Age | Commit message (Collapse) | Author | Files | Lines |
|
routine, which calls all routines found in the dissector source files
with names that match " proto_reg_handoff_[a-z_0-9A-Z]*".
Call "register_all_protocol_handoffs()" after calling
"register_all_protocols()" - "register_all_protocols()" needs to be
called first, so that all protocols can register their fields, because
registering a dissector as being called if field "proto.port" is equal
to N requires that "proto.port" be a registered field.
Give DNS a handoff registration routine, and register its dissector to
be called if "udp.port" is UDP_PORT_DNS; remove the registration of DNS
from "packet-udp.c", and make "dissect_dns()" static (as nobody else
need know that it exists).
svn path=/trunk/; revision=1788
|
|
"make-reg-dotc" script is changed, "register.c" is remade (as the change
may change what it generates).
svn path=/trunk/; revision=1787
|
|
processing (as TFTP does), and don't have comments suggesting that extra
checks are needed, with the port table.
svn path=/trunk/; revision=1786
|
|
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
|
|
than duplicating the allocation code in "read_cap_file()" and
"start_tail_cap_file()".
svn path=/trunk/; revision=1784
|
|
all the other public functions in proto.c start with "proto_".
svn path=/trunk/; revision=1783
|
|
some network problems today, so I checked this in for him.
svn path=/trunk/; revision=1782
|
|
hash table attached to "udp.port" out of "init_dissect_udp()" into
"proto_register_udp()", so that it's done the way TCP does it, and then
get rid of "init_dissect_udp()".
svn path=/trunk/; revision=1781
|
|
the check for plugins after the check for ONC RPC protocols, so that we
do the checks in the same order for TCP and UDP (ONC RPC first, as we
expect the RPC heuristics not to get false hits, and ONC RPC protocols
could well use ports that are nominally assigned to other protocols).
svn path=/trunk/; revision=1780
|
|
field, to allow dissectors to register their dissection routine in a
particular field's hash table with a particular "port" value, and to
make the TCP and UDP dissectors support that for their "port" field and
to look up ports in that hash table.
This replaces the hash table that the UDP dissector was using.
There's still more work needed to make this useful - right now, the hash
tables are attached to the protocol field in the register routines for
the TCP and UDP protocols, which means that the register routines for
protocols that run atop TCP and UDP can't use this unless their register
routines happen to be called after those for TCP and/or UDP, and several
other protocols need to attach hash tables to fields, and there's no
single global field for Ethernet types so we can't even attach a hash
table to such a field to allow protocols to register themselves with a
particular Ethertype - but it's a start.
svn path=/trunk/; revision=1779
|
|
svn path=/trunk/; revision=1778
|
|
to use a G_ALLOC_ONLY memory chunk rather than a G_ALLOC_AND_FREE memory
chunk.
svn path=/trunk/; revision=1777
|
|
reduces the memory required for one big capture file I have by about 10
megabytes, and speeds up the reading in of that file, presumably because
it amortizes the memory-allocator space and CPU time overhead over
a set of several "frame_data" structures.
svn path=/trunk/; revision=1776
|
|
One of those improvements adds an "exit now" after we've filled in the
protocol and info columns if we're not building a protocol tree,
obviating the need for the "parse only the first request in the sequence
if we're not building a protocol tree" code I stuck in, so remove the
latter code.
svn path=/trunk/; revision=1775
|
|
"global" dialog box when "Edit:Filters" is selected, so that the list of
filters can be edited, and "filter_browse_cb()", which pops up a dialog
box associated with a "Filter:" button and a text entry widget attached
to that button, so that a filter can be selected or saved (although it
also supports the same editing that the "global" dialog box does).
Have "filter_dialog_cb()" connect the window in which the "Filter:"
button lives and the filter dialog box, so that:
if the window in which the "Filter:" button lives goes away, so
does the filter dialog box (as it no longer has a text widget
into which it can stuff the selected filter);
if the "Filter:" button is clicked when there's already a filter
dialog box open, we just reactivate that existing dialog box
rather than popping up a new one.
Also keep a pointer to the "global" filter dialog box, so that we also
arrange that there's only one of them (by reactivating the existing on
if "Edit:Filters" is selected when there's already a "global" filter
dialog box open).
Keep around pointers to the dialog boxes that contain the "Filter:"
buttons, so that we can arrange that there be only one of them (that was
a side-effect of an earlier attempt at fixing the problems described
above, but it's still useful for keeping multiple competing dialog boxes
from being open - there's more of that to be done).
