box interfaces we can't open; this filters out loopback interfaces on
e.g. Solaris (which you can't get at with a DLPI device, so you can't
capture traffic on them), and also means we don't report *any*
interfaces if you don't have permission to open any (which means you
don't have permission to capture packets).
If we don't find any interfaces, pop up a message box saying so.
Free up the interface "ioctl" buffer, and close the socket we were
using, before returning from "get_interface_list()".
If "get_interface_list()" returns a null pointer (meaning it failed),
don't pop up the "capture" dialog box.
svn path=/trunk/; revision=634
Frame protocol (that being what this dissects).
If you're cutting up something into bitfields, the bitfield dissection
returned by "dissect_bitfield_XXX()" should be the first text on the
line - if not, then if the text items that come before the various
bitfields aren't all the same length, the bits don't line up.
Cope with packets from one of Gilbert's captures, where the sender
"name" in some NBF datagrams isn't a NetBIOS name, it's 10 octets of 0
followed by a MAC address!
The "name type" in the "Data2" field of NBF frames is 0x00 for unique
names and 0x01 for group names, not a "16th character of a NetBIOS name"
name type.
Fix up various other things.
svn path=/trunk/; revision=633
(NWLink), are sufficiently different that they should be handled in
different routines.
Change the decode to match NetMon a bit more.
svn path=/trunk/; revision=631
to turn NetBIOS names into a nice printable form.
Put the description of NetBIOS name types into places where it fits;
have "packet-netbios.c" export a routine to interpret them.
svn path=/trunk/; revision=630
That makes the space of name types even more sparse; use "val_to_str()"
to decode them, rather than an indexed table.
Make a "process_netbios_name()" routine that shows non-printable
characters in NetBIOS names as <XX>, where "XX" is the value of the
character in hex (the way Network Monitor does), and have
"get_netbios_name()" use it (NetBIOS-over-TCP will be made to use it in
the future).
When displaying NetBIOS names, include the name type character at the
end, in angle brackets, the way Network Monitor does (show it in hex
even if it *is* printable - 0x20 is 0x20, not "space", in that context).
svn path=/trunk/; revision=628
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
don't seek around it - some implementations of the standard I/O library
routines (e.g., the ones in Solaris 2.5.1, at least) appear not to be
clever enough to handle seeks that occur within the buffer by moving the
current buffer position; instead, they do a seek on the underlying file
descriptor *and* appear to throw out the buffer, forcing them to do
another read.
Instead, read it into a buffer.
svn path=/trunk/; revision=626
header fields we don't look at - some implementations of the standard
I/O library routines (e.g., the ones in Solaris 2.5.1, at least) appear
not to be clever enough to handle seeks that occur within the buffer by
moving the current buffer position; instead, they do a seek on the
underlying file descriptor *and* appear to throw out the buffer, forcing
them to do another read.
Instead, read the entire record header into a structure, and pick the
relevant bits out of it.
Also, skip over the FCS in LAPB captures by reading it rather than
seeking around it (should we put it in the pseudo-header?).
svn path=/trunk/; revision=625
directory in which the UCD SNMP library is found (and to check for the
UCD SNMP stuff in "$prefix" if "$prefix" isn't "/usr/local"), and to
have "Makefile.am" use "$(MAKE)" rather than "make".
svn path=/trunk/; revision=624
Use "pletohs()" and "pletohl()" to access 16-bit and 32-bit fields in
the file and packet headers, as those fields are little-endian.
svn path=/trunk/; revision=612
a protocol occurs only once in a packet. Because of encapsulation (IP within
IP), a protocol can occur more than once. I don't have a packet trace
showing such a packet, but the code should handle it now. The one thing
that it cannot do, though, is differentiate the levels. It might be
nice to say:
ip{1}.src == 192.168.1.1 && ipx{2}.dst == 10.0.0.1
In the dfilter grammar I had left IPXNET variables out of the list
of variables that could be checked for existence. Now you can check
for the existence of ipx.srcnet and ipx.dstnet. Hurrah.
svn path=/trunk/; revision=608
that the only options that contain *no* length byte are the IP and TCP
EOL and NOP options so that we can treat unknown options as
VARIABLE_LENGTH with a minimum of 2, and at least be able to move on to
the next option by using the length in the option, rather than just
reporting the unknown option and processing no options after it.
svn path=/trunk/; revision=604
is pointed to by 'row_list_end', otherwise use 'g_list_nth()'" stuff
inside a macro.
Use that macro in place of an additional "g_list_nth()" call.
svn path=/trunk/; revision=603
filters by checking whether the structure pointed to by "cf->colors" has
a non-zero "num_of_filters", not a non-null "color_filters" (the latter
points to the CList widget holding the list of filters, and may be
non-null even if there currently aren't any filters).
svn path=/trunk/; revision=602
of option code, one octet of length (which includes the two option code
and length bytes), followed by 0 or more octets of option data, with
some options being fixed-length and some being variable-length. Put
some stuff from the PPP control protocol option parsing code into the
IP-and-TCP option parsing code, and use the latter instead of the
former.
(That code might also be usable for CDP as well, with some stuff added
to it.)
Shuffle the arguments to "dissect_ip_tcp_options()" to resemble those of
various other dissectors (i.e., with the "proto_tree *" at the end).
Add in code to dissect a pile of PPP options documented in various RFCs.
svn path=/trunk/; revision=601
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.
svn path=/trunk/; revision=596
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:
tr.sr
or by its negation:
!tr.sr
svn path=/trunk/; revision=591
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.
svn path=/trunk/; revision=589