shell. (This also arranges that the source to "idl2eth" - which is now
"idl2eth.sh" - not be deleted by "make clean").
Add "doc/idl2eth.pod" to the list of files in a source tarball.
svn path=/trunk/; revision=3940
the lists of source and generated files for plugins.
While we're at it, make all those lists show the files in the same
order.
svn path=/trunk/; revision=3888
Update Makefile.am and Makefile.nmake files to build it (although it's
not currently built by default; you have to do "make idl2eth.1" on UNIX,
and something similar on Windows.
Put a full copyright notice into "doc/Makefile.nmake", along with a
comment explaining why stuff depends on "../config.h". Also, add
"clean" rules to it to get rid of generated files for mergecap and
text2pcap documentation.
svn path=/trunk/; revision=3801
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
Throw a very small caltrop in the way of spam-harvesters, by replacing
"@" in e-mail addresses in the AUTHORS file and Ethereal man page with
"[AT]" (although I wouldn't be surprised to find that some of those
harvesters already know about that trick and "fix" those addresses so
you, too, can receive Valuable Information about Viagra, can-fail
Internet investment opportunities and stuff-envelopes-at-home jobs, and
cable descramblers).
Add a couple of items from the AUTHORS file to the Ethereal man page.
svn path=/trunk/; revision=3781
have two independent "value_string" tables mapping RFC 1700 address
family numbers to names, nor is there any need to have the BGP dissector
and the PIM dissector have two independent sets of #defines for RFC 1700
address family numbers; put a single "value_string" table in "afn.c" and
put a declaration of it, and #defines for the address family numbers,
into "afn.h", and have the dissectors use that.
Move the #define for PGM into "ipproto.h", and add an entry for it in
the "value_string" table in "ipproto.c".
Have the PGM dissector use the standard Ethereal mechanisms for
resolving addresses, and have it use "value_string" tables for mapping
option types, the OPX bits, and packet types to strings. Use
"bytes_to_str()" to turn byte arrays into strings of hex digits. Pass
the packet type string to "dissect_pgmopts()" as an argument, rather
than making it a global. Don't use "proto_tree_add_XXX_format" routines
if you can possibly just use "proto_tree_add_XXX"; give various fields
the correct radix and type, and VALS() strings if necessary, to make
that happen (and to make filtering on them more pleasant). Put the
type, length, and total length of the options into the protocol tree as
separate fields. Don't have separate type, length, and OPX fields for
every type of option; one field will suffice. Don't format a string
with "sprintf()" and then pass that string to "col_add_fstr()" with a
format of "%s" and the string as an argument - "col_add_fstr()" can
format strings itself (that's what the "f" stands for). Don't byte-swap
and then un-byte-swap IPv4 address fields in the header, just leave them
network byte order to start with. Use the correct fields for
"proto_tree_add_XXX", rather than using the same field multiple times.
Quit early if an address family identifier isn't AFNUM_INET, as that
means the structure we use to dissect the header doesn't match the
actual header.
svn path=/trunk/; revision=3761
in the list of files in the distribution.
Make "doc" one of the subdirectories; this lets us remove
"doc/Makefile.in" from EXTRA_DIST, and might also ensure that stuff gets
rebuilt in that directory when it changes (for example, I don't know
whether "make dist" would have automatically rebuilt "doc/Makefile.in"
without "doc" being in the SUBDIRS list; if not, that might explain why
"doc/Makefile.in" didn't include rules for the mergecap man page in the
0.8.19 tarball).
svn path=/trunk/; revision=3735
files that might be left over from a UNIX build, so that they'll be
reconstructed from the "config.h.win32" files on a Windows build.
(If you have "config.h" files left over from a UNIX build, the Windows
build will fail.)
Update "README.win32" to mention "cleanbld.bat", and to correctly list
the files generated using tools that don't come with Windows or MSVC++.
Also note that some of them can't be built on UNIX systems.
svn path=/trunk/; revision=3713
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
files. See text2pcap.1 (built from doc/text2pcap.pod) for details.
Changed 'tethereal -x' output to match hex dump format of text2pcap,
Ethereal and others.
svn path=/trunk/; revision=3421
version of automake (which will probably eventually become the next
release of automake) - it assumes variables that end with _SOURCES are
of the form "target_SOURCES", where "target" must be a target that the
Makefile builds.
