Since this value has no human readable meaning it should be displayed in HEX only but make ethereal also display the "wrong" base to enhance human compatibility.
svn path=/trunk/; revision=7471
The reason for doing this is to allow a user to pick RPC as a protocol offered
by DecodeAs...
Why:
If ethereal has tcp-reseembly enabled, the heuristic dissector for rpc will not even attempt to find RPC packets.
If no PORTMAPPER/GETPORT are available either in the capture there is
currently no way for ethereal to know/learn that the conversation is ONC-RPC.
This at least will allow users to manually tell ethereal that such a conversation is ONC-RPC.
svn path=/trunk/; revision=7470
Add Response-Time statistics for each known mgcp message-type.
Fix a few bugs and remove trailing whitespace.
Use "gdouble" for printing time-values and calculating the
average. It is easier to use and shouldn't overflow on big
trace files like "guint32".
Move some functions for time statistics into the new file
timestats.c in the main directory. This code may be useful in
the rpc and smb rtt-taps as well.
svn path=/trunk/; revision=7469
and 2 function codes for Modbus/TCP, plus some bug fixes.
Use value_string tables to map function codes and exception codes to
strings.
svn path=/trunk/; revision=7468
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
Don't use "proto_tree_add_uint_format()" for the source and destination
reference fields, use "proto_tree_add_uint()". Rename the field to make
that work.
Shuffle some stuff around to clean it up.
svn path=/trunk/; revision=7464
fragmented.
"PFC_NOT_FRAGMENTED()" is checked early in "dissect_dcerpc_cn_stub()";
there's no need to check it again in either of the code paths after
that, as we know it's true in the first code path and false in the second.
svn path=/trunk/; revision=7460
reassembly. (Perhaps we *shouldn't* see reassembly in progress in both
directions, if the protocol is purely request/response, but that doesn't
mean you won't see it in a capture, due to bugs or dropped packets
or....)
svn path=/trunk/; revision=7457
read/write data that might, or might not, be DCE RPC information on a
pipe, and use that routine rather than duplicating similar code in
multiple places.
svn path=/trunk/; revision=7455
To test whether a single bit is set, just do "if (mode&bit)", not
"if ((mode&bit)==bit)".
In the places where read and write data is processed, have both a
comment indicating that it's file data and that you can transport DCERPC
over SMB just with reads and writes, to indicate why we may call the
DCERPC-over-a-pipe dissector.
svn path=/trunk/; revision=7450
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
svn path=/trunk/; revision=7449
Don't print Cavebear skipped - it makes the output unusable.
manuf.tmpl:
Remove entries that overwrite identical or similar results from IEEE
manuf:
Rebuild to reflect the changes in manuf.tmpl and add some new IEEE
entries.
svn path=/trunk/; revision=7447
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
svn path=/trunk/; revision=7445
"End-of-Connection Acknolwedgment") have none of the connection control
bits set; describe them as "Data, No Ack Required" rather than
"Unknown".
svn path=/trunk/; revision=7443
two packets have the same sequence number; use the sequence number in
the hash key.
The sequence number is not incremented for system packets, and system
packets probably don't get ACKed and thus presumably don't get
retransmitted, so don't do retransmission checks for system packets.
svn path=/trunk/; revision=7442
a retransmitted SPX frame, just put the number of the original frame in
as an item not referring to any data (offset and length of 0), and, if
there is any remaining data, put it into the tree as a separate item.
svn path=/trunk/; revision=7440
PDU, just append the message type acronym to the column, so you can see
the message types for all the messages in the frame.
svn path=/trunk/; revision=7439
Make the dissector decode the first two bytes of the security descriptor as
one byte for the revision and the second byte as nothing/should be zero.
svn path=/trunk/; revision=7436
header be filterable fields.
Don't hand retransmitted SPX frames to subdissectors - just show the
payload as a retransmission of the original frame.
Instead of handing a retransmission indicator to SPX subdissectors, hand
them a structure containing the datastream type (under the assumption
that it's data for the protocol running atop SPX, and that the dissector
for that protocol might use it) and the state of the end-of-message bit
(under the assumption that it's data for the protocol running atop SPX).
svn path=/trunk/; revision=7433
frames that are retransmissions a data structure containing the frame
number of the original frame, and pass that to subdissectors (or, if not
present, pass NULL).
That means we can free the hash values when we're done with the first
pass through the packets.
svn path=/trunk/; revision=7432
WriteAndX request should have a full complement of word parameters, but,
just in cast it doesn't....
(Should we somehow arrange to throw an exception if there aren't enough
word or byte parameters in SMBs, i.e. impose a minimum in some cases?)
svn path=/trunk/; revision=7430
If both mode bits MessageStart and WriteRaw are set, then the first two bytes of the byte-field is the total length of the data written to the pipe.
svn path=/trunk/; revision=7428
This field gets set to the frame number when this pdu was first completely reassembled.
This is useful since it will allow us to do reassembly properly in say packet-ip.c
instead of printing the full pdu for every fragment and thus making NFSoverUDP rpc-rtt statistics less than useful.
A dissector using fragment_add() can tehn choose to only dissect the reassembled PDU only for the frame where it was first reassembled.
svn path=/trunk/; revision=7427
calling "tcp_dissect_pdus()", so that if we don't have the final segment
of a multi-segment packet, we don't change the columns or put in an
empty protocol tree item for NDPS.
Rename "ndps.desegment_ndps" to "ndps.desegment_tcp" - the "ndps." is
sufficient to indicate that it's for desegmenting NDPS, but we now have
a flag for desegmenting NDPS-over-SPX, so we should indicate that the
other flag is for desegmenting NDPS-over-TCP.
svn path=/trunk/; revision=7425
Sometimes printed a \n too much
manuf.tmpl:
Remove most manual Mappings to Cisco because that's what gets used
anyway (all except Racal and Newpoint)
manuf:
Update to represent changes in make-manuf, manuf.tmpl and IEEE
svn path=/trunk/; revision=7422