Age | Commit message (Collapse) | Author | Files | Lines |
|
sensitive only if there *are* marked frames.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4341 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4340 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
read is Visual UpTime.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4339 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
type fields in OSPFv3 packets.
Clean up white space.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4338 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4337 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4336 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4335 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
files would put a 32-bit quantity on a 16-bit boundary without padding;
this means that many compilers will insert the padding and thus make the
structure not match what's in the file.
Instead of using a C structure, #define values for the offsets of
fields, read the header into an array of bytes, and extract values using
the offsets.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4334 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
rename.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4333 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4332 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4331 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
formats we can read (and to put them in the order in which they're
mentioned in the man pages, to make it easier to make sure the lists are
the same).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4330 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
and writing Visual Networks traffic capture files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4329 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4328 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
later trace formats that have an ASCII dump at the end of the line.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4327 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4326 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
insensitive, make its label sensitive or insensitive too.
When "update list of packets in real time" mode is on, make the ring
buffer mode toggle button, and the "number of ring buffer files" spin
button, insensitive, as ring buffer mode is not supported in "update
list of packets in real time" captures.
When "update list of packets in real time" mode is off, make the
auto-scroll mode button insensitive, as auto-scroll mode is meaningless
unless you're doing an "update list of packets in real time" capture.
Bundle all the sensitivity setting into a single common routine.
Make "ring buffer" two words.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4325 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4324 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4323 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4322 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"prefs_module_foreach()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4321 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4320 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
SPIs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4319 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
only there's TCP in the current frame and it will be set to PT_UDP only
if there's UDP in the current frame. As such, there's no need to check
"ipproto" before checking "ptype" - and we should check "ptype" as well
as "ipproto" when deciding whether we'll put up a "Decode As" dialog
with anything in it.
(Not that there's anything other than IPv4 or IPv6 over which we
currently dissect TCP or UDP....)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4318 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
whether the port type is PT_TCP or PT_UDP, don't check the IP protocol
type at the network layer (except to check whether it's set at all, to
decide whether it's IP/IPv6 - if it's not, the transport isn't TCP or
UDP); that way, we don't have to keep track of which IP protocol numbers
are being decoded as TCP or UDP.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4317 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4316 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4315 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
plugin APIs, and add the new "dissector_add_handle()".
Add an entry in the dissector table structure for
"create_dissector_handle".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4314 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
IP protocol numbers to be decoded as TCP and as UDP should be reset as
well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4313 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pointer to a "struct dissector_table", containing a pointer to a hash
table and a pointer to a list of handles. Fix
"dissector_all_tables_foreach_func()" to understand that.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4312 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissector table contain both a hash table, to use to look up port
numbers to find a dissector, and a list of all dissectors that *could*
be assigned to ports in that hash table, to be used by user interface
code.
Make the "Decode As" dialog box code use that.
Also make it *not* let you choose whether to set the dissector for both
the UDP and TCP versions of a port; some protocols run only atop TCP,
some run only atop UDP, and even those that can run atop both may have
different dissector handles to use over TCP and UDP, so handling a
single merged list would be a mess. (If the user is setting the
dissector for a TCP port, only those protocols that Ethereal can handle
over TCP should be listed; if the user is setting the dissector for a
UDP port, only those protocols that Ethereal can handle over TCP should
be listed; if the user is setting a dissector for both, only those
protocols that Ethereal can handle over *both* TCP *and* UDP should be
listed, *and* there needs to be a way to let the "Decode As" code get
both the TCP handle *and* the UDP handle and use the right ones. If
somebody really wants that, they need to implement all of the above if
they want the code to be correct.)
Fix the code that handles setting the dissection for the IP protocol
number to correctly update the lists of protocols being dissected as TCP
and as UDP; the code before this change wasn't updating the single such
list to add new protocols.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4311 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
if found, return the dissector handle for that port.
Use that routine in the X.25 dissector; revert to attaching a dissector
handle to an X.25 virtual circuit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4310 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
current calling sequence for "dissector_add()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4309 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4308 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4307 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
rather than a function pointer, "dissect_wtp_fromudp()" no longer needs
to be global; make it static, register it by name, and have the WSP
dissector get the handle by calling "find_dissector()" rather than by
constructing its own handle for it.
Fix up some attributions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4306 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4305 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a subdissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4304 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4303 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Handle ISO 8602 as a protocol ID on top of X.25.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4302 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Adds an "Add Expression..." button to the color filter
creation dialog.
Improve the look of the "Add color to protocols" window.
Clean up some ugly code.
Give John credit in the AUTHORS file for the coloring stuff.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4301 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
identifier, but means X.29 when used as an X.263/ISO 9577 secondary
protocol identifier.
Add support for the IPv6 NLPID, and Ethernet type, in more places.
Fix up the handling of the user data of a CALL REQUEST packet to more
correctly distinguish between user data containing an NLPID and user
data containing an X.264/ISO 11570 UN TPDU. If it's an NLPID, use
"nlpid_vals" to show its value.
Put that user data in a subtree.
Create a new "x.25.spi" dissector table, for protocols running atop
X.25, rather than having a built-in switch statement, so that other
protocols can register themselves by NLPID.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4300 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4299 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Relay dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4298 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4297 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4296 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
it; it'll be null if the matching request hasn't been seen.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4295 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4294 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
for ReadAndX and WriteAndX.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4293 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"smb_saved_info_t" in the table of requests whose replies have been
found, don't look it up in the table of requests whose replies have not
been found - if the request in question has no reply in the capture,
that may find some later frame in the same conversation with the same
MID, and we don't need that information anyway - the only reason we
*need* that structure is to save information in it for use when
processing its reply, and we already did that the first time we
processed the request. (The information for the later frame may be bad,
e.g. having a null "extra_info" pointer, or having one that points to
information for another request.)
Arrange that we don't use the pointer to the "smb_saved_info_t" when
processing a request except to save information if the request hasn't
already been processed, as that pointer may not be valid if the request
has already been processed, as per the above.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4292 f5534014-38df-0310-8fa8-9805f1628bb7
|