Age | Commit message (Collapse) | Author | Files | Lines |
|
svn path=/trunk/; revision=49640
|
|
- Show the number of per-packet-data entries and which protocol has made entries in the frame.
svn path=/trunk/; revision=49313
|
|
the same protocol in a frame.
svn path=/trunk/; revision=48997
|
|
Otherwise wmem tweaks require rebuilding the entire tree for no particular
reason.
svn path=/trunk/; revision=48018
|
|
public header, but since packet_info.h is included in most of the tree it saves
a great deal of recompilation when something in one of the wmem data structures
changes.
svn path=/trunk/; revision=46624
|
|
A (better?) fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8030
See also thread starting at:
http://www.wireshark.org/lists/wireshark-dev/201212/msg00001.html
svn path=/trunk/; revision=46331
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=44882
|
|
svn path=/trunk/; revision=44748
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
(I used PPID 0xffffffff as an end-of-list marker so that PPID can no longer
be used in this dialog; if someone starts using that PPID then we'll have
to put a count of PPIDs in pinfo.)
svn path=/trunk/; revision=42991
|
|
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
|
|
svn path=/trunk/; revision=39764
|
|
interfaces and one of them is a GRE tunnel. Resolves bug 5770, which was reopened.
svn path=/trunk/; revision=39757
|
|
This works between C and Lua.
In C the pinfo.private_table pointer must be initialized using
g_hash_table_new (g_str_hash, g_str_equal);
In Lua the values are available using pinfo.private.<key>, and the
table is created automatically on first usage. It's possible to use
this datatypes: nil, boolean, number and string, but every value
is converted to string so numbers must be converted using tonumber()
on usage. Boolean is either nil or an empty string.
svn path=/trunk/; revision=39461
|
|
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
|
|
This trivial patch merely displays the ICMP ID and sequence # in the Info
column.
svn path=/trunk/; revision=33056
|
|
This is an expensive operation because we:
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols
We should only do this if the 'hf_frame_protocols' is referenced (unlikely)
svn path=/trunk/; revision=29733
|
|
Added: PW ATM 1:1, AAL5 SDU, AAL5 PDU support + BFD fix + PW ATM OAM fix
svn path=/trunk/; revision=28881
|
|
link(UL/DL).
svn path=/trunk/; revision=28648
|
|
The attached patch file adds dissectors for the ZigBee protocol stack,
which runs atop the IEEE 802.15.4 dissector. Also included is the
dissector for the ZigBee Encapsulation Protocol (packet-zep.c), used by
the Exegin Q51 protocol analyzer.
From me:
Fix a bunch of gcc (the compiler, not me) warnings.
svn path=/trunk/; revision=28429
|
|
New ATM PW (with/without CW) dissector, RFC 4717
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3375
svn path=/trunk/; revision=27955
|
|
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
|
|
renamed to ppids)
svn path=/trunk/; revision=26958
|
|
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
|
|
svn path=/trunk/; revision=24600
|
|
to the srcport / destport already existing. As simply using srcport / destport for this will confuse mixed protocol usage (like RFC1006 ISOonTCP), I've added explicit clnp fields.
This way, protocols on top of COTP / CLNP have at least a chance to do reassembling correct.
svn path=/trunk/; revision=22473
|
|
- start to implement an AR conversation handler
svn path=/trunk/; revision=22444
|
|
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
|
|
add sccp_info to struct _packet_info (Sorry but the way private_data works and the fact that TCAP uses it and BSSAP/RANAP can be tunnelled on GSMMAP over TCAP makes it impossible to avoid)
SCCP
- Have SCCP to have a TAP,
- Fix associations so that every message belongs to the association.
- Export message type values so that they can be used by a tap listener
RANAP
- Have RANAP information attached to the sccp_info
BSSAP + GSM_A
- Have DTAP, BSSMAP and BSSAP info attached to the sccp_info
svn path=/trunk/; revision=21076
|
|
svn path=/trunk/; revision=21010
|
|
dcerpc procedure
use this field in the policy handle helper to indicate not only which frames the handle was opened/close in but also the name of the function that opened it.
eventually, when other pidl support infrastructure is developed it would be nice if this could be expanded to also contain the name of the object/handle opened.
svn path=/trunk/; revision=20895
|
|
there used to be a bug in tcp reassembly that even if the dissector only asked for x more bytes from the next segment the entire segment would still be added to reassembly.
this caused some issues when there was a new multisegment pdu that started at the end of the segment but this bug was fixed when tcp reassembly was refactored semi-recently.
there was also another "bug" in the http reassembly that it would only ask for one more byte at a time when doing reassembly.
this did work well however when we still had the bug in tcp reassembly but made wireshark become very very very slow once this tcp bug was fixed since it is very very very slow to reassemble a huge http pdu just one byte at a time.
this patch adds partial support (what we need for http which does not use tcp_dissect_pdus() ) for the desegmentation flag : DESEGMENT_ONE_MORE_SEGMENT and also to the http dissector so that reassembly of http headers spanning multiple semgents now become fast again
svn path=/trunk/; revision=19859
|
|
tcp_dissect_pdus() (and others if need be)
in tcp_dissect_pdus() add a field ( tcp.pdu.size ) to the tree that displays the pdu size.
svn path=/trunk/; revision=19655
|
|
dissector to future class dissectors
svn path=/trunk/; revision=19576
|
|
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
|
|
profinet_type field to the packet_info struct
svn path=/trunk/; revision=18615
|
|
svn path=/trunk/; revision=18197
|
|
svn path=/trunk/; revision=15015
|
|
A few doxygen updates and an improved section on
writing dissectors that don't use tcp_dissect_pdus().
svn path=/trunk/; revision=14537
|
|
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
|
|
callers, so that they can tell "no decrypted tvbuff because I couldn't
decrypt it" from "no decrypted tvbuff because it's not encrypted in the
first place". Set that based on the Kerberos seal algorithm field in
the SPNEGO Kerberos 5 wrap dissector code.
Use that to determine whether the GSS-API encapsulated data in LDAP is
encrypted or not., rather than using a heuristic.
Set the length of the SASL blob tvbuff based on the SASL length and the
length of the tvbuff from which it's consstructed, rather than setting
it to the SASL length.
svn path=/trunk/; revision=13780
|
|
dce has slightly different padding and checksumming so we have to tell decrypt_arcfour() about it.
svn path=/trunk/; revision=13689
|
|
layer dissector all the way down to spnego or friends and back.
svn path=/trunk/; revision=13658
|
|
compiler doesn't say "that's unsigned, it can't possibly be equal to -1".
svn path=/trunk/; revision=13526
|
|
change the decodeas for dcerpc so that it actually works again for dcerpc over smb
svn path=/trunk/; revision=13515
|
|
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
|
|
to a different dissector.
svn path=/trunk/; revision=11912
|
|
svn path=/trunk/; revision=11894
|
|
"epan/packet_info.h" and put it in "epan/address.h".
Use the AT_ values from "epan/address.h" for address types in the
interface lists rather than having our own FAM_ enums.
svn path=/trunk/; revision=11427
|