame lengths to capture routines via the "pi" structure,
rather than as an in-line argument, so that they can macros such as
"BYTES_ARE_IN_FRAME()" the way the corresponding dissect routines do.
Make capture routines update "pi.len" and "pi.captured_len" the same way
the corresponding diseect routines do, if the capture routines then call
other capture routines.
Make "capture_vlan()" count as "other" frames that are too short, the
way other capture routines do.
svn path=/trunk/; revision=1525
|
|
above VINES.
svn path=/trunk/; revision=1514
|
|
svn path=/trunk/; revision=1433
|
|
"file.c" to "packet.c"; it's not really related to file access (or to
manipulating the packet list as a whole, which much of the stuff in
"file.c" is really for), but is more related to analyzing packets, and
moving it to "packet.c" lets me build an experimental "line-mode" flavor
of Ethereal (based on Gilbert's "tethereal" experiment) - "line-mode"
means "like tcpdump or snoop" - without having to drag in "file.c" and a
pile of GUI stuff.
svn path=/trunk/; revision=1388
|
|
svn path=/trunk/; revision=1340
|
|
and V.120 decoder.
svn path=/trunk/; revision=1304
|
|
In packet_hex_print(), compute (bstart + blen) only once.
In time_secs_to_str(), return a meaningful string when time == 0, instead
of returing pointer to char buffer with old, inappropriate data in it.
svn path=/trunk/; revision=1297
|
|
svn path=/trunk/; revision=1295
|
|
I have a chance to figure out ASN.1
svn path=/trunk/; revision=1254
|
|
svn path=/trunk/; revision=1234
|
|
svn path=/trunk/; revision=1232
|
|
svn path=/trunk/; revision=1219
|
|
svn path=/trunk/; revision=1191
|
|
svn path=/trunk/; revision=1173
|
