| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
a file in the top-level directory.
svn path=/trunk/; revision=2946
|
|
running quite as far to the right.
svn path=/trunk/; revision=2945
|
|
svn path=/trunk/; revision=2944
|
|
either with a table of old-style dissectors or a table of tvbuffified
dissectors, and have the RPC dissector pass the appropriate arguments to
the dissectors.
Finish tvbuffifying the NLM dissector, getting rid of the last traces of
old-style dissector code.
In those routines in the NFS dissector that take new-style arguments
(because they're called from the NLM dissector), make them take an
offset as an argument, so they don't assume that they're handed a tvbuff
starting at the stuff they're supposed to dissect, and make the versions
that take old-style arguments construct a tvbuff and call the versions
that take new-style arguments. Do the latter with the routines in
"packet-rpc.c" as well.
svn path=/trunk/; revision=2943
|
|
HAVE_XXX_H if xxx.h is present, but doesn't recognize AC_CHECK_HEADER as
such, and thus doesn't put anything about HAVE_XXX_H into "config.h.in",
and thus HAVE_XXX_H doesn't get defined even if xxx.h is present.
svn path=/trunk/; revision=2942
|
|
svn path=/trunk/; revision=2941
|
|
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
|
|
(We really need to put in some rudimentary 64-bit integer support, for
the benefit of platforms+compilers that don't support it; the
floating-point calculations we're doing now appear not to get exactly
the right answer, from an experiment at reading a NetMon 2.x file and
writing it back out as NetMon 2.x with editcap.)
svn path=/trunk/; revision=2939
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
"Tvbuffify" the Mobile IP dissector (it took old-style arguments, and
then converted them into tvbuff arguments, so there wasn't much to do,
other than to fix references to "fd" to refer to "pinfo->fd").
In the SCTP dissector, refer to the port type and source and destination
ports through "pinfo" rather than through the global "pi", as it's a
tvbuffified dissector.
In the SMTP and Time Protocol dissectors, use "pinfo->match_port" rather
than "TCP_PORT_SMTP" when checking whether the packet is a request or
reply, just in case somebody makes a non-standard port be dissected as
SMTP or Time. (Also, remove a bogus comment from the Time dissector; it
was probably cut-and-pasted from the TFTP dissector.)
svn path=/trunk/; revision=2938
|
|
Digital^H^H^H^H^H^H^HTru64 UNIX, but make the note about DU 3.2 a bit
speculative (I don't have 3.2 documentation handy to check whether, for
example, you can use "doconfig" interactively).
Add a note about using "doconfig" interactively - the Tru64 UNIX FAQ
mentions that in its not on using tcpdump.
Expand on the discussion of "pfconfig" to explain that you're also
enabling "local copy" mode, and to mention the "-a" option to let you
enable local copy and promiscuous mode on all devices, and to explain
*why* you want to enable local copy and promiscuous mode. Also, in the
example pfconfig command, put the network device name at the end - the
Tru64 UNIX FAQ, and the pfconfig man page, both put it there.
svn path=/trunk/; revision=2937
|
|
Also, print unsigned quantities with %u, not %d.
svn path=/trunk/; revision=2936
|
|
svn path=/trunk/; revision=2935
|
|
delete event on that window, revert all the protocol enabling settings
to the values they had when the dialog box was first popped up.
svn path=/trunk/; revision=2934
|
|
svn path=/trunk/; revision=2933
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
svn path=/trunk/; revision=2932
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
|
|
we might want to give them different blurbs at some point (the
filter-expression construction dialog currently shows both of them as
just "Universal Address"; it'd have to somehow use the blurb if we
wanted to make it obvious what they are).
svn path=/trunk/; revision=2930
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Make the IP dissector static, as it's called only via dissector tables
or dissector handles. Also make the "dissect the TOS field as the
DiffServ DS field" flag static, as it's not referred to outside of
"packet-ip.c".
In the NCP dissector, refer to the port type through "pinfo" rather than
through the global "pi", as it's a tvbuffified dissector.
svn path=/trunk/; revision=2929
|
|
statements.
Move the setting of the Protocol column in the Appletalk ARP and IPX
dissectors before anything is fetched from the packet, and also clear
the Info column at that point in those and some other dissectors, so
that if an exception is thrown, the columns don't reflect the previous
protocol.
Fix the registration of the IPX RIP dissector to use the right protocol
ID.
svn path=/trunk/; revision=2928
|
|
"pinfo->current_proto", in dissectors always called through dissector
tables and handles.
Make the IEEE 802.11 dissector static, as it's not called externally.
Clear the Info column in the Linux cooked capture and 802.1q VLAN
dissectors, before extracting anything from the packet, so that if an
exception is thrown, the Info column doesn't reflect the previous
protocol.
Don't extract the encapsulated protocol in the VLAN dissector until you
use it, so that if the frame contains the VLAN ID but not the
encapsulated protocol, we at least put the VLAN ID into the protocol
tree.
svn path=/trunk/; revision=2927
|
|
"pinfo->current_proto"; dissectors called only through dissector tables
and handles don't need to do either of those, as the dissector table and
handle code will do it for them. (Dissectors called directly, or
dissectors that can be attached to conversations, still have to do it
themselves.)
