Correct number of addresses shown in dataframes.
Duration ID changed to "Association ID" in power-save polls
Added sequence and fragment numbers.
Corrected representation of frame-control flags.
Added dissection of data frames with piggybacked CF-Ack, Poll but no
data.
Cleaned up code a bit (mostly empty lines)...
svn path=/trunk/; revision=2964
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2955
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2954
that button doesn't undo edits you've made to the list of filters it's
displaying.
Don't show an "OK" button if the dialog isn't attached to a text entry
box, as the "OK" button means "enter the current filter into the
attached text entry box, and close the dialog", and if there *is* no
attached text entry box, "OK" doesn't do what you might expect (it's
equivalent to "Close").
svn path=/trunk/; revision=2952
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2951
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2950
plugins, as the MGCP dissector uses it.
Don't set pointers to "dfilter_init()" and "dfilter_cleanup()" in that
transfer vector, as there *aren't* any pointers to them in the transfer
vector.
svn path=/trunk/; revision=2949
use the capture filter lists, and others use the display filter list, as
appropriate.
Have separate menu items for editing the capture and display filter
lists.
Have separate "~/.ethereal/cfilters" and "~/.ethereal/dfilters" files
for the two lists; if either of those files isn't found, we try
"~/.ethereal/filters", which means that you will start out with two
identical lists holding all your filters - if certain filters belong
only in one list, you'll have to delete them by hand from the other
list.
Do I/O error checking when reading and writing filter lists; when
writing a filter list, write it to a new file, and then rename the new
file on top of the old file, so that you don't lose your old filter list
if, for example, you run out of disk space or disk quota.
svn path=/trunk/; revision=2948
either with a table of old-style dissectors or a table of tvbuffified
dissectors, and have the RPC dissector pass the appropriate arguments to
the dissectors.
Finish tvbuffifying the NLM dissector, getting rid of the last traces of
old-style dissector code.
In those routines in the NFS dissector that take new-style arguments
(because they're called from the NLM dissector), make them take an
offset as an argument, so they don't assume that they're handed a tvbuff
starting at the stuff they're supposed to dissect, and make the versions
that take old-style arguments construct a tvbuff and call the versions
that take new-style arguments. Do the latter with the routines in
"packet-rpc.c" as well.
svn path=/trunk/; revision=2943
HAVE_XXX_H if xxx.h is present, but doesn't recognize AC_CHECK_HEADER as
such, and thus doesn't put anything about HAVE_XXX_H into "config.h.in",
and thus HAVE_XXX_H doesn't get defined even if xxx.h is present.
svn path=/trunk/; revision=2942
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
(We really need to put in some rudimentary 64-bit integer support, for
the benefit of platforms+compilers that don't support it; the
floating-point calculations we're doing now appear not to get exactly
the right answer, from an experiment at reading a NetMon 2.x file and
writing it back out as NetMon 2.x with editcap.)
svn path=/trunk/; revision=2939
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
"Tvbuffify" the Mobile IP dissector (it took old-style arguments, and
then converted them into tvbuff arguments, so there wasn't much to do,
other than to fix references to "fd" to refer to "pinfo->fd").
In the SCTP dissector, refer to the port type and source and destination
ports through "pinfo" rather than through the global "pi", as it's a
tvbuffified dissector.
In the SMTP and Time Protocol dissectors, use "pinfo->match_port" rather
than "TCP_PORT_SMTP" when checking whether the packet is a request or
reply, just in case somebody makes a non-standard port be dissected as
SMTP or Time. (Also, remove a bogus comment from the Time dissector; it
was probably cut-and-pasted from the TFTP dissector.)
svn path=/trunk/; revision=2938
Digital^H^H^H^H^H^H^HTru64 UNIX, but make the note about DU 3.2 a bit
speculative (I don't have 3.2 documentation handy to check whether, for
example, you can use "doconfig" interactively).
Add a note about using "doconfig" interactively - the Tru64 UNIX FAQ
mentions that in its not on using tcpdump.
Expand on the discussion of "pfconfig" to explain that you're also
enabling "local copy" mode, and to mention the "-a" option to let you
enable local copy and promiscuous mode on all devices, and to explain
*why* you want to enable local copy and promiscuous mode. Also, in the
example pfconfig command, put the network device name at the end - the
Tru64 UNIX FAQ, and the pfconfig man page, both put it there.
svn path=/trunk/; revision=2937
delete event on that window, revert all the protocol enabling settings
to the values they had when the dialog box was first popped up.
svn path=/trunk/; revision=2934
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
svn path=/trunk/; revision=2932
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
we might want to give them different blurbs at some point (the
filter-expression construction dialog currently shows both of them as
just "Universal Address"; it'd have to somehow use the blurb if we
wanted to make it obvious what they are).
svn path=/trunk/; revision=2930
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Make the IP dissector static, as it's called only via dissector tables
or dissector handles. Also make the "dissect the TOS field as the
DiffServ DS field" flag static, as it's not referred to outside of
"packet-ip.c".
