types and Wiretap encapsulations after the entries to map between
platform-independent libpcap link-layer types and those Wiretap
encapsulations, so that, when writing a libpcap-format file, we choose
the platform-independent link-layer types.
svn path=/trunk/; revision=5668
"tvb_get_nstringz0()" no larger than the space in "str" (not counting
the space for the trailing '\0').
Make "str" big enough to hold a maximum-length serial number string (the
length is 1 byte, hence the maximum length is 256 bytes plus 1 byte of
terminating '\0').
svn path=/trunk/; revision=5665
requests - the data part of the AFS authentication request
(hf_afs_kauth_data) is displayed as a string whilst declared as a binary
array in "packet-afs-register-info.h".
svn path=/trunk/; revision=5661
In libpcap.c, move wtap_pcap_encap_to_wtap_encap before libpcap_open
so that if HAVE_PCAP_H is not true, the file will still compile.
svn path=/trunk/; revision=5660
the source to an "ipxdump" utility from the Linux ncpfs package.
The NetworkAddress field in a 23/26 GetInternetAddress reply appears
to be big-endian; we assume it's big-endian in all messages.
The NetworkSocket field in that reply also appears to be big-endian;
it was already set up to be big-endian in other messages.
Put in comments noting other things seen in captures.
svn path=/trunk/; revision=5658
in TCP, UDP, and SCTP, try the lower port number first, and then the
higher port number; this means that, for packets where a dissector is
registered for *both* port numbers:
1) we pick the same dissector for traffic going in both directions;
2) we prefer the port number that's more likely to be the right
one (as that prefers well-known ports to reserved ports);
although there is, of course, no guarantee that any such strategy will
always pick the right port number.
Ignore port numbers of 0, as some dissectors use a port number of 0 to
disable the port, and as RFC 768 says that the source port in UDP
datagrams is optional and is 0 if not used.
svn path=/trunk/; revision=5656
interpret and show Value-Length fields bigger than a single byte.
allows the dissector to properly interpret and show
From: headers with a Value-Length field bigger than a single byte.
svn path=/trunk/; revision=5653
argument to copy a counted string, and use "tvb_strsize()" rather tan
"strlen()" with a "tvb_get_ptr()" argument to get the length of a
null-terminated string, so that we throw an exception if we go past the
end of the tvbuff, rather than processing bytes past the end.
svn path=/trunk/; revision=5649
having two different versions, both broken in different ways.
Bump the count of total packets in the capture-from-pipe routine.
svn path=/trunk/; revision=5647
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
Have "wtap_open_offline()", if asked to open a FIFO, return that error
if it was asked to open the file for random access.
svn path=/trunk/; revision=5643
the internal z_err value for the stream if an "fseek()" call it makes
fails, so that if "gzerror()" is subsequently called, it returns Z_OK
rather than an error.
To work around this, we pass "file_seek()" an "int *err", and have the
with-zlib version of "file_seek()" check, if "gzseek()" fails, whether
the return value of "file_error()" is 0 and, if so, have it return
"errno" instead.
svn path=/trunk/; revision=5642
they are, in fact, WTAP_ENCAP_FRELAY. Support 11 as WTAP_ENCAP_FRELAY
if DLT_FR is defined and is equal to 11, and support 107 as
WTAP_ENCAP_FRELAY unconditionally.
Get rid of a comment indicating that 105 isn't used - it's been
supported as DLT_IEEE802_11 for a while.
svn path=/trunk/; revision=5640
working on MacOS X.
It appears that the underlying problem with the timeout was that we
weren't treating MacOS X as a BSD, and the "select()" we were doing
presumably wasn't working as it doesn't work on BPF devices on many
BSDs; the workaround no longer appears to be necessary, with Michael's
fix to treat MacOS X as BSD.
(Presumably a select timeout with "tv_usec" set to 1000*1000
microseconds was treated as an error, or otherwise treated in such a way
that it didn't block waiting for the BPF device to say it could be
read.)
svn path=/trunk/; revision=5637
task of creating a fregment tree for the fragmented packets.
Having this identical code to create this tree in every dissector that does
PDU reassembly is a huge waste and duplication of code.
Updated IP, SMB and DCERPC to use the new function.
svn path=/trunk/; revision=5626
Use the di->levels field to pass info to notify options rather than
mucking about with the private_data fields which mysteriously doesn't
work.
Fixed some display bugs in notify data.
svn path=/trunk/; revision=5625
prs_werror().
Converted RFFPCNEX (FindFirstPrintChangeNotification) to Ronnie's NDR
routines.
Implemented RFNPCNEX (FindNextPrintChangeNotification). Print
notification data is dissected in a length/buffer format instead of
dissecting as the underlying type (string secdesc, devmode etc).
svn path=/trunk/; revision=5623
Ronnie Sahlberg