Age | Commit message (Collapse) | Author | Files | Lines |
|
attempt reassembly of a higher-level packet that includes the
lower-level packet, use "tvb_bytes_exist()" to check whether all the
data that's to be included in the reassembly is available, rather than
by checking whether the packet is short.
Add some checks of that sort that were missing.
Use the reported length of the packet when doing reassembly.
Make the "iphdrlen" field of a "packet_info" structure be the length of
the IP header in bytes, not in 4-byte words.
svn path=/trunk/; revision=7274
|
|
"tcpip" added.
-z io,users,tcpip will create a top talkers list of individual tcpip connections
svn path=/trunk/; revision=7264
|
|
belongs, as that's redundant.
Fix a bunch of cases where that was done, and map the old name to the
new name.
Instead of marking "mtp3.mtp3_standard" as obsolete, map it to
"mtp3.standard".
svn path=/trunk/; revision=7030
|
|
addresses and the protocol type, as supplied by BPF; on Linux, they *do*
have an offset field, as supplied by PF_PACKET sockets. Add a new
WTAP_ENCAP_ARCNET_LINUX, with packets that include the offset field, and
don't dissect an offset in WTAP_ENCAP_ARCNET packets.
Map a libpcap link-layer type of 129 to WTAP_ENCAP_ARCNET_LINUX; that
value was recently assigned to Linux-style ARCNET.
Add some more ARCNET protocol IDs.
For most protocol IDs, dissect an ATA 878.2 fragmentation header; don't
do it for RFC 1051 IP and ARP, and Diagnose packets. Set the length of
the ARCNET protocol tree item appropriately.
Dissect both the RFC 1051 and RFC 1201 styles of IP and ARP over ARCNET,
and dissect the RFC 1201 style of RARP as well.
svn path=/trunk/; revision=6981
|
|
svn path=/trunk/; revision=6969
|
|
error packets, the copy of the packet that got the error, rather than
doing it in the CLNP dissector and the ICMP dissector and the ICMPv6
dissector and the PPP dissector for various control protocols; have it
do that work iff "pinfo->in_error_pkt" is set.
svn path=/trunk/; revision=6942
|
|
state of the columns and the current protocol, and restore them when
done. Also, cache BoundsError and, if we get a BoundsError, restore
them and then re-throw the BoundsError, so we see a "Short Frame"
indication if the frame was cut off by the snapshot length.
svn path=/trunk/; revision=6941
|
|
as you dissect it, so we can dissect packets that are cut short before
the end of an IP header.
Check for an IP total length less than the header length.
svn path=/trunk/; revision=6921
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
Check the next header type - properly handling extension headers - in
"capture_ipv6()".
Get rid of the count of IPv6 packets - we break that down in
"capture_ipv6()" now.
Fix a typo.
svn path=/trunk/; revision=6510
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
Sort the lists of dissectors in the DISSECTOR_SRC macros in
"Makefile.am" and "Makefile.nmake".
svn path=/trunk/; revision=6450
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
Change struct addr to guint32 which is the way it is used
anyway.
Use the GLib macros to convert from network to host byte order.
svn path=/trunk/; revision=5878
|
|
svn path=/trunk/; revision=5657
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
|
|
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
argument to "tvb_new_subset()" - just use -1 if the subset tvbuff is to
run to the end of the parent tvbuff.
svn path=/trunk/; revision=5597
|
|
Use the reported length, not the captured length, of a tvbuff when
scanning through it.
Mark unused arguments that can't be eliminated as unused.
svn path=/trunk/; revision=5058
|
|
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
svn path=/trunk/; revision=5025
|
|
protocol that fragmented them, rather than just calling them
"Reassembled". Do the same with uncompressed WCP data.
svn path=/trunk/; revision=4822
|
|
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
|
|
longer contains length fields, so there's no need to pass a "packet_info
*" argument to "set_actual_length()".
svn path=/trunk/; revision=4748
|
|
svn path=/trunk/; revision=4666
|
|
about them being trashed by setjmp/longjmp (does GCC there stuff them
into registers? They're bigger than 64 bits, so they don't even fit
into a single register on Alpha).
svn path=/trunk/; revision=4636
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
a fragment unless we've captured all the data in the fragment and (in
IPv4 and CLNP) it has a valid checksum, so that if the first fragment is
a short frame or a frame with an invalid checksum, we'll treat it as if
reassembly weren't enabled, and will dissect what data we have in it,
rather than not dissecting *any* of the fragments above the IP/CLNP
layer.
svn path=/trunk/; revision=4575
|
|
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
|
|
the list of segments in a desegmented PDU as unsigned, rather than
signed.
Fix some other displays of unsigned quantities with "%d" while we're at
it.
svn path=/trunk/; revision=4516
|
|
svn path=/trunk/; revision=4460
|
|
- Cleaned up TSpec and Flowspec support to handle multiple parameters
- Added support for Compression Hint (RFC3006)
- Added support for DCLASS (RFC2996)
- Corrected some bugs in support for Null Service (RFC2997)
svn path=/trunk/; revision=4459
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|
|
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
|
|
identifier, but means X.29 when used as an X.263/ISO 9577 secondary
protocol identifier.
Add support for the IPv6 NLPID, and Ethernet type, in more places.
Fix up the handling of the user data of a CALL REQUEST packet to more
correctly distinguish between user data containing an NLPID and user
data containing an X.264/ISO 11570 UN TPDU. If it's an NLPID, use
"nlpid_vals" to show its value.
Put that user data in a subtree.
Create a new "x.25.spi" dissector table, for protocols running atop
X.25, rather than having a built-in switch statement, so that other
protocols can register themselves by NLPID.
svn path=/trunk/; revision=4300
|
|
svn path=/trunk/; revision=4269
|
|
structure, we may have to worry about it in more places than the places
that *used* to set "pi.len" and "pi.captured_len", so there's no point
in just saving and restoring it there. We'll remove those
saves/restores, and worry about saves and restores when we find a
problem.
svn path=/trunk/; revision=4245
|
|
structure; they're no longer used.
svn path=/trunk/; revision=4236
|
|
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
|
|
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
|
|
Frascone.
Small white-space fix.
Display the preference level in router advertisements as signed, not
unsigned, as per RFC 1256, which says it's a "signed, twos-complement
value".
svn path=/trunk/; revision=4118
|
|
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
|
|
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.
When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.
svn path=/trunk/; revision=3960
|
|
svn path=/trunk/; revision=3744
|
|
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
|
|
Joerg Mayer.
svn path=/trunk/; revision=3578
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
svn path=/trunk/; revision=3561
|
|
PDU.
svn path=/trunk/; revision=3527
|