Rename "DISSECTOR_SOURCES" to "DISSECTOR_SRC" in "Makefile.nmake", as
well, so that part of "Makefile.nmake" exactly matches that part of
"Makefile.am".
svn path=/trunk/; revision=3408
Perl script that generates them, so that if we have to change those
fields we can do so more conveniently.
Remove the generated header files from CVS, and arrange that we generate
them when we do a build.
svn path=/trunk/; revision=3341
binaries, so users only need to make sure they have that version
installed in order to have Ethereal (and tcpdump, and snort, and so on)
accept "lanN"-style names (i.e., names of the sort reported by lanscan
and handled by ifconfig), rather than "dlpiN".
Get rid of the patches to update libpcap, get rid of the discussion in
"README.hpux" of patching libpcap and just say "get 0.6.2", and make the
notes on HP-UX kernel patches to fix problems with capturing outgoing
packets a separate item in the list of items in "README.hpux".
Also update the error messages Ethereal and Tethereal display if they
can't open a device and the error is "can't find PPA for XXX" to say
"get 0.6.2" rather than "patch libpcap and recompile.
svn path=/trunk/; revision=3288
That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
respectively, not Q.931 and Q.2931, in Frame Relay.
When dissecting Q.933-style multiprotocol encapsulated Frame Relay
frames, use the "osinl" dissector table to check for OSI network layer
protocols, include the NLPID in the tvbuff you hand to
"dissector_try_port()" with that dissector table, and put the NLPID into
the protocol tree as an invisible item - the NLPID is considered part of
the PDU for those protocols, so you have to include it in the tvbuff,
and the dissector will put it into the protocol tree.
Also, make sure the top-level entry for the Frame Relay protocol
includes all the bytes preceding the payload, and none of the payload
bytes.
Export a routine to do Q.933-style dissection, and have the WCP
dissector call it, rather than duplicating that code in the WCP
dissector.
Don't register OSI network layer protocols with the "fr.ietf" dissector
table; it's now sufficient to register them with the "osinl" dissector
table, as the Frame Relay dissector now checks that.
Get rid of unnecessary checks for protocols being enabled (if the
dissector is always called through handles or dissector tables, the
common code for handles and dissector tables will do the checks for
you).
Get rid of some unnecessary #includes.
svn path=/trunk/; revision=3211
as, on a large capture, it could take a significant amount of time.
Let the user stop the computation and, if they do, don't pop up the
statistics dialog box.
Create a new header file declaring the routines to create, update, and
destroy progress dialog boxes; those routines' APIs don't depend on
GTK+, but others declared in "ui_util.h" do, and we don't want to oblige
a source file to depend on GTK+ headers unless it uses a GTK+ API or an
API that depends on GTK+.
svn path=/trunk/; revision=3179
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
into a "packet-smb-browse.h" header file, and have modules that import
those routines include "packet-smb-browse.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-logon.c".
Make routines and arrays not exported static, and make routines that
return a true/false return value "gboolean" rather than "guint32".
svn path=/trunk/; revision=3147
Move the declaration of routines exported from "packet-smb-mailslot.c"
into a "packet-smb-mailslot.h" header file, and have modules that import
those routines include "packet-smb-mailslot.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-pipe.c". Make routines not exported static, and make
routines that return a true/false return value "gboolean" rather than
"guint32".
svn path=/trunk/; revision=3146
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
can now handle that; this allows us to register both the modulo-8 and
the modulo-128 versions of various X.25 bitfields with "x.25.XXX" names,
which lets us get rid of the "ex.25" protocol stuff completely and use
"x.25" for both modulo-8 and modulo-128 X.25. Do so. (Also, fix up
some cases where we appeared to be using the modulo-8 fields when
dissecting modulo-128 X.25.)
This, in turn, allows us to register the X.25 dissector, as there's now
only one protocol with which it's associated, and make it static and
have it called only through a handle, and to, when registering it with
the "llc.dsap" dissector table, associate it with "proto_x25".
That, in turn, allows us to get rid of the "CHECK_DISPLAY_AS_DATA()"
calls, and the code to set "pinfo->current_proto", in the X.25
dissector.
The code for the display filter expression dialog would, if there are
two fields with the same name registered under a protocol, list both of
them; have it list only one of them - the fields should have the same
type, the same radix, and the same value_string/true_false_string table
if any (if they don't, they're really not the same field...).
svn path=/trunk/; revision=3023
length field rather than an Ethernet type field) into a
"dissect_802_3()" routine.
