- Use a (slightly) less simplistic hashing algorithm to reduce collisions;
Note: A GHashTable which handles collisions rather than
a home-grown hash table (which does not) needs to be implemented.
- Don't replace an existing template in the cache when a collision occurs;
Fixes Bug #6325https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6325
svn path=/trunk/; revision=39990
interface scope is always 4 bytes. For that matter, nowhere does it
indicate that the scopes have any particular interpretation except as a
sequence of octets.
Get rid of the checks for a length of 4, and make ScopeSystem an
FT_BYTES. If, by *convention*, they're usually IPv4 or IPv6 addresses,
somebody can throw in code to display them as such if they happen to be
4 or 16 bytes, respectively. Leave ScopeInterface as an integer for
now, in case, by convention, they're interface indices, but still leave
the length check out.
Fixes bug 3954.
svn path=/trunk/; revision=39485
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
Current NetFlow V9/IPFIX dissector treats IN_BYTES (IE=1) and
IN_PERMANENT_BYTES (IE=85) exactly in the same way. The same applies to IN_PKTS
(IE=2) and IN_PERMANENT_PKTS (IE=86). However, IN_BYTES/IN_PKTS and
IN_PERMANENT_BYTES/IN_PERMANENT_PKTS have different semantics so they should be
distinguishable when they are displayed or specified in a filter. Please find
attached the patch
which does that.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5807
svn path=/trunk/; revision=36661
From me: Use lower-case v9template_max_fields instead of upper-case to avoid
any confusion with that variable being a define. Use STRINGIFY() so we always
keep the default and the displayed default the same. Fix bug introduced by
Andrew's patch where option_scope_field_count was inadvertently changed to
option_field_count. Append "Maximum value can be adjusted ..." message to all
relevant expert infos.
svn path=/trunk/; revision=36643
In RFC 5102 (for IPFIX), id=128 is defined as "bgpNextAdjacentAsNumber" which
is DST_AS_PEER and id=129 as "bgpPrevAdjacentAsNumber" which is SRC_AS_PEER.
svn path=/trunk/; revision=36028
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
Comment in the code asked....
/*XXX: 2 bytes skipped ?? */
Here is what I have found.
The high byte (1) indicates the Classification Engine ID
The low bytes (3) indicate the application ID
Engine ID of 5 is NBAR Standard.
Engine ID of 6 is NBAR Custom.
Attached patch displays all 4 bytes (type and ID) in a readable way. Also
allows better filtering.
svn path=/trunk/; revision=35116
Bugs fixed:
- Invalid time display for various time fields;
Millisecs for types 152, 153 are actually stored as 64 bit integers;
Microsecs, nanosecs are actually stored in "NTP format";
Times for fields 158, 159 are relative to "export time";
SystemInitTime displayed incorrectly;
...
- Options template not cached when only scope fields in template.
- Templates not processed on first pass thru capture file:
(In some cases data flows might not be handled until options template later displayed).
- V9: number of options template entries limited to about 8 instead of intended 42;
- Multiple options temlate flows in an Options Template flowset not handled;
- "NotSentOctets" dislayed as "NotSentPackets";
...
Cleanups:
- Options and data template processing code more or less rewritten;
- options template displayed with format similar to that used for data templates;
- Handling and display of PEN field (including use to indicate REVERSE) improved;
- Don't use same filter name for two similar fields which only differ in size;
- Handling & dislay of "variable length" fields improved;
- sminmec lookup (PEN) done only during template processing & cached for later use;
...
- Whitespace/Formatting
svn path=/trunk/; revision=34140
Jakub Zawadzki