Age | Commit message (Collapse) | Author | Files | Lines |
|
attempt reassembly of a higher-level packet that includes the
lower-level packet, use "tvb_bytes_exist()" to check whether all the
data that's to be included in the reassembly is available, rather than
by checking whether the packet is short.
Add some checks of that sort that were missing.
Use the reported length of the packet when doing reassembly.
Make the "iphdrlen" field of a "packet_info" structure be the length of
the IP header in bytes, not in 4-byte words.
svn path=/trunk/; revision=7274
|
|
packets, and add a heuristic dissector list for CLNP payloads not
dissected as COTP packets.
svn path=/trunk/; revision=7197
|
|
(non inactive subset). So there are now two different
lists : "cotp" and the legacy "cotp_is". Cotp_is is
currently only used by H1 dissector. "cotp" will be
used at least by some (possibly unpublished) plugins.
svn path=/trunk/; revision=7072
|
|
svn path=/trunk/; revision=7003
|
|
error packets, the copy of the packet that got the error, rather than
doing it in the CLNP dissector and the ICMP dissector and the ICMPv6
dissector and the PPP dissector for various control protocols; have it
do that work iff "pinfo->in_error_pkt" is set.
svn path=/trunk/; revision=6942
|
|
Rename the "osi_decode_" routines "ositp_decode_", to indicate that
they're for OSI COTP and CLTP.
Fetch the dst_ref field in each dissector, rather than globally, as not
all PDUs have it. In particular, DT PDUs don't have it in classes 0 and
1, so don't put it into the summary line for class 0 and 1 COTP.
Register the CLNP dissector for use by the X.25 dissector.
svn path=/trunk/; revision=6849
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
svn path=/trunk/; revision=6535
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
argument to "tvb_new_subset()" - just use -1 if the subset tvbuff is to
run to the end of the parent tvbuff.
svn path=/trunk/; revision=5597
|
|
"dissect_osi_options()".
svn path=/trunk/; revision=5318
|
|
svn path=/trunk/; revision=5110
|
|
svn path=/trunk/; revision=5056
|
|
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
svn path=/trunk/; revision=5025
|
|
protocol that fragmented them, rather than just calling them
"Reassembled". Do the same with uncompressed WCP data.
svn path=/trunk/; revision=4822
|
|
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
|
|
about them being trashed by setjmp/longjmp (does GCC there stuff them
into registers? They're bigger than 64 bits, so they don't even fit
into a single register on Alpha).
svn path=/trunk/; revision=4636
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
a fragment unless we've captured all the data in the fragment and (in
IPv4 and CLNP) it has a valid checksum, so that if the first fragment is
a short frame or a frame with an invalid checksum, we'll treat it as if
reassembly weren't enabled, and will dissect what data we have in it,
rather than not dissecting *any* of the fragments above the IP/CLNP
layer.
svn path=/trunk/; revision=4575
|
|
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
|
|
the list of segments in a desegmented PDU as unsigned, rather than
signed.
Fix some other displays of unsigned quantities with "%d" while we're at
it.
svn path=/trunk/; revision=4516
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|
|
SPIs.
svn path=/trunk/; revision=4319
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
|
|
svn path=/trunk/; revision=4269
|
|
structure, we may have to worry about it in more places than the places
that *used* to set "pi.len" and "pi.captured_len", so there's no point
in just saving and restoring it there. We'll remove those
saves/restores, and worry about saves and restores when we find a
problem.
svn path=/trunk/; revision=4245
|
|
structure; they're no longer used.
svn path=/trunk/; revision=4236
|
|
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
|
|
svn path=/trunk/; revision=4182
|
|
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
|
|
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.
When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.
svn path=/trunk/; revision=3960
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
svn path=/trunk/; revision=3561
|
|
svn path=/trunk/; revision=3560
|
|
PDU.
svn path=/trunk/; revision=3526
|
|
"reassemble.h", and remove IPv4 dependencies from it.
Use it for OSI CLNP segment reassembly as well.
svn path=/trunk/; revision=3525
|
|
Have "calc_checksum()" just return an indication of the status of the
checksum.
Check the CLNP header checksum, and put display its status.
svn path=/trunk/; revision=3514
|
|
dissector to dissect the datagram inside an error report datagram, save
the current values of the source and destination addresses, and restore
them after the subdissector returns, so that all address columns in the
summary pane will reflect the error datagram, not the datagram that
provoked the error.
Set the Protocol and Info columns upon entry to the ICMPv6 dissector, so
that if we throw an exception they don't reflect the protocol above
ICMPv6.
svn path=/trunk/; revision=3456
|
|
respectively, not Q.931 and Q.2931, in Frame Relay.
When dissecting Q.933-style multiprotocol encapsulated Frame Relay
frames, use the "osinl" dissector table to check for OSI network layer
protocols, include the NLPID in the tvbuff you hand to
"dissector_try_port()" with that dissector table, and put the NLPID into
the protocol tree as an invisible item - the NLPID is considered part of
the PDU for those protocols, so you have to include it in the tvbuff,
and the dissector will put it into the protocol tree.
Also, make sure the top-level entry for the Frame Relay protocol
includes all the bytes preceding the payload, and none of the payload
bytes.
Export a routine to do Q.933-style dissection, and have the WCP
dissector call it, rather than duplicating that code in the WCP
dissector.
Don't register OSI network layer protocols with the "fr.ietf" dissector
table; it's now sufficient to register them with the "osinl" dissector
table, as the Frame Relay dissector now checks that.
Get rid of unnecessary checks for protocols being enabled (if the
dissector is always called through handles or dissector tables, the
common code for handles and dissector tables will do the checks for
you).
Get rid of some unnecessary #includes.
svn path=/trunk/; revision=3211
|
|
In the CLNP dissector, set the source and destination network-layer and
"top-level" addresses; this will cause them to show up in the source and
destination columns of the summary display if you're showing the
network-layer or top-level address (although you'll probably have to
widen those columns significantly to see the entire address), and also
makes them available to subdissectors.
svn path=/trunk/; revision=3131
|
|
usages of tvb_get_ptr(). packet-ieee80211.c still has one bad usage,
in which it *does* modify the tvbuff's data.
svn path=/trunk/; revision=3128
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
|
|
its own; it's used not only by LLC, but by Frame Relay with RFC 2427 and
ATM with RFC 2684.
Support for RFC 2427-encapsulation Frame Relay packets, from Paul
Ionescu.
Get rid of the CISCO_IP PPP protocol type - Cisco HDLC uses, in most
cases, Ethernet packet types, so use ETHERTYPE_IP instead (they're both
0x0800).
svn path=/trunk/; revision=2854
|
|
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
|
|
"prefs_register_module()" except that it takes a protocol index as
returned by "proto_register_protocol()" as its first argument, rather
than taking two character strings as arguments as its first two
arguments, and uses the protocol's abbreviation as the name to use for
preferences in the preferences file and the "-o" flag and uses the
protocol's short name as the name to use in the tabs in the
"Edit->Preferences" window.
svn path=/trunk/; revision=2812
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
|
|
fractions of a second (the resolution is 1/2 second).
In the bitfield breakdown of the flags/type field of a CLNP PDU, report
the PDU type as a name rather than as an abbreviation.
svn path=/trunk/; revision=2776
|