Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
Replace "proto_item_set_len()" with "proto_item_set_end()", and get rid
of the "old_offset" variables the "proto_item_set_len()" calls required.
svn path=/trunk/; revision=7634
value for a field to be used for the procedure number for that version
of the protocol; use that field, if specified, instead of just putting
in a generic "rpc.procedure" field.
Have the ypserv dissector register those fields and supply them to
"rpc_init_proc_table()". Supply -1 for other RPC programs (for now),
meaning "no such field exists".
svn path=/trunk/; revision=6486
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
When we see PRTOMAP GETPORT calls for UDP, make sure all further UDP packets to or from
this port goes to the ONC-RPC dissector regardless of the port on the other side.
We need this because if there is ONC-RPC traffic going between the ONC-RPC Program port to a port which has a normal ethereal dissector, ethereal would dissect the traffic as the protocol associated with the other port instead.
svn path=/trunk/; revision=5430
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
rid of support for them, and remove the "_tvb" from the end of the names
of RPC type dissection routines.
Update Gerald's e-mail address.
svn path=/trunk/; revision=3477
specified program/version/procedure, and a "rpc_proc_name()" routine to
return the name of a specified program/version/procedure, and make the
callit dissector use those, rather than doing the work itself.
Un-export various routines and declarations that can again be private to
the RPC dissector.
svn path=/trunk/; revision=3007
either with a table of old-style dissectors or a table of tvbuffified
dissectors, and have the RPC dissector pass the appropriate arguments to
the dissectors.
Finish tvbuffifying the NLM dissector, getting rid of the last traces of
old-style dissector code.
In those routines in the NFS dissector that take new-style arguments
(because they're called from the NLM dissector), make them take an
offset as an argument, so they don't assume that they're handed a tvbuff
starting at the stuff they're supposed to dissect, and make the versions
that take old-style arguments construct a tvbuff and call the versions
that take new-style arguments. Do the latter with the routines in
"packet-rpc.c" as well.
svn path=/trunk/; revision=2943
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
number of replies seen, keep the frame number of the first request seen
for that call and the first reply seen for that call. Use that to
determine whether a request or reply is a duplicate or not.
That means that we don't have to reset the table of RPC calls on a
rescan of the capture (which didn't even fix all the cases where we'd
have misreported the original call or reply as a duplicate due to having
seen it once on the initial pass through the file and once again when,
for example, the user clicked on the packet); doing so causes plenty of
other problems, so don't do that - and don't clear the "visited" flag on
frames on a rescan, either, as that's only done because we were clearing
out conversations and calling all protocols' "init" routines.
As a free bonus, this means that, for a reply, we know what frame the
request was in; put that information into the protocol tree for the
reply, snoop-style.
Make the table of RPC call information, and the routines that manipulate
it, static to "packet-rpc.c"; nobody outside "packet-rpc.c" uses them.
svn path=/trunk/; revision=2358
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
non-null, it returns through that argument a pointer to the displayed
version of the string, otherwise it just frees that string.
Use that to put, in the tree item for READDIR and READDIRPLUS reply
directory entry items, the file name from the directory entry.
svn path=/trunk/; revision=1521
stuff them into shared read-only space.
Put the "VALS()" cast macro into the initialization of an
"hf_register_info" array.
svn path=/trunk/; revision=1072
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
dissect_rpc_string. Replaced only instance of this routine being called.
Added display filtering to rpc dissector. Replaced most instances of
proto_tree_add_text with proto_tree_add_item.
Added program version and procedure to the program tree in addition to it
being in the RPC tree.
svn path=/trunk/; revision=1037
Added stat dissector.
Enhancements to portmap dissector.
Added rpc_prog_name function to packet-rpc to retrieve the name of an
rpc program. This should likely eventually be modified to use the
/etc/rpc or rpc.bynumber NIS maps in addition to the programs that
are registered within ethereal.
svn path=/trunk/; revision=1016
Added proto_registrar_get_name routine to proto.c to retrieve the name
of particular proto_tree field.
Added dissect_rpc_string_item to packet-rpc.c. This routine does the same
thing as dissect_rpc_string, except it takes a hfindex of a
proto_tree item instead of a name. It uses the p_r_get_name call
to get the name, and adds the actual string content as a hidden
field (so that the subtree highlights the entire data area - length,
data, and padding). There is only one call to dissect_rpc_string, so
I believe that this routine should replace it.
svn path=/trunk/; revision=1011
Guy Harris