Age | Commit message (Collapse) | Author | Files | Lines |
|
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
|
|
heuristic dissection;
Rename some vars;
Do some minor re-indentation and whitespace changes.
svn path=/trunk/; revision=40601
|
|
svn path=/trunk/; revision=40309
|
|
trough the proto dialouge.
svn path=/trunk/; revision=40215
|
|
svn path=/trunk/; revision=38881
|
|
svn path=/trunk/; revision=36412
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
|
|
svn path=/trunk/; revision=32361
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
svn path=/trunk/; revision=32360
|
|
svn path=/trunk/; revision=31961
|
|
(enum constant names are part of the global name space).
(Fixes at least one gcc -Wshadow warning).
svn path=/trunk/; revision=31572
|
|
deprecates add_new_data_source(). This is based on the following observation:
1) The tvb + name (aka. data_source) is only used when the protocol tree is visible
The current implementation of add_new_data_source() doesn't take this into account and simply allocates a data_source regardless. This is what packet_add_new_data_source() tries to rectify.
A couple of dissectors have already been switched over to the new packet_add_new_data_source(). Many are still missing. Help appreciated!
svn path=/trunk/; revision=29427
|
|
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.
svn path=/trunk/; revision=29066
|
|
to be made in the protocols list. Used by asn2wrs dissectors to avoid multiple entrys as calls are made
multiple times for the same PDU.
svn path=/trunk/; revision=28106
|
|
svn path=/trunk/; revision=26659
|
|
Implement dissector for IPMB (DLT_IPMB_LINUX, 209).
svn path=/trunk/; revision=25986
|
|
svn path=/trunk/; revision=25344
|
|
svn path=/trunk/; revision=25342
|
|
That means that G_GINT64_MODIFIER will be defined, so don't check
whether it's defined.
We don't use the PRI[douxX]64 macros, as we use the GLib print routines
and thus use G_GINT64_MODIFIER instead. Get rid of the checks for
whether inttypes.h defines PRI[douxX]64; just check whether it exists at
all.
That means we don't set INTTYPES_H_DEFINES_FORMATS, so don't check for
it.
svn path=/trunk/; revision=25243
|
|
Adds a heur_dissector_delete() function to allow heuristic dissectors to be
dynamically disabled based upon, for example, preference settings.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1697
svn path=/trunk/; revision=22463
|
|
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
|
|
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
...
#ifdef __cplusplus
}
#endif /* __cplusplus */
wrappers into some header files, for the benefit of C++ plugins. Also,
add multiple-include protections.
svn path=/trunk/; revision=20485
|
|
- Separate tfs.[ch]
- Add larger sample collection
- Properly export DATA
svn path=/trunk/; revision=20373
|
|
svn path=/trunk/; revision=18197
|
|
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
|
|
svn path=/trunk/; revision=15242
|
|
Removed (very few) casts that only change the warning message
but don't remove it (with gcc-4).
svn path=/trunk/; revision=15227
|
|
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
|
|
svn path=/trunk/; revision=15015
|
|
svn path=/trunk/; revision=14700
|
|
A few doxygen updates and an improved section on
writing dissectors that don't use tcp_dissect_pdus().
svn path=/trunk/; revision=14537
|
|
protocol during different stages of an application cycle.
This is very naughty and will cause problems when we have assigned a dissector to a dynamic port using conversation_set_dissector().
To make ethereal handle this case I have changed the try_conversation_dissector() to allow it to fail and return 0, meaning yes there is indeed a protocol registered for this conversation but that protocol rejected this packet.
(which only happens for "new" style dissectors, "old" style dissectors will never reject a packet that way)
When this happens the decode_udp_port() helper will still allow other dissectors to be tried, in the hope that the conversation is now used for some other protocol and thus someone else might be able to decode the packet.
Update SNMP and TFTP dissectors to check that even if there already is a conversation but that conversation does NOT have snmp/tftp registered as the dissector for it, then create a new conversation anyway and attach the proper dissector.
Since ethereal keeps track of which frame number a conversation started in, this actually works really well.
svn path=/trunk/; revision=14345
|
|
structures allocated by a dissection. Currently, it's the same as
"init_dissection()", but they should be split with "init_dissection()"
allocating the initial data structures and "cleanup_dissection()"
freeing them and *not* reallocating the initial data structures.
Use "cleanup_dissection()" in "cf_close()" to make it easier to find leaks.
svn path=/trunk/; revision=13881
|
|
svn path=/trunk/; revision=13728
|
|
svn path=/trunk/; revision=13725
|
|
filter/selector/protocol associations for each dissector. This will be
used to improve our automated tests, but someone with time on their
hands could probably use it to generate a protocol poster using Graphviz.
svn path=/trunk/; revision=13721
|
|
svn path=/trunk/; revision=12451
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
use to format 64-bit integers.
Fix the RSVP dissector to use that rather than hardcoding "%ll" in.
Remove the "only if G_HAVE_GINT64 is defined" bit from the discussion of
64-bit integers - we're too dependent on having them to support
compilers that don't have a 64-bit integral data type. Do, however,
note that neither "long" nor "long long" are acceptable, and also note
that you shouldn't assume "%ll" does the trick for printing them.
svn path=/trunk/; revision=11182
|
|
svn path=/trunk/; revision=11127
|
|
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8574
|
|
to "dissector_get_port_handle()" for uint dissector tables.
svn path=/trunk/; revision=8434
|
|
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
|
|
comparison function to use based on the type value passed in. For the
traditional unsigned integer table, require FT_UINT{8,16,24,32}; if the
type is FT_STRING or FT_STRINGZ, use the string hashing functions
instead.
Add routines for manipulating entries and looking up dissectors in
string dissector tables.
svn path=/trunk/; revision=8407
|
|
"dissector_get_port_handle()", "dissector_handle_get_short_name()",
"dissector_handle_get_protocol_index()", "new_register_dissector()", and
"new_create_dissector_handle()" to the list of APIs available to
plugins on platforms where plugins have to call core Ethereal routines
through pointers.
"extern"alize the remaining routines in "epan/packet.h".
svn path=/trunk/; revision=8116
|
|
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
|
|
svn path=/trunk/; revision=7726
|
|
"dissector_handle_get_protocol_index()".
svn path=/trunk/; revision=6633
|