Age | Commit message (Collapse) | Author | Files | Lines |
|
is set or not. Copy the destination address, not the source address,
when processing the destination address.
svn path=/trunk/; revision=8314
|
|
bus error on RISC systems.
svn path=/trunk/; revision=8304
|
|
being complete and for fragmentation being trivial (i.e., the packet in
question is both the first and last fragment). Have its callers *not*
do that check - this lets "process_reassembled_data()" put in the
"Reassembled in" item for fragments other than the last fragment.
Add a "Reassembled in" field to TDS.
svn path=/trunk/; revision=8295
|
|
pointer to that pointer, to "ip_to_str()".
svn path=/trunk/; revision=8273
|
|
with a list of all seen conversations of a certain type.
Supported types are Ethernet/TokenRing/IP/UDP and TCP.
Will add FibreChannel soon.
The framework for this feature needs to be enhanced in the future so that by selecting one entry and click the right mousebutton, this will bring up a menu with Prepare/Match options with suboptions for AnyDirection, ForwardOnly or ReverseOnly which updates the display filter accordingly.
Had to update some of the taps as well to change them to use a proper address structure for the address fields.
We should now be able to to these stats correctly even for ip tunneled over ip tunnelled over ip ...
svn path=/trunk/; revision=8222
|
|
"dissect_ip_tcp_options()" but for options that are like IPv6 options
(i.e., the length byte has a value that doesn't include the option code
or length byte).
Add an "ip_opts.h" header to declare it, and move the declaration of
stuff used by it and "dissect_ip_tcp_options()", and the declaration of
"dissect_ip_tcp_options()", to that header.
Use "dissect_ipv6_options()" for Mobile IPv6 options.
Get rid of the unused "mip6_opt_types[]" array in "packet-mip6.h".
svn path=/trunk/; revision=8015
|
|
svn path=/trunk/; revision=8001
|
|
svn path=/trunk/; revision=7794
|
|
"find_dissector_table()", have the IPv6 and IPSEC dissectors fetch the
IP dissector table by name.
svn path=/trunk/; revision=7600
|
|
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
|
|
into a subroutine, for use in other dissectors.
Use it in the IPv6 and CLNP dissectors.
svn path=/trunk/; revision=7510
|
|
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
svn path=/trunk/; revision=7506
|
|
called from the frame where the ip packet was reassembled instead of from each fragment.
For fragments, put [Reassembled in #xx] in the summary pane so it is easy
to see which fragments are successfully reassembled and which are not.
For fragments, add a "This fragment is reassembled in:xx" to the tree
pane so and make it FT_FRAMENUM so it is easy to jump top the reassembled ip packet.
svn path=/trunk/; revision=7489
|
|
hexadecimal to make it easier to crossreference packets between output from other sniffers that display it in DEC instead of HEX.
Since this value has no human readable meaning it should be displayed in HEX only but make ethereal also display the "wrong" base to enhance human compatibility.
svn path=/trunk/; revision=7471
|
|
attempt reassembly of a higher-level packet that includes the
lower-level packet, use "tvb_bytes_exist()" to check whether all the
data that's to be included in the reassembly is available, rather than
by checking whether the packet is short.
Add some checks of that sort that were missing.
Use the reported length of the packet when doing reassembly.
Make the "iphdrlen" field of a "packet_info" structure be the length of
the IP header in bytes, not in 4-byte words.
svn path=/trunk/; revision=7274
|
|
"tcpip" added.
-z io,users,tcpip will create a top talkers list of individual tcpip connections
svn path=/trunk/; revision=7264
|
|
belongs, as that's redundant.
Fix a bunch of cases where that was done, and map the old name to the
new name.
Instead of marking "mtp3.mtp3_standard" as obsolete, map it to
"mtp3.standard".
svn path=/trunk/; revision=7030
|
|
addresses and the protocol type, as supplied by BPF; on Linux, they *do*
have an offset field, as supplied by PF_PACKET sockets. Add a new
WTAP_ENCAP_ARCNET_LINUX, with packets that include the offset field, and
don't dissect an offset in WTAP_ENCAP_ARCNET packets.
