ack number to the lookup key (which was previously just the frame number).
This helps with situations where multiple segments of the same TCP
conversation can be found in the same frame in a capture (e.g. with LTE
user-plane traffic carried in logged MAC or RLC frames).
svn path=/trunk/; revision=41788
are present. However, still only create the graph for the first/only
one.
LTE MAC or RLC frames often contain multiple SDUs that are segments of
the same TCP conversation - this avoids the need to find a frame with
only one SDU.
svn path=/trunk/; revision=41721
Introduced a new tcp state variable: maxseqtobeacked, this is the
maximum seq number that can be acked by the rev party in normal case.
This new state variable only serves the proper detection of
tcp.analysis.ack_lost_segment indicator, and decouples it from the detection of
tcp.analysis.lost_segment indicator.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6081
svn path=/trunk/; revision=37922
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
TCP bytes_in flight becomes inflated with lost packets
This patch suspends Bytes-in-Flight calculation when missing packets are detected.
svn path=/trunk/; revision=33994
support for vendor-specific IEs. Fix variable-length record handling. Add
conversation tracking to the UDP dissector and add process flow
information to TCP and UDP conversations.
This lets us run process flow collectors on one or more machines and
have the process username, PID, command name, etc. show up in the TCP
and UDP protocol trees.
svn path=/trunk/; revision=28366
"tcp.stream", this will make it possible to sort packets by
tcp stream, filter tcp streams exactly, etc.
It is also the preparation for a fix for bug 1447
svn path=/trunk/; revision=26305
flight on a tcp connection.
this is quite useful toghether with io-grapgs to track how much of the
tcp window that an application actually uses
svn path=/trunk/; revision=26067
tcp.time_relative ==> the time that has elapsed since the
first packet that was seen in the current TCP stream
tcp.time_delta ==> the time that has elapsed since the
last packet that was seen in the current TCP stream
Calculating these timestamps is turned off by default to not
use the extra memory that is needed for the per-packet-data.
It can be turned on through the TCP protocol preferences
svn path=/trunk/; revision=22966
there used to be a bug in tcp reassembly that even if the dissector only asked for x more bytes from the next segment the entire segment would still be added to reassembly.
this caused some issues when there was a new multisegment pdu that started at the end of the segment but this bug was fixed when tcp reassembly was refactored semi-recently.
there was also another "bug" in the http reassembly that it would only ask for one more byte at a time when doing reassembly.
this did work well however when we still had the bug in tcp reassembly but made wireshark become very very very slow once this tcp bug was fixed since it is very very very slow to reassemble a huge http pdu just one byte at a time.
this patch adds partial support (what we need for http which does not use tcp_dissect_pdus() ) for the desegmentation flag : DESEGMENT_ONE_MORE_SEGMENT and also to the http dissector so that reassembly of http headers spanning multiple semgents now become fast again
svn path=/trunk/; revision=19859
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
now that we have se_tree_lookup32_le we can do the tracking of pdu boundaries much more efficiently.
track pdu boundaries by a new tcp_multisegment_pdu structure that is indexed by sequence numbers and let this structure replace the older tcp_next_pdu structure.
with se_tree_lookup32_le we no longer need to track segment by segment and can get rid of the two hash tables
tcp_pdu_tracking_table
tcp_pdu_skipping_table
Neither do we need the tree tcp_pdu_time_table anymore so that one is gone as well.
remove various other functions that are no longer needed due to removing the structure and the tables/tree
this part of the code shoul;d be much more readable now and also a bit faster
svn path=/trunk/; revision=18024
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
only call subdissectors for packets that are NOT keepalives nor zerowindowprobes.
keepalives only contain garbage anyway
and zerowindowproes just contain a single byte of incomplete data so whats the point trying to dissect it further.
svn path=/trunk/; revision=17443
i have tested it with many captures but this used to be fragile and delicate code so there might be some regressions that will need to be addressed once identified.
svn path=/trunk/; revision=17107
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410