In that routine, catch exceptions thrown by the IPX or LLC dissector or
dissectors under them, so that the trailer information is added to the
tree even if an exception is thrown (similar to what "ethertype()"
does).
svn path=/trunk/; revision=3002
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
not kill the goat with the *correct* sort of knife, on the *correct*
altar, and drink its blood from the *correct* goblet at the *correct*
temperature, he will wreak his revenge, perhaps, for example, causing
all your crops to sprout bearing bright green and pink polka-dots.
Add an extra 3 microns to the tip of the blade, so that the Automake God
will not be angry and fail to generate rules to install man pages. (It
would have been nice had the sacred scrolls described that particular
incantation, but so it goes....)
While we're at it, get rid of "EXTRA_MANS"; it doesn't appear to be
necessary (but such hubris may, of course, bring down the wrath of the
Automake God upon me - you can't just get rid of EXTRA_PROGRAMS, for
example, as the Automake God then forgets how to handle "ethereal_LDADD"
and the like - although in a test run the generated Makefile.in didn't
*appear* to have anything missing other than a definition of EXTRA_MANS,
which it didn't use and so presumably wouldn't miss).
svn path=/trunk/; revision=2900
dissectors for protcools that can be encapsulated inside GRE in that
table.
Fix a bug in the handling of WCCPv2 IP encapsulation (it was
constructing the next tvbuff before, rather than after, advancing the
offset past the redirection header).
svn path=/trunk/; revision=2893
script 'make-reg-dotc'. It is used only in the Win32 build because the
make-reg-dotc shell script is *so* sloooooooooow on Win32, due to the
multiple processes (grep, grep, sed) launched multiple times for each
source file. By putting all the text-mangling logic into a single Python
script, only one process is launched, and the source files are read
only once. It's *a lot* faster... seconds instead of minutes.
svn path=/trunk/; revision=2873
register their port as being for XXX-over-HTTP; the HTTP dissector
registers that port in the "tcp.port" table as an HTTP port, and
registers it in its *own* table with the dissector and protocol provided
to it.
Parse the HTTP MIME headers regardless of whether we're building a
protocol tree or not; we have to do so in order to find the offset of
the payload, to hand to an XXX-over-HTTP dissector.
svn path=/trunk/; revision=2872
its own; it's used not only by LLC, but by Frame Relay with RFC 2427 and
ATM with RFC 2684.
Support for RFC 2427-encapsulation Frame Relay packets, from Paul
Ionescu.
Get rid of the CISCO_IP PPP protocol type - Cisco HDLC uses, in most
cases, Ethernet packet types, so use ETHERTYPE_IP instead (they're both
0x0800).
svn path=/trunk/; revision=2854
Fix the GRE dissector to call subdissectors regardless of whether a full
protocol tree dissection is being done or not.
svn path=/trunk/; revision=2842
Add a new subdissector table in the LLC dissector for protocol IDs with
a Cisco OUI, and register the CDP, CGMP, and VTMP dissectors in that
table, rather than calling them via a switch statement.
Register the ISL dissector by name, and have the Ethernet dissector call
it via a handle.
Fix the handling of the checksum field in the CDP dissector.
The strings in CDP are counted, not null-terminated; treat them as such.
Fix the handling of the encapsulated frame CRC, and the encapsulated
frame, in the ISL dissector, at least for Ethernet frames; it may not be
correct for encapsulated Token Ring frames.
svn path=/trunk/; revision=2792
Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.
Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.
Dissect a bit more of the type-of-service metrics etc. in OSPF packets.
Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.
Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()". Use it instead of just subtracting an offset
from "tvb_reported_length()".
svn path=/trunk/; revision=2787
"asn1_string_value_decode()", as it can be used for various character
string types as well.
Turn "asn1_octet_string_decode()" into "asn1_string_decode()", which
takes an additional argument giving the tag expected for the string in
question, and make "asn1_octet_string_decode()" a wrapper around it.
Clean up the ASN.1 dissection in the Kerberos dissector, making more use
of the code in "asn1.c", wrapping more operations up in macros, and
doing some more type checking.
Use "REP" rather than "RESP" in names and strings; "REP" is what the
Kerberos spec uses.
Make the routines in the Kerberos dissector not used outside that
dissector static.
Fix some problems with the dissection of strings in the Kerberos
dissector (it was extracting the data from the wrong place in the
packet).
