| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
there are no SNMP libraries to use in a real dissector; this means that
other dissectors don't have to care if there are SNMP libraries, they
can just call "dissect_snmp()" - and this also simplifies "Makefile.am"
and "configure.in" a bit, as they just treat "packet-snmp.c" and
"packet-snmp.h" the same way they treat other dissector source files.
svn path=/trunk/; revision=1214
|
|
and a $HOME/.ethereal/ipxnets file. get_ipxnet_name() and other functions,
similar to get_ether_name() and friends, have been added.
svn path=/trunk/; revision=1085
|
|
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
|
|
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
svn path=/trunk/; revision=1032
|
|
Added proto_registrar_get_name routine to proto.c to retrieve the name
of particular proto_tree field.
Added dissect_rpc_string_item to packet-rpc.c. This routine does the same
thing as dissect_rpc_string, except it takes a hfindex of a
proto_tree item instead of a name. It uses the p_r_get_name call
to get the name, and adds the actual string content as a hidden
field (so that the subtree highlights the entire data area - length,
data, and padding). There is only one call to dissect_rpc_string, so
I believe that this routine should replace it.
svn path=/trunk/; revision=1011
|
|
protocols (idea shamelessly stolen from GDB). We require that the
register routines
1) be located in "packet.c" or in one of the "packet-XXX.c"
files;
2) have a name of the form "proto_register_XXX";
3) take no argument, and return no value;
4) have their names appear in the source file either at the
beginning of the line, or preceded only by "void " at the
beginning of the line;
and we require that "packet-XXX.c" files be added to "DISSECTOR_SOURCES"
in "Makefile.am".
svn path=/trunk/; revision=891
|
|
- add display filters
svn path=/trunk/; revision=872
|
|
description of fields in man page is correct.
svn path=/trunk/; revision=859
|
|
svn path=/trunk/; revision=853
|
|
svn path=/trunk/; revision=828
|
|
protocols.
svn path=/trunk/; revision=824
|
|
well.
Add some more protocols to the list of value/string pairs for IP
protocol types.
svn path=/trunk/; revision=822
|
|
svn path=/trunk/; revision=820
|
|
and RIPng decoding.
svn path=/trunk/; revision=818
|
|
svn path=/trunk/; revision=817
|
|
svn path=/trunk/; revision=816
|
|
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
|
|
the packet boundary. Now the field boundary is honored. The frame boundary
is ignored, but of course we put proper field lengths in the proto_tree,
right? :)
Implemented negative offsets in byte-strings:
frame[-4:4] will read the last 4 bytes of a frame.
Implemented "offset-only" byte-string comparisons, since the dfilter
compiler knows the length of the byte-string you supplied. These are
now legal:
frame[-4] == 0.0.0.1
tr.dst[0] == 00:06:29
Implemented the use of integers if you're comparing one byte. These are
legal:
llc[0] == 0xaa
llc[0:1] == 0xaa
All these forms check against the length of the field, so these will be
reported as bad to the user:
eth.src[5] == 00:06:29 (goes beyond field boundary)
eth.dst == 1.2.3.4.5.6.7 (too long, goes beyond field boundary)
Thes is also reported as bad:
eth.dst[0:3] == 1.2 (incorrect number of bytes specified)
eth.dst[0:1] == eth.src[0:2] (disparate lengths)
I had to add a new function, proto_registrar_get_length() in proto.c, which
reports the length of a field as can be determined at registration time.
There are some shift/reduce errors in the grammar that I need to get rid of.
svn path=/trunk/; revision=811
|
|
there is still some work to do in resolv.c (get_host_ipaddr6)
- add display filters of this kind in packet-ipv6.c just
for testing (display filtering is incomplete)
svn path=/trunk/; revision=808
|
|
svn path=/trunk/; revision=790
|
|
registered protocol's name from being used in a display filter.
svn path=/trunk/; revision=766
|
|
- add display filter for AARP
proto.c:
- register a dummy protocol before the first one (aarp)
since the first entry can not be filtered (bug ?)
Gilbert, could you check this ?
svn path=/trunk/; revision=762
|
|
svn path=/trunk/; revision=687
|
|
specified number of bytes of captured data in the frame at the specified
offset, and a "IS_DATA_IN_FRAME()" macro, to test whether there are any
bytes of captured data in the frame at the specified offset, and convert
some bounds checks to use them.
Add a dissector for the Internet Printing Protocol.
svn path=/trunk/; revision=685
|
|
Dissector code can add FT_BOOLEAN fields to the proto_tree and pass TRUE
or FALSE values (non-zero and zero values). The display filter language,
however, treats the checking for the existence of a FT_BOOLEAN field as
the checking for its truth. Before this change, packet-tr.c was the only
dissector using FT_BOOLEAN fields, and it only added the field to the
proto_tree if the TRUE; the dissector was determining the difference between
the check for existence and the check for truth.