Register the PPP Multilink Protocol, PPP Link Control Protocol, and PPP
IP Control Protocol as official protocols, and register them in PPP's
dissector table rather than having PPP handle them specially; change
"dissect_cp()" to take a protocol ID, get the protocol short name
information from it, and use the protocol ID for the top-level protocol
tree item.
Set the Protocol column in the PPP Multilink Protocol dissector, and set
the Info column before extracting anything from the frame, so that if an
exception is thrown, the Info and Protocol columns will reflect that the
packet is supposed to be a PPP Multilink Protocol frame.
Make the "First fragment" and "Last fragment" flags in the PPP Multilink
Protocol header boolean bitfields, and let "proto_tree_add_boolean()" do
all the heavy lifting when displaying them, rather than doing it by
hand.
Don't extract the sequence number in the PPP Multilink Protocol until
you're ready to put it into the tree, just in case the captured packet
includes the flags but not the sequence number.
Clean up the code to check the FCS of PPP frames - extract it with
"tvb_get_letohs()" or "tvb_get_letohl()", don't extract it byte-by-byte
and then put it together yourself.
svn path=/trunk/; revision=2926
|
|
handle, and make them static.
svn path=/trunk/; revision=2925
|
|
lists in all filter dialog boxes are updated to reflect reality. (The
poor man's model-view.)
svn path=/trunk/; revision=2924
|
|
what they were popped up for.
svn path=/trunk/; revision=2923
|
|
selection change event on the list of filters. Unfortunately, this can
happen after some other widgets in that dialog box have already been
destroyed - including some of the widgets that such a selection change
event can change.
This sometimes happened when "filter_prefs_delete()" hadn't been called,
so the mechanism we had been using, with a Boolean datum attached to the
dialog box, set in "filter_prefs_delete()" before we actually destroy
the dialog box, wasn't sufficient to keep that from happening.
Attach to the top-level window data items containing pointers to the
widgets changed when a filter is selected from the list, give each of
those widgets their own destroy callbacks, clear the pointer attached to
the top-level widget when the widget is destroyed, and don't do anything
to the widget when a filter is selected from the list if the pointer for
that widget is null, as that means the widget's been destroyed and we
*can't* do anything to it.
Not all filter editing dialogs created on behalf of a "Filter:" button
next to a text entry box should, when you click "OK", activate the text
entry box; if the text entry box is part of a dialog box with multiple
widgets, the user might not have filled in all of the items in that
dialog box, so you shouldn't activate it for them. Add a mechanism by
which, when creating a filter editing dialog box, you can specify
whether the "OK" button should just fill in the text entry box or should
fill it in and also activate it.
svn path=/trunk/; revision=2922
|
|
just NLM v1 plus some stuff for use by DOS/Windows clients, according to
The Open Group's "XNFS, Version 3W" ("This document describes version 3
which is backward compatible with versions 1 and 2."); copy the NLM v1
table of dissectors to the tables for NLM v2 and NLM v3.
Mark all procedures for which we lack reply dissectors and for which
there *is* a reply type, or for which we lack call dissectors and for
which there is a call type, with /* XXX */.
svn path=/trunk/; revision=2921
|
|
really means.
Make the "XXX_proc" arrays static.
svn path=/trunk/; revision=2920
|
|
with SSL support, from Andy Hood.
svn path=/trunk/; revision=2919
|
|
which includes the NLM spec.
Fix a comment to reflect what a null function pointer in a "vsff" table
really means.
Make the "nlm<N>_proc" arrays static.
Fill in the reply dissector pointers for some entries, and flag some of
those that need to be filled in with /* XXX */.
svn path=/trunk/; revision=2918
|
|
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
|
|
to "ethertype()".
svn path=/trunk/; revision=2916
|
|
into "ethertype()".
svn path=/trunk/; revision=2915
|
|
dissector for a particular type of RPC request or reply.
Always call that dissector, regardless of whether we're building a
protocol tree or not.
svn path=/trunk/; revision=2914
|
|
svn path=/trunk/; revision=2913
|
|
the static table of RPC calls and responses; this meant that, in some
cases, I could click on a reply packet and it'd just be shown as a UDP
packet in the protocol tree window, but if I then click on the matching
request and click on the reply again, it'll show it as an RPC reply to
the call in question.
Replace the static table with a GHashTable, which grows as necessary.
svn path=/trunk/; revision=2912
|
|
headers, we look at REC_HEADER2 records).
svn path=/trunk/; revision=2911
|
|
REC_HEADER2 encapsulation type.
Modified skip_header_records to accept REC_HEADER3-REC_HEADER7.
