Age | Commit message (Collapse) | Author | Files | Lines |
|
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11410 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@11400 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
in case the DF bit or the MF bit is set.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10644 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"congestion" bit for ECN. Show it as a reserved bit.
Put semicolons, not commas, at the end of the calls to put flags field
bits into the protocol tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@10087 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
standard
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8955 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8710 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
is set or not. Copy the destination address, not the source address,
when processing the destination address.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8314 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
bus error on RISC systems.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8304 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
being complete and for fragmentation being trivial (i.e., the packet in
question is both the first and last fragment). Have its callers *not*
do that check - this lets "process_reassembled_data()" put in the
"Reassembled in" item for fragments other than the last fragment.
Add a "Reassembled in" field to TDS.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8295 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pointer to that pointer, to "ip_to_str()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8273 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
with a list of all seen conversations of a certain type.
Supported types are Ethernet/TokenRing/IP/UDP and TCP.
Will add FibreChannel soon.
The framework for this feature needs to be enhanced in the future so that by selecting one entry and click the right mousebutton, this will bring up a menu with Prepare/Match options with suboptions for AnyDirection, ForwardOnly or ReverseOnly which updates the display filter accordingly.
Had to update some of the taps as well to change them to use a proper address structure for the address fields.
We should now be able to to these stats correctly even for ip tunneled over ip tunnelled over ip ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8222 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_ip_tcp_options()" but for options that are like IPv6 options
(i.e., the length byte has a value that doesn't include the option code
or length byte).
Add an "ip_opts.h" header to declare it, and move the declaration of
stuff used by it and "dissect_ip_tcp_options()", and the declaration of
"dissect_ip_tcp_options()", to that header.
Use "dissect_ipv6_options()" for Mobile IPv6 options.
Get rid of the unused "mip6_opt_types[]" array in "packet-mip6.h".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8015 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8001 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7794 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"find_dissector_table()", have the IPv6 and IPSEC dissectors fetch the
IP dissector table by name.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7600 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7513 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
into a subroutine, for use in other dissectors.
Use it in the IPv6 and CLNP dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7510 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7506 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
called from the frame where the ip packet was reassembled instead of from each fragment.
For fragments, put [Reassembled in #xx] in the summary pane so it is easy
to see which fragments are successfully reassembled and which are not.
For fragments, add a "This fragment is reassembled in:xx" to the tree
pane so and make it FT_FRAMENUM so it is easy to jump top the reassembled ip packet.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7489 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
hexadecimal to make it easier to crossreference packets between output from other sniffers that display it in DEC instead of HEX.
Since this value has no human readable meaning it should be displayed in HEX only but make ethereal also display the "wrong" base to enhance human compatibility.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7471 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
attempt reassembly of a higher-level packet that includes the
lower-level packet, use "tvb_bytes_exist()" to check whether all the
data that's to be included in the reassembly is available, rather than
by checking whether the packet is short.
Add some checks of that sort that were missing.
Use the reported length of the packet when doing reassembly.
Make the "iphdrlen" field of a "packet_info" structure be the length of
the IP header in bytes, not in 4-byte words.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7274 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"tcpip" added.
-z io,users,tcpip will create a top talkers list of individual tcpip connections
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7264 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
belongs, as that's redundant.
Fix a bunch of cases where that was done, and map the old name to the
new name.
Instead of marking "mtp3.mtp3_standard" as obsolete, map it to
"mtp3.standard".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7030 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
addresses and the protocol type, as supplied by BPF; on Linux, they *do*
have an offset field, as supplied by PF_PACKET sockets. Add a new
WTAP_ENCAP_ARCNET_LINUX, with packets that include the offset field, and
don't dissect an offset in WTAP_ENCAP_ARCNET packets.
Map a libpcap link-layer type of 129 to WTAP_ENCAP_ARCNET_LINUX; that
value was recently assigned to Linux-style ARCNET.
Add some more ARCNET protocol IDs.
For most protocol IDs, dissect an ATA 878.2 fragmentation header; don't
do it for RFC 1051 IP and ARP, and Diagnose packets. Set the length of
the ARCNET protocol tree item appropriately.
Dissect both the RFC 1051 and RFC 1201 styles of IP and ARP over ARCNET,
and dissect the RFC 1201 style of RARP as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6981 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6969 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
error packets, the copy of the packet that got the error, rather than
doing it in the CLNP dissector and the ICMP dissector and the ICMPv6
dissector and the PPP dissector for various control protocols; have it
do that work iff "pinfo->in_error_pkt" is set.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6942 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
state of the columns and the current protocol, and restore them when
done. Also, cache BoundsError and, if we get a BoundsError, restore
them and then re-throw the BoundsError, so we see a "Short Frame"
indication if the frame was cut off by the snapshot length.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6941 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
as you dissect it, so we can dissect packets that are cut short before
the end of an IP header.
Check for an IP total length less than the header length.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6921 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
list of packets corresponding to a reassembled pdu
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6807 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Check the next header type - properly handling extension headers - in
"capture_ipv6()".
Get rid of the count of IPv6 packets - we break that down in
"capture_ipv6()" now.
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6510 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6491 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Sort the lists of dissectors in the DISSECTOR_SRC macros in
"Makefile.am" and "Makefile.nmake".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6450 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5932 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Change struct addr to guint32 which is the way it is used
anyway.
Use the GLib macros to convert from network to host byte order.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5878 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5657 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5644 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5626 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5614 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
argument to "tvb_new_subset()" - just use -1 if the subset tvbuff is to
run to the end of the parent tvbuff.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5597 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Use the reported length, not the captured length, of a tvbuff when
scanning through it.
Mark unused arguments that can't be eliminated as unused.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5058 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5025 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
protocol that fragmented them, rather than just calling them
"Reassembled". Do the same with uncompressed WCP data.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4822 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4749 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
longer contains length fields, so there's no need to pass a "packet_info
*" argument to "set_actual_length()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4748 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4666 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
about them being trashed by setjmp/longjmp (does GCC there stuff them
into registers? They're bigger than 64 bits, so they don't even fit
into a single register on Alpha).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4636 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a fragment unless we've captured all the data in the fragment and (in
IPv4 and CLNP) it has a valid checksum, so that if the first fragment is
a short frame or a frame with an invalid checksum, we'll treat it as if
reassembly weren't enabled, and will dissect what data we have in it,
rather than not dissecting *any* of the fragments above the IP/CLNP
layer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4575 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4555 f5534014-38df-0310-8fa8-9805f1628bb7
|