I made this change because packet-ppp.c added some FT_BOOLEAN fields and
added them to the tree regardless of truth value, It's more natural just to
do it this way and let the display filter code worry about whether to
check for existence or truth. So that's how it works now.
svn path=/trunk/; revision=679
|
|
svn path=/trunk/; revision=677
|
|
not like #preprocessor_macros that do not start at
the first column.
So write:
#ifdef FOO
# include <dummy1.h>
# define DUMMY 1
#else
# include <dummy2.h>
# define DUMMY 2
#endif
instead of
#ifdef FOO
#include <dummy1.h>
#define DUMMY 1
#else
#include <dummy2.h>
#define DUMMY 2
#endif
svn path=/trunk/; revision=668
|
|
prints the protocol tree, and summary prints the fields in the summary
clist, with a header line at the beginning of the printout.
Print only packets selected by the current packet filter.
Just have "ARP" and "RARP" in the "Protocol" field for ARP packets;
whether it's a request or a reply can be seen in the "Info" field.
Add to the "Frame" section of the protocol tree the time between the
current packet and the previous displayed packet, and the packet number.
Have FT_RELATIVE_TIME fields be a "struct timeval", and display them as
seconds and fractional seconds (we didn't have any fields of that type,
and that type of time fits the delta time above).
Add an FT_DOUBLE field type (although we don't yet have anything using
it).
svn path=/trunk/; revision=666
|
|
metadata.
Also added filter items for the session and task number.
svn path=/trunk/; revision=664
|
|
display filtering on those protocols and future
enhancements (other OSI protocols decoding).
svn path=/trunk/; revision=662
|
|
to recognize and handle protocol field compression.
svn path=/trunk/; revision=651
|
|
svn path=/trunk/; revision=610
|
|
a protocol occurs only once in a packet. Because of encapsulation (IP within
IP), a protocol can occur more than once. I don't have a packet trace
showing such a packet, but the code should handle it now. The one thing
that it cannot do, though, is differentiate the levels. It might be
nice to say:
ip{1}.src == 192.168.1.1 && ipx{2}.dst == 10.0.0.1
In the dfilter grammar I had left IPXNET variables out of the list
of variables that could be checked for existence. Now you can check
for the existence of ipx.srcnet and ipx.dstnet. Hurrah.
svn path=/trunk/; revision=608
|
|
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
|
|
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
|
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
|
|
svn path=/trunk/; revision=482
|
|
in dfilter-grammar.y) to a new struct dfilter. Display filters now have
their own struct, rather than simply being GNode's. This allows multiple
display filters to exist at once, aiding John McDermott in his
work on colorization.
svn path=/trunk/; revision=480
|
|
LLC, the original NetBIOS encapsulation).
svn path=/trunk/; revision=466
|
|
svn path=/trunk/; revision=452
|
|
svn path=/trunk/; revision=438
|
|
implementation.
svn path=/trunk/; revision=425
|
|
svn path=/trunk/; revision=424
|
|
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
|
|
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.
The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.
All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.
I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29
I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
ipx.srcnet == 0xc0a82c00
rather than this:
ipx.srcnet == c0:a8:2c:00
I can supposrt the byte-range type IPXNET in the future, very trivially.
I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!
svn path=/trunk/; revision=414
|
|
values (for example, a sequence number in a TCP header should be printed
as an unsigned value; I have a trace in which the uppermost bit of the
sequence number is set...). If we need to be able to handle signed
values, add FT_INT{8,16,32} types.
svn path=/trunk/; revision=406
|
|
allowing users to filter on the existence of these protocols. I also
added packet-clip.c to the Nmake makefile.
svn path=/trunk/; revision=402
|
|
svn path=/trunk/; revision=376
|
|
Added the protocol IDs for ipx and IGMP, but not their fields.
svn path=/trunk/; revision=365
|
|
suggestion, this new method using a static array should use less memory
and be faster. It also has a nice side-effect of making the source-code
more readble, IMHO.
Changed the print routines to look for protocol proto_data instead of
looking at the text label as they did before, hoping that the data hex
dump field item starts with "Data (".
Added the -G keyword to ethereal to make it dump a glossary of display
filter keywords to stdout and exit. This data is then formatted with
the doc/dfilter2pod perl program to pod format, which is combined
with doc/ethereal.pod.template to create doc/ethereal.pod, from which
the ethereal manpage is created. This way we can keep the manpage up-to-date
with a list of fields that can be filtered on.
svn path=/trunk/; revision=364
|