In the NCP dissector, refer to the port type through "pinfo" rather than
through the global "pi", as it's a tvbuffified dissector.
svn path=/trunk/; revision=2929
statements.
Move the setting of the Protocol column in the Appletalk ARP and IPX
dissectors before anything is fetched from the packet, and also clear
the Info column at that point in those and some other dissectors, so
that if an exception is thrown, the columns don't reflect the previous
protocol.
Fix the registration of the IPX RIP dissector to use the right protocol
ID.
svn path=/trunk/; revision=2928
"pinfo->current_proto", in dissectors always called through dissector
tables and handles.
Make the IEEE 802.11 dissector static, as it's not called externally.
Clear the Info column in the Linux cooked capture and 802.1q VLAN
dissectors, before extracting anything from the packet, so that if an
exception is thrown, the Info column doesn't reflect the previous
protocol.
Don't extract the encapsulated protocol in the VLAN dissector until you
use it, so that if the frame contains the VLAN ID but not the
encapsulated protocol, we at least put the VLAN ID into the protocol
tree.
svn path=/trunk/; revision=2927
"pinfo->current_proto"; dissectors called only through dissector tables
and handles don't need to do either of those, as the dissector table and
handle code will do it for them. (Dissectors called directly, or
dissectors that can be attached to conversations, still have to do it
themselves.)
Register the PPP Multilink Protocol, PPP Link Control Protocol, and PPP
IP Control Protocol as official protocols, and register them in PPP's
dissector table rather than having PPP handle them specially; change
"dissect_cp()" to take a protocol ID, get the protocol short name
information from it, and use the protocol ID for the top-level protocol
tree item.
Set the Protocol column in the PPP Multilink Protocol dissector, and set
the Info column before extracting anything from the frame, so that if an
exception is thrown, the Info and Protocol columns will reflect that the
packet is supposed to be a PPP Multilink Protocol frame.
Make the "First fragment" and "Last fragment" flags in the PPP Multilink
Protocol header boolean bitfields, and let "proto_tree_add_boolean()" do
all the heavy lifting when displaying them, rather than doing it by
hand.
Don't extract the sequence number in the PPP Multilink Protocol until
you're ready to put it into the tree, just in case the captured packet
includes the flags but not the sequence number.
Clean up the code to check the FCS of PPP frames - extract it with
"tvb_get_letohs()" or "tvb_get_letohl()", don't extract it byte-by-byte
and then put it together yourself.
svn path=/trunk/; revision=2926
selection change event on the list of filters. Unfortunately, this can
happen after some other widgets in that dialog box have already been
destroyed - including some of the widgets that such a selection change
event can change.
This sometimes happened when "filter_prefs_delete()" hadn't been called,
so the mechanism we had been using, with a Boolean datum attached to the
dialog box, set in "filter_prefs_delete()" before we actually destroy
the dialog box, wasn't sufficient to keep that from happening.
Attach to the top-level window data items containing pointers to the
widgets changed when a filter is selected from the list, give each of
those widgets their own destroy callbacks, clear the pointer attached to
the top-level widget when the widget is destroyed, and don't do anything
to the widget when a filter is selected from the list if the pointer for
that widget is null, as that means the widget's been destroyed and we
*can't* do anything to it.
Not all filter editing dialogs created on behalf of a "Filter:" button
next to a text entry box should, when you click "OK", activate the text
entry box; if the text entry box is part of a dialog box with multiple
widgets, the user might not have filled in all of the items in that
dialog box, so you shouldn't activate it for them. Add a mechanism by
which, when creating a filter editing dialog box, you can specify
whether the "OK" button should just fill in the text entry box or should
fill it in and also activate it.
svn path=/trunk/; revision=2922
just NLM v1 plus some stuff for use by DOS/Windows clients, according to
The Open Group's "XNFS, Version 3W" ("This document describes version 3
which is backward compatible with versions 1 and 2."); copy the NLM v1
table of dissectors to the tables for NLM v2 and NLM v3.
Mark all procedures for which we lack reply dissectors and for which
there *is* a reply type, or for which we lack call dissectors and for
which there is a call type, with /* XXX */.
svn path=/trunk/; revision=2921
which includes the NLM spec.
Fix a comment to reflect what a null function pointer in a "vsff" table
really means.
Make the "nlm<N>_proc" arrays static.
Fill in the reply dissector pointers for some entries, and flag some of
those that need to be filled in with /* XXX */.
svn path=/trunk/; revision=2918
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
