keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Added expert info item for bogus IP length.
Added hint about "IP checksum offload" for invalid IP checksum.
Describe TSO in the preference setting.
svn path=/trunk/; revision=34830
The IP Timestamp Option (RFC 781) has three variants. One (flag=0) just stores
a sequence timestamps in the option, but the other two (flag=1 and flag=3)
store alternate IP addresses and timestamps.
From me:
Mark option full when offset (pointer) is set to one, as per RFC 781.
svn path=/trunk/; revision=34750
Since it was named Ethereal and up to today, Wireshark wrongly parses
the IPv4 header flags field:
* it considers it as a 4 bits wide field - according to RFC 791 its a 3 bits
wide field (first 3 bits of the 6th octect of the IPv4 header).
* if for example the DF bit is set, Wireshark displays the flag value as 0x04
(0100) when it should be 0x02 (010), idem for the MF flag.
Attached to this bug report, you can find a patch to fix the issue.
svn path=/trunk/; revision=30855
TTL-Check for local network group addresses: Normally the
only valid TTL is 1. Add a check for VRRP and GLBP, where
the only valid TTL is 255.
Me: change the logic so the funtion returns the valid ttl
instead of true/false.
svn path=/trunk/; revision=29362
to 224.0.0.x with a TTL>1. Some protocols (notably VRRP and GLBP)
send out a TTL of 255 and thus cause a notice. That should be fixed,
so for now: Add a FIXME about that.
svn path=/trunk/; revision=29024
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
e_ip->ip_ttl is currently always set to 0, in attachment fix.
I also (in same patch, sorry) submit cleanup to use ep_alloc() instead
of static e_ip buffers, I didn't test it, but I hope it's ok.
There's note about static buffers in doc/README.tapping, which should
also be updated, but I don't feel so good with my English :)
From me:
Rename e_ip to ws_ip. Update the static buffers note in README.tapping.
svn path=/trunk/; revision=28425
This is a crude hack, as the current Wireshark interface to GeoIP is not really suitable for reading several values of a single GeoIP database :-(
svn path=/trunk/; revision=27365