| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6117 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5932 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5491 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5227 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Get rid of "nameAsChar" arguments; get the name from the field itself.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5226 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
addresses.
When showing a list of keysyms, build the text representation of the
item for the list by appending keysyms to the text of the item as
dissected; this fixes a bug in the display of those keysums, and means
that we don't build a text string with the keysyms if we're not
generating the text representation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5179 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Try to check whether the first request we see is an initial connection
request, and dissect it as such if so.
Get rid of the global "next_offset" variable.
Check for buffer overflows when building the summary item for a list
of keysyms.
Display BASE_DEC items in decimal, not hex.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5173 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
memory leaks.
Put "Requests", not "X11 request", in the Info column for packets to the
server - we already know it's X11, and there may be more than one
request in the packet.
Put "Replies/events", not "X11 event", in the Info column for packets
from the server - we already know it's X11, and there may be more than
one message, and the messages might be replies rather than events.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5164 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Declares some variables static.
Creates a new include file packet-rsvp.h, and make use of it
(change some extern decls to #inlcude).
Move the file packet-pgm.h into packet-pgm.c as it is not used
by anything outside packet-pgm.c.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5162 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5159 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
message regardless of whether they're set or clear, so you can see not
only what flags are set, but also what flags aren't set. (The previous
checkin only affected bitfields that don't control whether other fields
show up in a message.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5158 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
you can see not only what flags are set, but also what flags aren't set.
Don't show reserved bits unless they're set, though.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5157 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5152 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5146 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
routines not used outside the file in which they're defined static.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5144 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
pass it as a parameter, instead.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5105 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5101 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4605 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4586 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4370 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4308 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4269 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4088 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
compilers may not interpret them as the ISO 8859/1 characters they're
intended to be, and the GUI toolkit or other software through which the
text passes might not interpret them as such, either.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3992 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
tvb_get_ptr(tvb, offset, length))" calls to "proto_tree_add_item()"
calls.
Do the same, in "packet-iscsi.c" and "packet-mrdisc.c", for
"proto_tree_add_uint()" and "proto_tree_add_boolean()" calls.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3726 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"header_field_info" structure, including the ones that are later set by
the routines to register fields.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3561 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Remove an extra space from one format.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3353 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
people don't blindly insert the old address into new dissectors, which
is probably how it got into the dissectors being fixed here.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3348 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
Perl script that generates them, so that if we have to change those
fields we can do so more conveniently.
Remove the generated header files from CVS, and arrange that we generate
them when we do a build.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3341 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2967 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2931 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2849 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2810 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2670 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
old-style dissector that does a "tvb_create_from_top()" and then calls
new-style-dissector subroutines, just use tvbuffs throughout.
Turn "tvb" from a global variable into an argument (as we no longer
create that tvbuff).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2666 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2267 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2218 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2076 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2069 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
tvbuffs.
In doing so, I realied that my recommendation for using
tvb_new_subset(pi.compat_top_tvb, -1, -1) was incorrect, because
some dissectors (ethernet!) change pi.len and pi.cap_len. So, I have
to take those two variables into account instead of using -1 and -1.
So, I provide a macro called tvb_create_from_top(offset), where
offset is the name of your offset variable. It is a wrapper around
tvb_new_subset().
I converted the lines that followed my suggestion to use
tvb_create_from_top().
In proto.c I added
proto_tree_add_debug_text(proto_tree*, const char*, ...)
It's much like proto_tree_add_text(), except that it takes no offset
or length; it's soley for temporarily putting debug text into the
proto_tree while debugging a dissector. In making sure that its
use is temporary, the funciton also prints the debug string to stdout
to remind the programmer that the debug code needs to be removed
before shipping the code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2068 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
that causes "packet-x11.c" to fail to compile due to it defining its own
function named "boolean", so we rename the "packet-x11.c" "boolean()"
function to "add_boolean()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2066 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
doesn't get sign-extended before being handed to "isgraph()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2065 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2063 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
build to fail on Win32 systems. It's defined (at least in the X11R6 on
my FreeBSD 3.4 system) as "((unsigned long)~0L)", which presumably means
"set all the bits" - which means "set all 32 bits" in the "value_string"
table where it appears, as the value member of an entry in such a table
is a "guint32", so just use 0xFFFFFFFF.
Get rid of other unneeded #includes as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2061 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
the top-level "compatibility" tvbuff, so that we don't blow up if we get
short frames *or* misinterpret data due to, for example, trying to treat
the initial client->server message in a connection as an X11 request, or
interpreting the middle of a multi-frame request (e.g., a big PutImage)
as if it contained requests. (I have a capture file on which the
non-tvbuffified code crashed.)
Attempt to dissect requests until we reach the end of the frame, even if
that would take us past the end of the captured data in the frame before
we reach the end of the frame; the tvbuff code will throw an exception
if we go past the end of the captured data, which means it'll put a
"Short frame" indication into the protocol tree, which is what we want
(the frame *is* short, because the capture length was too short).
Define functions taking no arguments with a "(void)" argument list, so
that the compiler knows that they must not be passed any arguments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2059 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2057 f5534014-38df-0310-8fa8-9805f1628bb7
|
