Age | Commit message (Collapse) | Author | Files | Lines |
|
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
|
|
se_alloc them where and if needed, not every time expert_set_info_vformat is called.
svn path=/trunk/; revision=17293
|
|
the callback for multiple registrations.
svn path=/trunk/; revision=17252
|
|
svn path=/trunk/; revision=16281
|
|
Expert data must perform a re-dissection to trigger the NCP dissector.
Change the call cf_retap_packets() to cf_redissect_packets().
svn path=/trunk/; revision=16279
|
|
might want to have a checkbox or alike to en/disable this (as discussed for the Statistics) lately.
svn path=/trunk/; revision=16092
|
|
svn path=/trunk/; revision=15846
|
|
generate columns; use cf_retap_packets instead of cf_redissect_packets()
when running taps (the general flow graph stat uses the Info column).
svn path=/trunk/; revision=15793
|
|
*significantly* improve performance (100000 infos from ~5min to 25sec!)
Add a simple severity based filter mechanism.
replace // style comments by /**/
svn path=/trunk/; revision=15791
|
|
"unknown" for frame numbers. Note that in epan/frame_data.h, and make
the frame number in experts unsigned, and use 0 for "unknown", and
display it as an unsigned number - and, if it's 0, don't display it at
all.
Fix the signature of "expert_dlg_draw()" to match what a tap's draw
routine's signature is expected to be.
svn path=/trunk/; revision=15760
|
|
dependencies)
svn path=/trunk/; revision=15755
|
|
where others might have a look and probably already find it useful :-). Anyway, we can easily disable it at one or two places in the code if it get's in our way of a new release.
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
|