error message and quit if the user tries to use ring buffering with
another capture file format, and put a note about that in the Tethereal
man page.
svn path=/trunk/; revision=4615
support for the "b" descriptor item in data, for pointers that point to
arrays of bytes - the descriptor item includes a byte count giving the
number of bytes in the array.
Handle the "logon hours" bitmask in that fashion.
Sometimes it appears that -1 means "unknown", and sometimes it appears
that 0 means "unknown", for the last logoff date/time; interpret both of
them as "unknown" (or "never").
svn path=/trunk/; revision=4612
wrong type.
Don't have routines that create subtrees for the data in a RAP reply -
just have a string for the name to give the subtree. Create the subtree
iff the reply has an entry count; if there's no name, use "Entries", and
if there's no ett_ value for it, use a generic one.
If there's no routine to create a subtreee for an entry in a RAP reply,
don't create the subtree - some entries have only one member, so there's
no point in creating a subtree for them. Provide an ett_ value to use
if we don't know what the entry looks like.
Properly terminate "lm_null_list[]".
Fix the tables for the NetUserGetInfo API.
Add tables for the NetUserGetGroups API.
Add #defines and names for all the APIs in the SNIA CIFS spec (but fix
up some of the names to reflect what the actual API names appear to be).
Display the RAP API number in decimal, not hex, for unknown APIs.
Use the right hf_ value when displaying the auxiliary data descriptor.
svn path=/trunk/; revision=4611
"Large Serial Number" as a 64-bit little-endian integer, and dissect the
"NT Date/Time" as a FILETIME by calling "dissect_smb_64bit_time()".
Export "dissect_smb_64bit_time()" so that we can do so.
svn path=/trunk/; revision=4609
NetMon 2.0; I don't have any ATM captures *from* NetMon to try it on, so
I don't know what significance the "destination address" and "source
address" fields have, but we can at least read the captures we ourselves
write out, as can NetMon).
svn path=/trunk/; revision=4606
arguments to "proto_tree_add_text()", and to "proto_tree_add_XXX()" calls
that add FT_NONE or FT_PROTO items to the protocol tree, with -1.
Replace some calls to "tvb_length()" or "tvb_length_remaining()" with
calls to "tvb_reported_length()" and "tvb_reported_length_remaining()",
as those give the actual length of the data in the packet, not just the
data that happened to be captured.
svn path=/trunk/; revision=4605
that EtherPeek for Windows uses the same format as EtherPeek for MacOS,
so the code isn't specific to the MacOS version.
Check the physMedium value in the secondary header, and leave a
placeholder for a value of 1, which is presumably used in AiroPeek
captures.
Treat unknown mediaType and physMedium values as indications that we
don't have a *Peek file, not as unsupported *Peek files - we need all
the heuristics we can get.
svn path=/trunk/; revision=4601
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
The original checkinstall assumed /usr/local as the GTK+ install
install directory even if an alternate directory directory was
specified when configure was run. checkinstall now checks for
GTK+ in the configured directory and punts (checks if gtk-config
is in the path) if it doesn't find GTK+ in the configured
location.
svn path=/trunk/; revision=4595
- Upgrade to version draft-09 of the iSCSI protocol (compatibility
to draft-08 can be selected at compile time)
- Bug fix so that now the the 16 bit length that prefixes sense data
is taken into account.
svn path=/trunk/; revision=4591
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4588
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4587
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
"--define", we now build the RPM and SRPM packages in packages/rpm.
As a result, one need not be root to build RPM-based packages.
Move the specfile to packaging/rpm/SPECS.
Update the INSTALL document to include the various packaging makefile
targets.
svn path=/trunk/; revision=4581
put a CRC32C checksum into the header of SCTP packets;
add a new "-S" option that is similar to "-s" but that also
includes the DATA chunk header, for input files that contain
only SCTP payloads.
svn path=/trunk/; revision=4580
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
lets us add tooltips to other preference items whose widgets are created
with the "create_preference_XXX()" routines - just pass in a tooltip
text string rather than a null pointer.)
svn path=/trunk/; revision=4577
get rid of some dead code;
get rid of some unnecessary initializations of variables that
are set in all code paths;
get rid of some set-but-not-used variables;
if the data runs past the end of the tvbuff, throw the
appropriate exception, to stop the dissection and appropriately
mark the frame, after putting in the item for the truncated
data.
svn path=/trunk/; revision=4576
a fragment unless we've captured all the data in the fragment and (in
IPv4 and CLNP) it has a valid checksum, so that if the first fragment is
a short frame or a frame with an invalid checksum, we'll treat it as if
reassembly weren't enabled, and will dissect what data we have in it,
rather than not dissecting *any* of the fragments above the IP/CLNP
layer.
svn path=/trunk/; revision=4575
the end of the data in the packet, so we don't need to do those checks
in the callers of those routines - and thus don't need to do those
checks in the callers of *those* routines.
svn path=/trunk/; revision=4574
tree item for the entire array the amount of captured data remaining in
the tvbuff, rather than 0, so that if we run out of captured data and
throw an exception, the length is correct.
svn path=/trunk/; revision=4573
means *no* top-level tree item if we don't find any NDMP PDUs).
Check for desegmentation before checking anything else, so that we don't
fail to desegment merely because we have, for example, only the record
marker in the first TCP segment (I've seen a capture where the first TCP
segment of an NDMP message has only the record marker).
svn path=/trunk/; revision=4572
desegmentation even though we don't know whether the checksum is valid).
I've seen packets with bad TCP checksums in Solaris network traces, but
the traffic appears to indicate that the packet *was* received; I
suspect the packets were sent by the host on which the capture was being
done, on a network interface to which checksumming was offloaded, so
that DLPI supplied an un-checksummed packet to the capture program but a
checksummed packet got put onto the wire.
svn path=/trunk/; revision=4571
other protocols running atop TCP (and which should be the case for *all*
of them, if it isn't so already; there's already a flag to control
desegmentation in TCP, and it should, by default, be possible to turn
that on and get desegmentation of all protocols).
svn path=/trunk/; revision=4568