Age | Commit message (Collapse) | Author | Files | Lines |
|
(NWLink), are sufficiently different that they should be handled in
different routines.
Change the decode to match NetMon a bit more.
svn path=/trunk/; revision=631
|
|
to turn NetBIOS names into a nice printable form.
Put the description of NetBIOS name types into places where it fits;
have "packet-netbios.c" export a routine to interpret them.
svn path=/trunk/; revision=630
|
|
according to what NetMon thinks the bits are).
svn path=/trunk/; revision=629
|
|
That makes the space of name types even more sparse; use "val_to_str()"
to decode them, rather than an indexed table.
Make a "process_netbios_name()" routine that shows non-printable
characters in NetBIOS names as <XX>, where "XX" is the value of the
character in hex (the way Network Monitor does), and have
"get_netbios_name()" use it (NetBIOS-over-TCP will be made to use it in
the future).
When displaying NetBIOS names, include the name type character at the
end, in angle brackets, the way Network Monitor does (show it in hex
even if it *is* printable - 0x20 is 0x20, not "space", in that context).
svn path=/trunk/; revision=628
|
|
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
|
|
don't seek around it - some implementations of the standard I/O library
routines (e.g., the ones in Solaris 2.5.1, at least) appear not to be
clever enough to handle seeks that occur within the buffer by moving the
current buffer position; instead, they do a seek on the underlying file
descriptor *and* appear to throw out the buffer, forcing them to do
another read.
Instead, read it into a buffer.
svn path=/trunk/; revision=626
|
|
header fields we don't look at - some implementations of the standard
I/O library routines (e.g., the ones in Solaris 2.5.1, at least) appear
not to be clever enough to handle seeks that occur within the buffer by
moving the current buffer position; instead, they do a seek on the
underlying file descriptor *and* appear to throw out the buffer, forcing
them to do another read.
Instead, read the entire record header into a structure, and pick the
relevant bits out of it.
Also, skip over the FCS in LAPB captures by reading it rather than
seeking around it (should we put it in the pseudo-header?).
svn path=/trunk/; revision=625
|
|
directory in which the UCD SNMP library is found (and to check for the
UCD SNMP stuff in "$prefix" if "$prefix" isn't "/usr/local"), and to
have "Makefile.am" use "$(MAKE)" rather than "make".
svn path=/trunk/; revision=624
|
|
preferences, and menus to gtk subdirectory.
svn path=/trunk/; revision=623
|
|
subdirectories of "$prefix", if "$prefix" is neither "/usr" nor
"/usr/local".
svn path=/trunk/; revision=622
|
|
include "snprintf.h" to declare it.
svn path=/trunk/; revision=621
|
|
svn path=/trunk/; revision=620
|
|
be truncated - treat a record with a data length of 0 as an end of file.
svn path=/trunk/; revision=619
|
|
svn path=/trunk/; revision=617
|
|
patch.
svn path=/trunk/; revision=616
|
|
svn path=/trunk/; revision=615
|
|
script. The configuration is faster this way. Also, moved version to 0.7.3.
svn path=/trunk/; revision=614
|
|
all, not just before the third time you use it....
svn path=/trunk/; revision=613
|
|
Use "pletohs()" and "pletohl()" to access 16-bit and 32-bit fields in
the file and packet headers, as those fields are little-endian.
svn path=/trunk/; revision=612
|
|
their existence is checked), some FT_BOOLEAN-related functions in dfilter.c
are no longer called. So I removed them.
svn path=/trunk/; revision=611
|
|
svn path=/trunk/; revision=610
|
|
svn path=/trunk/; revision=609
|
|
a protocol occurs only once in a packet. Because of encapsulation (IP within
IP), a protocol can occur more than once. I don't have a packet trace
showing such a packet, but the code should handle it now. The one thing
that it cannot do, though, is differentiate the levels. It might be
nice to say:
ip{1}.src == 192.168.1.1 && ipx{2}.dst == 10.0.0.1
In the dfilter grammar I had left IPXNET variables out of the list
of variables that could be checked for existence. Now you can check
for the existence of ipx.srcnet and ipx.dstnet. Hurrah.
svn path=/trunk/; revision=608
|
|
Remove debugging statements from colors.c.
Add blurb about Match Selected and Colorization to man page.
svn path=/trunk/; revision=607
|
|
svn path=/trunk/; revision=606
|
|
svn path=/trunk/; revision=605
|
|
that the only options that contain *no* length byte are the IP and TCP
EOL and NOP options so that we can treat unknown options as
VARIABLE_LENGTH with a minimum of 2, and at least be able to move on to
the next option by using the length in the option, rather than just
reporting the unknown option and processing no options after it.
svn path=/trunk/; revision=604
|
|
is pointed to by 'row_list_end', otherwise use 'g_list_nth()'" stuff
inside a macro.
Use that macro in place of an additional "g_list_nth()" call.
svn path=/trunk/; revision=603
|
|
filters by checking whether the structure pointed to by "cf->colors" has
a non-zero "num_of_filters", not a non-null "color_filters" (the latter
points to the CList widget holding the list of filters, and may be
non-null even if there currently aren't any filters).
svn path=/trunk/; revision=602
|
|
of option code, one octet of length (which includes the two option code
and length bytes), followed by 0 or more octets of option data, with
some options being fixed-length and some being variable-length. Put
some stuff from the PPP control protocol option parsing code into the
IP-and-TCP option parsing code, and use the latter instead of the
former.
(That code might also be usable for CDP as well, with some stuff added
to it.)
Shuffle the arguments to "dissect_ip_tcp_options()" to resemble those of
various other dissectors (i.e., with the "proto_tree *" at the end).
Add in code to dissect a pile of PPP options documented in various RFCs.
svn path=/trunk/; revision=601
|
|
one byte in the hexdump.
svn path=/trunk/; revision=600
|
|
the IP layer, leaving the lower layer's abbreviation in the protocol column.
svn path=/trunk/; revision=599
|
|
svn path=/trunk/; revision=598
|
|
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
|
|
read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.
svn path=/trunk/; revision=596
|
|
svn path=/trunk/; revision=595
|
|
svn path=/trunk/; revision=594
|
|
optimized gtkclist until Guy's changes appear in the offical GTK+.
svn path=/trunk/; revision=593
|
|
bits and is definitely not 32 bits on some platforms).
svn path=/trunk/; revision=592
|
|
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:
tr.sr
or by its negation:
!tr.sr
svn path=/trunk/; revision=591
|
|
svn path=/trunk/; revision=590
|
|
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.
svn path=/trunk/; revision=589
|
|
svn path=/trunk/; revision=588
|
|
strings....) Thanks to Tom Gallagher at Madge for pointing this out.
svn path=/trunk/; revision=587
|
|
svn path=/trunk/; revision=586
|
|
svn path=/trunk/; revision=585
|
|
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).
svn path=/trunk/; revision=584
|
|
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
|
|
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
|
svn path=/trunk/; revision=581
|