Age | Commit message (Collapse) | Author | Files | Lines |
|
COL_INFO.
svn path=/trunk/; revision=2641
|
|
svn path=/trunk/; revision=2518
|
|
svn path=/trunk/; revision=2509
|
|
svn path=/trunk/; revision=2486
|
|
support, from Per Flock.
svn path=/trunk/; revision=2473
|
|
svn path=/trunk/; revision=2288
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
|
|
numeric values. (Also, just for laughs and for completeness, turn the
CS class into "csnet", even though it's obsolete and supposedly used
only in some examples in obsolete RFCs.)
svn path=/trunk/; revision=2240
|
|
- add hostname/IP in host hashtable from DNS answers
(currently only type A RR).
svn path=/trunk/; revision=2228
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
|
|
information on WINS and WINS-R records.
svn path=/trunk/; revision=2146
|
|
svn path=/trunk/; revision=2145
|
|
svn path=/trunk/; revision=2142
|
|
a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
svn path=/trunk/; revision=2031
|
|
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
|
|
support AD and CD bit in RFC2535 (DNS security extension) section 6.
(seen on packets from BIND9 named)
svn path=/trunk/; revision=1890
|
|
and BIND, do, by counting the number of characters we look at and, if
when we see a pointer, we see we've already looked at as many characters
as there are in the DNS packet, we conclude that we're looping.
Also, check for pointers that point past the end of the packet (not just
past the end of the captured portion of the packet, i.e. cases where we
didn't capture all of the packet, but cases where the packet is actually
malformed).
svn path=/trunk/; revision=1830
|
|
routine, which calls all routines found in the dissector source files
with names that match " proto_reg_handoff_[a-z_0-9A-Z]*".
Call "register_all_protocol_handoffs()" after calling
"register_all_protocols()" - "register_all_protocols()" needs to be
called first, so that all protocols can register their fields, because
registering a dissector as being called if field "proto.port" is equal
to N requires that "proto.port" be a registered field.
Give DNS a handoff registration routine, and register its dissector to
be called if "udp.port" is UDP_PORT_DNS; remove the registration of DNS
from "packet-udp.c", and make "dissect_dns()" static (as nobody else
need know that it exists).
svn path=/trunk/; revision=1788
|
|
protocol, which is DNS-derived; hopefully, Microsoft won't shovel any
more stuff into NBNS (I suspect that they ultimately want to make DNS
replace it completely), so it won't pick up stuff such as OPT RRs.
As such, we don't need to export "add_opt_rr_to_tree()", so make it
static to "packet-dns.c".
svn path=/trunk/; revision=1766
|
|
svn path=/trunk/; revision=1765
|
|
record type to the info column, before parsing the reply; add the text
for the entry, and any additional information for the info column, in
the code that handles the reply.
Don't use stuff from the resource record if you ran past the end of the
packet.
Fix some bit-scanning code.
svn path=/trunk/; revision=1736
|
|
Add EIGRP and VINES to the list of protocols "ipprotostr()" knows about.
Get rid of the "proto_vals" table in "packet-ip.c" - it's not used, and
the two entries it had that weren't in the table in "ipproto.c" have
been moved there.
svn path=/trunk/; revision=1735
|
|
proto_tree_add_protocol_format()
proto_tree_add_uint_format()
proto_tree_add_ipxnet_format()
proto_tree_add_ipv4_format()
proto_tree_add_ipv6_format()
proto_tree_add_bytes_format()
proto_tree_add_string_format()
proto_tree_add_ether_format()
proto_tree_add_time_format()
proto_tree_add_double_format()
proto_tree_add_boolean_format()
If using GCC 2.x, we can check the print-format against the variable args
passed in. Regardless of compiler, we can now check at run-time that the
field type passed into the function corresponds to what that function
expects (FT_UINT, FT_BOOLEAN, etc.)
Note that proto_tree_add_protocol_format() does not require a value field,
since the value of a protocol is always NULL. It's more intuitive w/o the
vestigial argument.