In Kerberos V5, the "kvno" item in the EncryptedData type is optional;
treat it as such.
Treat integers as unsigned in the Kerberos dissector.
svn path=/trunk/; revision=2777
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
handle and call it through the handle. Make it static; this renders
"packet-nbipx.h" unnecessary.
Get rid of the "tvb_compat()" call in the IPX dissector - it calls all
dissectors through handles or lookup tables, and thus any
backwards-compatibility stuff is done by the code in libethereal.
svn path=/trunk/; revision=2735
It registers the same dissector for the LDP port for both TCP and UDP.
Still a lot of work to do, but we can see the header now.
svn path=/trunk/; revision=2714
dissect_fddi_not_bitswapped() and dissect_fddi_bitswapped(), both of which
use the standard 3-argument tvbuffified-dissector argument list.
Add a dissector table called "wtap_encap" which is used to call dissectors
from dissect_frame(). The switch() statement from this top-level dissector
is removed.
The link-layer dissectors register themselves with the "wtap_encap"
dissector table. The dissectors are now static where possible.
svn path=/trunk/; revision=2708
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
"packet-clnp.h" no longer exports anything, so remove it.
Have the X.25 dissector call subdissectors through dissector handles
(now that all the dissectors it uses are registered by name).
svn path=/trunk/; revision=2668
the BSD AF_ type values it uses into an "aftypes.h" header file for
dissectors that register themselves in that dissector table include.
svn path=/trunk/; revision=2653
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
being a global function.
The HTTP dissector should set "pinfo->current_proto" to HTTP even if we
consider the packet to be IPP, so that if we run past the end of a
tvbuff while dissecting HTTP stuff it's reported as a problem with HTTP,
not IPP.
svn path=/trunk/; revision=2648
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
source *and* destination port and/or both the source *and* destination
address passed to "find_conversation()", because the packet for which
you're trying to find the conversation may be going in the opposite
direction to the packet for which the conversation was originally
created.
Create different hash tables for wildcarded conversations, to reduce the
number of "is this a wildcard?" tests done when doing hash lookups.
This is sufficient to allow the TFTP dissector to use conversations
rather than being special-cased in the UDP dissector, and may also be
sufficient to handle a similar problem with SMTP (request goes from
client IP X port Y to server IP Z's well-known port, reply comes back
from some other port on server Z to client IP X port Y), but further use
may reveal other changes that should be made.
svn path=/trunk/; revision=2525
starting with "epan_", change the name of the library from libepan.a to
libethereal.a, and from libepan.lib to ethereal.lib.
svn path=/trunk/; revision=2492
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478
This needs some additional parts, and points to the
need for a dissector for the ident protocol, but I want to
try to automatically generate that ...
svn path=/trunk/; revision=2301
Porting and Archive Centre site.
Warn in the very beginning of that file that libpcap may not work very
well without patches. Give patches to libpcap for:
vanilla LBL libpcap 0.4
vanilla tcpdump.org libpcap 0.5
libpcap 0.4 from the HP-UX Porting and Archive Centre (which is
the only version that includes configure-script changes to work
with HP's C compiler as well as GCC)
and put them in files separate from "README.hpux" (to make it easier for
users to apply the patches).
Make those versions of the patch give a slightly different error message
if libpcap fails to find the PPA for the device, to make it easier to
figure out if the user reporting a problem with HP-UX capture has a
patched version of libpcap or not (so that we know whether the problem
may just be that they're using an unmodified libpcap, or if they're
running a patched version and that patch needs more work, e.g. to look
at devices other than just "/dev/dlpi").
Give information on how to find "patch", warn that probably only the
HP-UX Porting and Archive Centre version will work with the HP C
compiler, warn that applying a version of the patch other than the one
for the particular version of libpcap you've downloaded will probably
not work, and warn that you need to download source to libpcap in order
to do any of this in the first place.
(The current libpcap CVS tree at tcpdump.org has this patch in it, so
the next release of libpcap from tcpdump.org should have it; hopefully
the HP-UX Porting and Archive Centre will switch to that version when it
comes out, and people will just be able to push a few buttons to get an
Ethereal that works on HP-UX.)
svn path=/trunk/; revision=2264
a framework for the dissector; of the more than 400 NCP packet types, only
a handful are defined. But this dissector framework is much better than
the previous one.
svn path=/trunk/; revision=2173
Guy Harris