Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=28673
|
|
support for vendor-specific IEs. Fix variable-length record handling. Add
conversation tracking to the UDP dissector and add process flow
information to TCP and UDP conversations.
This lets us run process flow collectors on one or more machines and
have the process username, PID, command name, etc. show up in the TCP
and UDP protocol trees.
svn path=/trunk/; revision=28366
|
|
"tcp.stream", this will make it possible to sort packets by
tcp stream, filter tcp streams exactly, etc.
It is also the preparation for a fix for bug 1447
svn path=/trunk/; revision=26305
|
|
flight on a tcp connection.
this is quite useful toghether with io-grapgs to track how much of the
tcp window that an application actually uses
svn path=/trunk/; revision=26067
|
|
Enhancement providing parsing capability for TCP Options 20 & 21 (IANA assigned).
svn path=/trunk/; revision=25991
|
|
New dissector for RTMP(T) protocol
via bug #2078
svn path=/trunk/; revision=23902
|
|
tcp.time_relative ==> the time that has elapsed since the
first packet that was seen in the current TCP stream
tcp.time_delta ==> the time that has elapsed since the
last packet that was seen in the current TCP stream
Calculating these timestamps is turned off by default to not
use the extra memory that is needed for the per-packet-data.
It can be turned on through the TCP protocol preferences
svn path=/trunk/; revision=22966
|
|
SSL/TLS desegmentation
svn path=/trunk/; revision=21346
|
|
svn path=/trunk/; revision=19949
|
|
there used to be a bug in tcp reassembly that even if the dissector only asked for x more bytes from the next segment the entire segment would still be added to reassembly.
this caused some issues when there was a new multisegment pdu that started at the end of the segment but this bug was fixed when tcp reassembly was refactored semi-recently.
there was also another "bug" in the http reassembly that it would only ask for one more byte at a time when doing reassembly.
this did work well however when we still had the bug in tcp reassembly but made wireshark become very very very slow once this tcp bug was fixed since it is very very very slow to reassemble a huge http pdu just one byte at a time.
this patch adds partial support (what we need for http which does not use tcp_dissect_pdus() ) for the desegmentation flag : DESEGMENT_ONE_MORE_SEGMENT and also to the http dissector so that reassembly of http headers spanning multiple semgents now become fast again
svn path=/trunk/; revision=19859
|
|
tcp_dissect_pdus() to also include a packet_info pointer.
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
|
|
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
|
|
svn path=/trunk/; revision=18894
|
|
svn path=/trunk/; revision=18196
|
|
now that we have se_tree_lookup32_le we can do the tracking of pdu boundaries much more efficiently.
track pdu boundaries by a new tcp_multisegment_pdu structure that is indexed by sequence numbers and let this structure replace the older tcp_next_pdu structure.
with se_tree_lookup32_le we no longer need to track segment by segment and can get rid of the two hash tables
tcp_pdu_tracking_table
tcp_pdu_skipping_table
Neither do we need the tree tcp_pdu_time_table anymore so that one is gone as well.
remove various other functions that are no longer needed due to removing the structure and the tables/tree
this part of the code shoul;d be much more readable now and also a bit faster
svn path=/trunk/; revision=18024
|
|
acked_packets (i.e. packets that have interesting tcp properties such as being retransmissions etc) hang off the per conversation tcpd struct instead of being global.
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
|
|
need it hanging around.
only call subdissectors for packets that are NOT keepalives nor zerowindowprobes.
keepalives only contain garbage anyway
and zerowindowproes just contain a single byte of incomplete data so whats the point trying to dissect it further.
svn path=/trunk/; revision=17443
|
|
cleaner and easier to maintain and extend.
i have tested it with many captures but this used to be fragile and delicate code so there might be some regressions that will need to be addressed once identified.
svn path=/trunk/; revision=17107
|
|
A minor change to the prototype of tcp_dissect_pdus()
which uses the function pointer type from packet.h
svn path=/trunk/; revision=14535
|
|
svn path=/trunk/; revision=13732
|
|
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
|