Make the pointer to the "Open Capture File" dialog box widget static to
"file_dlg.c" - nobody outside of "file_dlg.c cares about it.
svn path=/trunk/; revision=1774
|
|
Stream" windows - the window should always be deleted in that situation,
so there's no need for a signal handler that might return TRUE (meaning
"don't delete the window"), and the "destroy" handler gets called when
the window actually gets destroyed, so there's no need to do any cleanup
in the "delete_event" handler.
Catch the "delete_event" signal on the main window in a routine with the
right signature, and that returns FALSE so that the window actually gets
deleted.
Call "close_cap_file()" in the callback for the "File:Quit" menu item
(which is also called by the "delete_event" handler for the main
window), rather than calling it after "gtk_main()" returns -
"close_cap_file()" manipulates stuff in the main window, and if we do so
after "gtk_main()" returns, it appears that the main window may have
disappeared (if we are exiting because the user deleted the main
window), in which case we can get crashes or other errors when
"close_cap_file()" tries to manipulate stuff in the main window.
There's no need to catch the "destroy" signal on the main window - we do
some of the cleanup in the handler for "delete_event" (we have to, for
reasons described above), and we do the rest of it after the main
routine returns.
svn path=/trunk/; revision=1773
|
|
routines we register get called.
Register the "follow TCP stream" windows with "gtk_quit_add_destroy()",
so that, when Ethereal exits, they all get destroyed; this means that
their destroy callbacks get called, which means that they get to delete
their temporary files, so that, if you exit Ethereal without manually
closing the "follow TCP stream" windows, the temporary files don't get
left around.
Exit from Ethereal's "main()" function by calling "gtk_exit()", rather
than "exit()", so that we do whatever cleanup GTK+ requires. (We used
to call "gtk_exit()" in the callback for the "File:Quit" menu item and
the "delete" callback for the main window, but we now just call
"gtk_main_quit()" so that we exit from the main loop.)
svn path=/trunk/; revision=1772
|
|
window manager tries to delete it, so no callback is needed for the
"destroy" or "delete_event" signals (grabs are, at least in GTK+ 1.2.7,
removed when a widget is destroyed, and there's no need for the destroy
callback to destroy the widget itself; the delete event handler *could*,
for example, pop up a dialog box saying "Do you really want to close
this?", and allow the user to back out of the operation, but there's
no unsaved work that would be lost by closing the window, so there's no
point in having a delete event handler that does that).
svn path=/trunk/; revision=1771
|
|
enabled. The counter is incremented in enable_plugin() and decremented
in disable_plugin().
In add_packet_to_packet_list(), we check this counter (instead of
plugin_list) to see if there is at least one enabled plugin. If this is
the case, we must build the protocol tree.
svn path=/trunk/; revision=1770
|
|
gives you everything that "-Aa" does, plus the extensions that you get
only with "-Ae", and that there's no need to specify "-Aa" if you've
specified "-Ae". Therefore, we get rid of "-Aa".
svn path=/trunk/; revision=1769
|
|
The "present" choice in the type Filter is, in LDAP V2,
AttributeType, and, in LDAP V3, it's AttributeDescription. Both of
those are just LDAPString, which is, in turn, OCTET STRING, so it should
be required to have the primitive representation (unless and until we
add support for the constructed representation of octet strings - but
RFC 1777, the LDAP V2 spec, says
(2) Bitstrings and octet strings and all character string types
will be encoded in the primitive form only.
and RFC 2251, the LDAP V3 spec, says
(2) OCTET STRING values will be encoded in the primitive form only.
so we shouldn't ever see it with the constructed representation), and be
parsed with "asn1_octet_string_value_decode()", as, by that point, we've
already dissected the ASN.1 id and length.
Put the bind authorization type into the protocol tree before switching
on the type, so that it goes in even if it's not something we yet
dissect, and actually pass it as an argument to "proto_tree_add_item()"
(alas, "proto_tree_add_item()" is a varargs function, so this error
couldn't have been detected by the compiler).
When not constructing a protocol tree, quit "dissect_ldap()" after
dissecting the first operation - we don't need to dissect the others.
svn path=/trunk/; revision=1768
|
|
protocol type 0x0c in AIX iptrace is used for the IBM SP switch
devices. Encoding is RAW IP...
svn path=/trunk/; revision=1767
|
|
protocol, which is DNS-derived; hopefully, Microsoft won't shovel any
more stuff into NBNS (I suspect that they ultimately want to make DNS
replace it completely), so it won't pick up stuff such as OPT RRs.
