Age | Commit message (Collapse) | Author | Files | Lines |
|
Get rid of some extra blanks at the end of the text for some protocol
tree items.
Use %u, not %d, to format unsigned quantities.
Make the "Client Authentication Methods" item's length cover all the
authentication methods, not just the count of methods.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8709 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
done in common code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8708 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
When a socks connection was used to create a second socks connection
the socks dissector would be called recursively until a heap overflow
occurred.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@8487 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7543 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7201 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5932 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5889 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"offset".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5650 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
argument to copy a counted string, and use "tvb_strsize()" rather tan
"strlen()" with a "tvb_get_ptr()" argument to get the length of a
null-terminated string, so that we throw an exception if we go past the
end of the tvbuff, rather than processing bytes past the end.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5649 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Declares some variables static.
Creates a new include file packet-rsvp.h, and make use of it
(change some extern decls to #inlcude).
Move the file packet-pgm.h into packet-pgm.c as it is not used
by anything outside packet-pgm.c.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5162 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
routines not used outside the file in which they're defined static.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5144 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
calls that passed TRUE or FALSE, rather than an integer value, as the
last argument.
A SOCKS command is one byte, so make the "socks.command" field an
FT_UINT8.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4904 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4605 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Fixed some of the filter fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4383 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4370 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4308 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
compilers.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4284 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4281 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4246 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissectors and that's no longer needed.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4112 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
little-endian byte order.
Use "proto_tree_add_item()" wherever possible.
Get rid of line commented out with a C++ comment, as not all C compilers
accept C++ comments.
Don't put the user name into the protocol tree if it's not there (we
really should do TCP segment reassembly for this, but this is at least a
good first cut).
When checking whether data exists in the packet, use
"tvb_offset_exists()", don't compare the offset in the tvbuf with
"pinfo->len" - "pinfo->len" is the length of the entire packet, not of
the tvbuff.
Fix some references to "pi" to refer to "*pinfo" instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4108 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Pia Sahlberg <piabar@hotmail.com.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4100 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4088 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
of protocol-id-plus-datum pairs, so that multiple protocols can attach
information to the same conversation.
Dissectors that attach information to a conversation should not assume
that if they find a conversation it has one of its data attached to it;
the conversation might've been created by another dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3901 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3900 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3561 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3529 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
otherwise, the filtering GUI gets very upset when you try to construct a
filter expression to test the value of that field. Make them BASE_DEC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3334 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
conversation it found has no data associated with it; this is a
workaround for a problem that shows up if a conversation is between two
ports both of which have protocols associated with them - in that case,
frames going in one direction might be dissected by one of those
dissectors, and frames going in the other direction might be dissected
by the other dissector, causing untold confusion.
We really need to associate dissectors with conversations as soon as the
conversation is created, so that all packets will be handled by the same
dissector. (The SOCKS dissector now does that.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2862 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2849 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2810 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2670 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2658 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Jeff Foster.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2523 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
This keeps tvbuff.c generic; it doesn't have to pull in packet.h and all
of it's included files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2409 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"dissector" union in the "conversation_t" structure to "old_d" and
"new_d", to avoid using a C++ reserved word.
Add "old_conversation_set_dissector()" and
"conversation_set_dissector()" routines to set the dissector for a
conversation, to hide the details of how that's done (e.g., details such
as whether there's a union at all - eventually, when all dissectors have
been tvbuffified, there won't be a need for the union - and what the
names of the union members are, and so on). Convert all dissectors to
use those routines (they had to be changed anyway, due to the name
change).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2324 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2267 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2254 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2218 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
packet length.
Use "IS_DATA_IN_FRAME()", rather than checking if "offset+1" is greater
than "pi.captured_len", to check whether there's any data left in the
packet.
Check whether data is in the packet *before* extracting it and stuffing
an item into the tree with it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2216 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
of the packet, use "pi.captured_len" - "fd->pkt_len" may include data
that isn't in the capture, due to a short snapshot length.
Don't use "fd->cap_len" when checking to see if you've run off the end
of the packe, use "pi.captured_len" - "fd->cap_len" isn't adjusted to
reflect any length fields, but "pi.captured_len" is (removing, for
example, Ethernet padding from the packet).
Use "END_OF_FRAME" rather than "pi.captured_len - offset", to make it a
bit clearer what's being done.
In the V.120 dissector, use "tvb_length()" when adding the top-level
protocol tree entry for V.120, as it's a tvbuffified dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2214 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2031 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1939 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1850 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Add packet-socks.obj to Makefile.nmake.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1845 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
with conversations and having TCP and UDP check whether a packet is part
of a conversation with a dissector and, if so, using that dissector on
the conversation, and "ethertype()"-style support for allowing a
dissector to call a sub-dissector via the same path that the TCP and UDP
dissectors use, based on port numbers supplied by that dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1837 f5534014-38df-0310-8fa8-9805f1628bb7
|