Put in a comment noting that the payload of EAPOL Encapsulated ASF Alert
messages should perhaps be dissected as SNMP Trap messages.
Put the type of the message into the Info column.
svn path=/trunk/; revision=4789
Give the type field a value_string array, and use that field when
putting the type into the protocol tree.
Display the data under the EAPOL tree, as it's part of the EAPOL PDU.
Just use "next_tvb" as the tvbuff for the data; don't create a new one
that, the different fourth argument to "tvb_new_subset()"
nonwithstanding, refers to the same data as "next_tvb".
Call the EAP dissector through a handle.
Nobody directly calls the EAP dissector any more, they all call it
through handles; make it static.
svn path=/trunk/; revision=4787
when dissecting messages over TCP, so that an error in one message
doesn't stop us from dissecting the next message in the segment, if any.
Put an XXX comment before the code that constructs the tvbuff for each
message inside a TCP segment, noting that we really want tvbuffs to have
three lengths and to have a new type of exception thrown if you go past
the second length but not past the reported length.
svn path=/trunk/; revision=4782
Add more type values for EAP.
Fix off-by-one bug when displaying Code of EAP message.
Get rid of an unnecessary "volatile".
Give the code and type fields value_string arrays, and use them when
putting the code and type into the protocol tree.
Base the decision of whether to put the type field into the tree on the
request code, not on the length of the packet.
Display the Type-Data field, under that name, under the EAP tree, as
it's part of the EAP PDU.
svn path=/trunk/; revision=4779
packets per segment.
Instead of having a routine for dissectors such as the Q.931 dissector
to call to dissect the TPKT header, have a routine that does all the
reassembly and multiple-packets-per-segment work, and have the Q.931
dissector call it. Export "is_tpkt()", and the new routine, to plugins.
Add preferences for TPKT and Q.931 reassembly.
svn path=/trunk/; revision=4778
across segment boundaries and to, for each DNS-over-TCP PDU, create a
tvbuff containing the header and the body of the PDU, handing that to
the DNS PDU dissector.
svn path=/trunk/; revision=4776
support for Openwave-specific WSP headers;
support for Openwave-specific field names;
support for additional content types from Openwave;
support for additional language values.
svn path=/trunk/; revision=4775
how many bytes remain in the packet starting at the initial offset of
the tagged parameters, not by seeing how many bytes remain in the packet
starting 4 bytes later. (If you're trying to avoid counting a CRC that
appears at the end of the packet data, then you need to be sure there
*is* a CRC first; this may require using a different DLT_ type, in
libpcap, for those captures.)
svn path=/trunk/; revision=4769
and using gdb, extract the packet that was being dissected when the
core file was created. It works in simple cases; it will probably
fail in many other cases. Right now it only creates libpcap files, and uses
text2pcap to do so.
svn path=/trunk/; revision=4767
remembers SMBs for request/response matching, and make sure the request
and the response have the same type (or that the response has a
different type but is a valid response to the request).
svn path=/trunk/; revision=4763
call is a "ypreq_key"; the argument appears to be a "ypreq_nokey"
instead.
The response to an ALL call isn't a single item, it's a sequence of
items - all but the last item has the "more" field true, the last has it
false. Show all the items.
svn path=/trunk/; revision=4762
as raw TCP segment data under the TCP protocol tree item, rather than as
a top-level data item - and do so even for the last of the segments
reassembled into that packet.
svn path=/trunk/; revision=4754
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
argument, so if the length was supplied as -1, it can set it to the
length of data remaining in the tvbuff, so that its callers can use that
length when getting the value for the field, rather than leaving the
length in the "field_info" structure as -1.
svn path=/trunk/; revision=4752
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
"UcpHandleString(hf_ucp_parm_NT);" - the field really is one character
long, as per the (correct) change from FT_STRING to FT_UINT8.
svn path=/trunk/; revision=4739
and use the vals_parm_NT value string in that registration.
Thanks to Marcin Gryszkalis <mgryszkalis@cerint.pl> for the bug report.
svn path=/trunk/; revision=4736
- For selected read and write SMBs, display the byte count and offset
in the info column. This makes browsing file read/writes easier to
understand.
- In dissect_nt_sids() sometimes the version number is 3 but the rest
of the sid format remains the same. This is purely by observation -
I have no documentation to confirm this.
- Use a GString instead of a fixed buffer in dissect_nt_sids().
svn path=/trunk/; revision=4733
Communities attribute in a BGP Update message.
Also, get rid of an extra space before a colon in the display for that
attribute, which isn't in other attributes.
svn path=/trunk/; revision=4732
Guy Harris