As such, we don't need to export "add_opt_rr_to_tree()", so make it
static to "packet-dns.c".
svn path=/trunk/; revision=1766
|
|
svn path=/trunk/; revision=1765
|
|
put them under "Edit" a while ago.
svn path=/trunk/; revision=1764
|
|
standard output, in the rules to get Flex to produce scanner code; that
way, if Flex fails to run for some reason, we don't leave around a
zero-length or otherwise incorrect "XXX-scanner.c" file that might
keep a subsequent make from thinking it has to generate that file.
svn path=/trunk/; revision=1763
|
|
svn path=/trunk/; revision=1762
|
|
broadcast flag in DHCP packets.
svn path=/trunk/; revision=1761
|
|
svn path=/trunk/; revision=1760
|
|
From: Greg Hankins <gregh@twoguys.org>
svn path=/trunk/; revision=1759
|
|
Ethereal/win32 now supports command-line options.
Tethereal now compiles on win32, except for the fact that I haven't
put the Makefile.nmake changes in for that yet.
svn path=/trunk/; revision=1758
|
|
On Win32, always save a temporary capture file by copying -
Win32 systems don't allow you to rename a file that is open, and
we have the temporary file open.
When saving by copying the raw bytes of a capture file, create
the target file with "open()", using the O_BINARY flag, rather
than with "creat()"; on Win32 systems, "creat()" apparently
opens the file as a text file rather than a binary file.
svn path=/trunk/; revision=1757
|
|
svn path=/trunk/; revision=1756
|
|
"filters" file (we also make it a #define so you only have to change it
in one place).
svn path=/trunk/; revision=1755
|
|
svn path=/trunk/; revision=1754
|
|
Change GRE dissector to call dissect_ppp() instead of dissect_payload_ppp().
svn path=/trunk/; revision=1753
|
|
svn path=/trunk/; revision=1752
|
|
octet strings, as well as the primitive encoding (if we ever run into a
protocol where the constructed encoding is allowed).
svn path=/trunk/; revision=1751
|
|
the glib equivalents ...
svn path=/trunk/; revision=1750
|
|
svn path=/trunk/; revision=1749
|
|
Use glib as far as possible. Currently have data structures and routines
defined ... Next will write the routines ...
svn path=/trunk/; revision=1748
|
|
svn path=/trunk/; revision=1747
|
|
buffer directly.
Don't use "strlen()" to determine how much Telnet data there is; we have
the number of bytes of Telnet data in a variable, and using "strlen()"
makes it not correctly handle Telnet data with '\0' in it.
Correctly handle Telnet options we don't know about.
General cleanup.
svn path=/trunk/; revision=1746
|
|
byte sequences in display filters to byte arrays. This was caused
by a duplicate g_strdup() in my code.
svn path=/trunk/; revision=1745
|
|
handle data (snoop does this, and it's somewhat convenient if you're
trying to see whether, say, an ACCESS call is acting on the file whose
file handle you got back from a previous MOUNT request).
Boost the maximum number of bytes worth of hex data shown by
"bytes_to_str()" from 10 to 16, so that we can show the file handle 16
bytes per line (as snoop does).
svn path=/trunk/; revision=1744
|
|
svn path=/trunk/; revision=1743
|
|
svn path=/trunk/; revision=1742
|
|
Free it as soon as we're at the end of the sequential pass through the
file; that way, if we keep the capture file open with Wiretap even after
that's done (as I may do as part of some stuff I'm working on), we
at least aren't hanging on to the frame table memory after that point.
svn path=/trunk/; revision=1741
|
|
from the frame table - Network Monitor 2.x, at least, doesn't always
write frame N+1 right after frame N.
To do that, we need to mallocate a big array to hold the frame table,
and free it when we close the capture file; this requires that we have
capture-file-type-specific close routines as well as
capture-file-type-specific read routines - we let it the pointer to that
routine be null if it's not needed. Given that, we might as well get
rid of the switch statement in "wtap_close()", in favor of using
capture-file-type-specific close routines, as per the comment before
that switch statement.
svn path=/trunk/; revision=1740
|
|
Vendor-specific decoding (shows at least the Vendor), from Florian
Lohoff.
svn path=/trunk/; revision=1739
|