Map a libpcap link-layer type of 129 to WTAP_ENCAP_ARCNET_LINUX; that
value was recently assigned to Linux-style ARCNET.
Add some more ARCNET protocol IDs.
For most protocol IDs, dissect an ATA 878.2 fragmentation header; don't
do it for RFC 1051 IP and ARP, and Diagnose packets. Set the length of
the ARCNET protocol tree item appropriately.
Dissect both the RFC 1051 and RFC 1201 styles of IP and ARP over ARCNET,
and dissect the RFC 1201 style of RARP as well.
svn path=/trunk/; revision=6981
|
|
svn path=/trunk/; revision=6969
|
|
error packets, the copy of the packet that got the error, rather than
doing it in the CLNP dissector and the ICMP dissector and the ICMPv6
dissector and the PPP dissector for various control protocols; have it
do that work iff "pinfo->in_error_pkt" is set.
svn path=/trunk/; revision=6942
|
|
state of the columns and the current protocol, and restore them when
done. Also, cache BoundsError and, if we get a BoundsError, restore
them and then re-throw the BoundsError, so we see a "Short Frame"
indication if the frame was cut off by the snapshot length.
svn path=/trunk/; revision=6941
|
|
as you dissect it, so we can dissect packets that are cut short before
the end of an IP header.
Check for an IP total length less than the header length.
svn path=/trunk/; revision=6921
|
|
list of packets corresponding to a reassembled pdu
svn path=/trunk/; revision=6807
|
|
Check the next header type - properly handling extension headers - in
"capture_ipv6()".
Get rid of the count of IPv6 packets - we break that down in
"capture_ipv6()" now.
Fix a typo.
svn path=/trunk/; revision=6510
|
|
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
|
|
Sort the lists of dissectors in the DISSECTOR_SRC macros in
"Makefile.am" and "Makefile.nmake".
svn path=/trunk/; revision=6450
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
|
|
Change struct addr to guint32 which is the way it is used
anyway.
Use the GLib macros to convert from network to host byte order.
svn path=/trunk/; revision=5878
|
|
svn path=/trunk/; revision=5657
|
|
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
|
|
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
|
|
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
|
|
argument to "tvb_new_subset()" - just use -1 if the subset tvbuff is to
run to the end of the parent tvbuff.
svn path=/trunk/; revision=5597
|
|
Use the reported length, not the captured length, of a tvbuff when
scanning through it.
Mark unused arguments that can't be eliminated as unused.
svn path=/trunk/; revision=5058
|
|
top-level item correspond to the reassembled data, and make the item for
each fragment/segment correspond to the part of that reassembled data
that came from that fragment/segment.
svn path=/trunk/; revision=5025
|
|
protocol that fragmented them, rather than just calling them
"Reassembled". Do the same with uncompressed WCP data.
svn path=/trunk/; revision=4822
|
|
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
|
|
longer contains length fields, so there's no need to pass a "packet_info
*" argument to "set_actual_length()".
svn path=/trunk/; revision=4748
|
|
svn path=/trunk/; revision=4666
|
|
about them being trashed by setjmp/longjmp (does GCC there stuff them
into registers? They're bigger than 64 bits, so they don't even fit
into a single register on Alpha).
svn path=/trunk/; revision=4636
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
a fragment unless we've captured all the data in the fragment and (in
IPv4 and CLNP) it has a valid checksum, so that if the first fragment is
a short frame or a frame with an invalid checksum, we'll treat it as if
reassembly weren't enabled, and will dissect what data we have in it,
rather than not dissecting *any* of the fragments above the IP/CLNP
layer.
svn path=/trunk/; revision=4575
|
|
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
|
|
the list of segments in a desegmented PDU as unsigned, rather than
signed.
Fix some other displays of unsigned quantities with "%d" while we're at
it.
svn path=/trunk/; revision=4516
|
|
svn path=/trunk/; revision=4460
|
|
- Cleaned up TSpec and Flowspec support to handle multiple parameters
- Added support for Compression Hint (RFC3006)
- Added support for DCLASS (RFC2996)
- Corrected some bugs in support for Null Service (RFC2997)
svn path=/trunk/; revision=4459
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
|
|
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
|