Age | Commit message (Collapse) | Author | Files | Lines |
|
and a $HOME/.ethereal/ipxnets file. get_ipxnet_name() and other functions,
similar to get_ether_name() and friends, have been added.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1085 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
(in the src/dst of the CList). In order to do this, I had to:
1. Add a new function, ether_to_str_punct(const guint8*, char) which
turns a 6-byt ether address into a string, using whatever punctuation
is passed as the char. If a null char is passed, no separator
is put between the hex digits. Unresolved IPX addresses look better
with the ether portion having no punctuation (IMHO)
2. Changed ether_to_str() to call ether_to_str_punct with ':' as the char
argument. That is, code abstraction.
3. MAXNAMELEN was moved from resolv.c to resolv.h so that packet-ipx.c
could see it.
4. A new resolve function, get_ether_name_if_known(), returns the resolved name
of an ether address, or NULL if there is none. This differs
from get_ether_name() by returning NULL rather than a text version
of the ether address.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1076 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@909 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@835 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
succeeded or failed, and, if it succeeded, have it fill in the IP
address if found through a pointer passed as the second argument.
Have it first try interpreting its first argument as a dotted-quad IP
address, with "inet_aton()", and, if that fails, have it try to
interpret it as a host name with "gethostbyname()"; don't bother with
"gethostbyaddr()", as we should be allowed to filter on IP addresses
even if there's no host name associated with them (there's no guarantee
that "gethostbyaddr()" will succeed if handed an IP address with no
corresponding name - and it looks as if FreeBSD 3.2, at least, may not
succeed in that case).
Add a "dfilter_fail()" routine that takes "printf()"-like arguments and
uses them to set an error message for the parse; doing so means that
even if the filter expression is syntactically valid, we treat it as
being invalid. (Is there a better way to force a parse to fail from
arbitrary places in routines called by the parser?)
Use that routine in the lexical analyzer.
If that error message was set, use it as is as the failure message,
rather than adding "Unable to parse filter string XXX" to it.
Have the code to handle IP addresses and host names in display filters
check whether "get_host_ipaddr()" succeeded or failed and, if it failed,
arrange that the parse fail with an error message indicating the source
of the problem.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@802 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
- Capture->Start->"Active name resolution"
Allows the user to turn on/off name resolution
during a live capture.
- Display->Options->"Name resolution"
Turn on/off name resolution for the displayed
data (or during the -S mode).
E.g. clicking on a packet captured with
resolution disabled will resolve names in
the detailed list if this option is set.
And applying or resetting a display filter
allows the update of the packet list as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@726 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
mechanism that is built into ethereal. Wiretap is now used to read all
file formats. Libpcap is used only for capturing.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@342 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
proto*() functions. The configure script tries to use ipv6 name resolution if
it knows the type of ipv6 stack the user has (this can be avoided with the
--disable-ipv6 switch) Additionally, the configure script now deals with wiretap
better. If the user doesn't want to compile wiretap, the wiretap is never
visited. A few unnecessary #includes were removed from some wiretap files, and
a CPP macro was moved from bpf.c to wtap.h.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@229 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
* PPP fixes (Gerald)
* Null/loopback interface support (Gerald)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@25 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7 f5534014-38df-0310-8fa8-9805f1628bb7
|
|
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2 f5534014-38df-0310-8fa8-9805f1628bb7
|