Fixed a proto_tree_add_item_format-related bug in packet-isis-hello.c
Fixed a variable usage bug in packet-v120.c. (ett_* was used instead of hf_*)
Checked in Guy's fix for the function declearation for proto_tree_add_text()
and proto_tree_add_notext().
svn path=/trunk/; revision=1713
|
|
Use "proto_tree_add_notext()" and "proto_tree_set_text()" for some
resource records.
svn path=/trunk/; revision=1699
|
|
necessary.
svn path=/trunk/; revision=1496
|
|
If a DNS response got an error, include the error indication in the
summary line.
svn path=/trunk/; revision=1391
|
|
Change to dns dissector to display "Domain Name System (request)" instead of
"DNS request" in the proto tree, as it is more in keeping with the style
of the other proto tree entries.
svn path=/trunk/; revision=1233
|
|
svn path=/trunk/; revision=1128
|
|
svn path=/trunk/; revision=1127
|
|
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
|
|
svn path=/trunk/; revision=1019
|
|
svn path=/trunk/; revision=993
|
|
answers into the COL_INFO column in the summary pane.
svn path=/trunk/; revision=988
|
|
svn path=/trunk/; revision=857
|
|
the stuff referred to by those pointers goes past the end of the packet,
that's not a reason not to return the length of the DNS or NBNS name
itself - you can tag that name even though it's bad. Therefore,
"get_dns_name()" should return the length of the part of the name it's
looked at even if that name contains a pointer to stuff that goes past
the end of the packet.
This means you can't check its return value to see if it's negative, and
treat it as an error if it is; remove that stuff.
Add checks to make sure the type and class fields in an RR don't go past
the end of the packet.
svn path=/trunk/; revision=781
|
|
as well.
svn path=/trunk/; revision=779
|
|
the random packets I generated. I'm not convinced that all the problems
are gone. We now:
1. Check that the bytes are indded in the frame before accessing them
in dissect_dns_query() and dissect_dns_answer(). If not, we
return 0, which means "0-byte increment".
2. Check the return value of the two functions above in
dissect_query_records() and dissect_answer_records(), which have
loops that call those two functions above. If a 0-byte
increment is found, the loop is broken to avoid an infinite loop.
svn path=/trunk/; revision=778
|
|
svn path=/trunk/; revision=694
|
|
allowing users to filter on the existence of these protocols. I also
added packet-clip.c to the Nmake makefile.
svn path=/trunk/; revision=402
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
svn path=/trunk/; revision=342
|
|
request or reply. (Redid "get_dns_name()" along the lines of the code
in the BSD resolver.)
Add code to dissect SOA RRs.
svn path=/trunk/; revision=297
|
|
reference the protocol tree with struct proto_tree and struct proto_item
objects. That way, the packet decoding source code file can be used with
non-gtk packet decoders, like a curses-based ethereal, e.g. I also re-arranged
some of the information in packet.h to more appropriate places (like other
packet-*.[ch] files).
svn path=/trunk/; revision=223
|
|
In the detailed expansion of an RR, give a more detailed description of
the RR type, as per Peter Hawkins' suggestion, but leave the record type
in the summary line for the RR, along the lines of John McDermott's
suggestion.
Decode PTR and CNAME RRs.
svn path=/trunk/; revision=222
|
|
svn path=/trunk/; revision=177
|
|
svn path=/trunk/; revision=160
|
|
and NBNS requests.
Put the opcode in the COL_INFO field for DNS requests (it was already
there for NBNS requests).
Don't assume a DNS or NBNS request is neatly aligned on a 2-byte
boundary (it might not be if, for example, the packet is an FDDI
packet).
svn path=/trunk/; revision=153
|
|
replacing "memset(..., 0, ...)" with "bzero(..., ...)" - he asked me to
remove the change.
svn path=/trunk/; revision=130
|
|
Added Ethernet Loopback Protocol Type to ethertype.c
svn path=/trunk/; revision=129
|
|
for the queries or replies first, then create and add the subtree and
populate it, and, when that's done, set the length of the item
appropriately; if you add the subtree later, the subtree's top-level
node appears to have level 0, rather than 1 greater than the tree of
which it's a subtree, which causes those trees not to print correctly.
svn path=/trunk/; revision=122
|
|
* Added check_col(), add_col_str() and add_col_fmt() to replace references
to ft->win_info.
* Added column prefs handling code.
svn path=/trunk/; revision=97
|