These header records would cause file read error if the capture file was
compressed.
svn path=/trunk/; revision=2910
|
|
*future* version, not of 1.4, which is the *current* version - i.e.,
it's newer than 1.4) complains, if "dfilter-grammar.c" and
"dfilter-scanner.c" are part of "EXTRA_libethereal_a_SOURCES", that
"dfilter-grammar.o" is built both from "dfilter-grammar.c" and
"dfilter-grammar.y", and that "dfilter-scanner.o" is built both from
"dfilter-scanner.c" and "dfilter-scanner.l", and refuses to build
"Makefile.in".
Moving them to "EXTRA_DIST" makes 1.4b happy.
Automake 1.4 allows them either to be in "EXTRA_libethereal_a_SOURCES"
or in "EXTRA_DIST"; the only difference between the generated
"Makefile.in" files is which of those two variables the files are in,
and the only difference that makes is that it keeps those two files out
of "SOURCES", which means that "make ID" doesn't include them in the
files it looks at, and "make TAGS" and "make tags" don't include them in
the files they look at. I'm not sure whether the tags file should be
built from "dfilter-grammar.y" and "dfilter-scanner.l", or from
"dfilter-grammar.c" and "dfilter-scanner.c"; the former means you see
the real source file, not the generated source file, if you look for a
symbol defined in one of those files, while the latter means you can
look for symbols in code generated by YACC/Bison or Flex.
In either case, the generated files go into the distribution tarball,
which is what we want.
For now, we go with what makes Automake 1.4b happy.
svn path=/trunk/; revision=2909
|
|
returns NULL and do something appropriate if it does so; instead, use
"val_to_str()", and let *it* worry about the value passed to it not
having a corresponding string.
svn path=/trunk/; revision=2908
|
|
Remove one level of indentation from a "switch()" statement, so as not
to oblige those of who use 80-column windows for editing (and will
continue to do, arguments against it nonwithstanding; I *like* being
able to have lots of windows open and visible) to have to play too many
games in order to be able to work on this code.
svn path=/trunk/; revision=2907
|
|
"guint8", not a "char".
Do not use "match_strval()" unless you're prepared to check whether it
returns NULL and do something appropriate if it does so; instead, use
"val_to_str()", and let *it* worry about the value passed to it not
having a corresponding string.
svn path=/trunk/; revision=2906
|
|
svn path=/trunk/; revision=2905
|
|
headers, we look at REC_HEADER2 records).
svn path=/trunk/; revision=2904
|
|
skip_header_records call because skip_header_records function
may set the field based upon the header records
svn path=/trunk/; revision=2903
|
|
"Internetwork analyzer" capture, from Jeff Foster. (It's not a
replacement for the heuristics, as
1) at least one PPP capture doesn't have a type 7 record
and
2) LAPB/X.25 and LAPD/ISDN might both be "HDLC" captures and
we'd need to figure out how to tell them apart.)
svn path=/trunk/; revision=2902
|
|
Management Domain item to just add a single line, in CDP packets, from
Kent Engstr�m.
svn path=/trunk/; revision=2901
|
|
not kill the goat with the *correct* sort of knife, on the *correct*
altar, and drink its blood from the *correct* goblet at the *correct*
temperature, he will wreak his revenge, perhaps, for example, causing
all your crops to sprout bearing bright green and pink polka-dots.
Add an extra 3 microns to the tip of the blade, so that the Automake God
will not be angry and fail to generate rules to install man pages. (It
would have been nice had the sacred scrolls described that particular
incantation, but so it goes....)
While we're at it, get rid of "EXTRA_MANS"; it doesn't appear to be
necessary (but such hubris may, of course, bring down the wrath of the
Automake God upon me - you can't just get rid of EXTRA_PROGRAMS, for
example, as the Automake God then forgets how to handle "ethereal_LDADD"
and the like - although in a test run the generated Makefile.in didn't
*appear* to have anything missing other than a definition of EXTRA_MANS,
which it didn't use and so presumably wouldn't miss).
svn path=/trunk/; revision=2900
|
|
type, so "netbios_add_name()" doesn't need to check for it doing so
(yes, the tvbuff stuff *does* catch "get_netbios_name()" running past
the end of the packet, and causes an exception to be thrown). Get rid
of the check, and get rid of "netbios_add_name()"s return value.
In "dissect_nbipx_dg()", always call the SMB dissector if there's data
left in the packet, regardless of whether the "tree" argument is null or
not; subdissectors should always be called, so they can build any
internal state on the first pass through the capture, and so that they
can fill in the Protocol and Info columns.
svn path=/trunk/; revision=2899
|
|
XXX - this causes the Info column for M3UA packets to have stuff from
SCTP as well as M3UA, but doesn't cause the Protocol column to say
"SCTP/M3UA", just "M3UA"; fixing that requires that the M3UA dissector
be able to find out whether it's already put "/M3UA" into the Protocol
column, but I Have A Cunning Plan to handle that which might also allow
display filters containing only protocol names (i.e., filters that care
only whether a given packet contains data for a given protocol) to run
much faster.
svn path=/trunk/; revision=2898
|
|
packets.
svn path=/trunk/; revision=2897
|
