add a config.nmake option to control whether to build
libethereal.dll or not;
remove "./wiretap" from PATH to prevent problems due to
wrongly-loaded files;
build dissector.lib with MSVC;
move "print.c" and "ps.c" to the dissector helpers, as "print.c"
imports variables from packet-frame.c and packet-data.c, which
are in libethereal;
move "g711.c" out of the dissector helpers, as they're used only
by Ethereal in a tap, not in Tethereal or in any dissector;
add a .def file for libethereal;
arrange to declare global variables exported from libethereal
with "__declspec(dllimport)" when building programs that import
those variables;
update the NSIS installer.
Make the "configure" script define ETH_VAR_IMPORT as "extern".
svn path=/trunk/; revision=10834
"make distclean" now removes "cvsversion.h";
new "update_plugin_api" which just builds the "xyzzy" target in
the plugins subdirectory but makes sure that "config.h" has been
generated, added.
svn path=/trunk/; revision=10672
tools\win32-setup.sh to
- Check for applications required to build Ethereal
- Download and unpack required packages into $ETHEREAL_LIBS
Update ADNS to the latest version.
Make Python 2.3 the default.
svn path=/trunk/; revision=10567
- Create epan/Makefile.common
- Move dissector_src and helper files from Makefile.common to
epan/Makefile.common
- Create register.c in epan/
- link all the files into libethereal
- put plugin_src into epan/Makefile.am
Try to make rpms build with rpm v4 again (sorry, I've forgotten who to
attribute this to).
svn path=/trunk/; revision=10273
dissector can use it), we have to link Ethereal, Tethereal, and dftest
with libz, as well as linking Wiretap with it.
We also probably need to link dftest with the PCRE library, as the
display filter code uses PCRE.
svn path=/trunk/; revision=10057
added new target "packaging" to root Makefile.nmake,
which will generate version 1 or 2 or both,
depending on config.nmake GTK?_DIR setting
svn path=/trunk/; revision=9866
Note: I don't know anything about the limitations of nmake, so I don't know
whether the `find ...` will work and I can't test it, as I don't have a
Windows system with anything even remotely resembling a compiler on it.
svn path=/trunk/; revision=9687
DISSECTOR_SUPPORT_{SRC,OBJECTS}.
Add some additional files, required by dissectors, to those lists.
Extract the stuff to get version information strings for libraries and
the OS, which is *not* needed by dissectors, from "util.c", which
contains routines that *are* needed by dissectors, and put it into a
separate file.
Make "dftest" link only with the dissector support stuff, not with all
of the Ethereal common files.
svn path=/trunk/; revision=9645
containing helper routines, to DISSECTOR_HELPER_SRC. Include
DISSECTOR_HELPER_SRC in ETHEREAL_COMMON_SRC, and include BUILT_SOURCES
in ETHEREAL_COMMON_SRC rather than repeating those headers directly. Do
similar things with ETHEREAL_COMMON_OBJECTS and DISSECTOR_COMMON_OBJECTS
in Makefile.nmake.
Add "packet-x11-keysymdef.h" to "noinst_Headers", so it's built as part
of the tarball.
svn path=/trunk/; revision=9627
The JFIF dissector processes everything up to the start of scan as the data
thereafter is encoded and I didn't have the time to figure out how it is :)
TODO: fix the WTP dissector so it doesn't hand off unreassembled data to WSP.
svn path=/trunk/; revision=9541
NOTE: I propose to use packet-MIME-TREE for future media types that will be
added to Ethereal (E.g., packet-image-png.c).
svn path=/trunk/; revision=9437
a static Windows library (netsnmp.lib) has been placed at
http://www.ethereal.com/distribution/win32/development/
The Net-SNMP documentation recommends against using a DLL at the
present time.
svn path=/trunk/; revision=9177
From Michael Lum:
Modified for better TCAP separation, fixed EOC handling (a la
TCAP).
Added parameter parsing (although not dissection or naming).
svn path=/trunk/; revision=9160
add a message statistics tap for ANSI A interface for Tethereal;
fix the BSSAP, BSMAP, and DTAP interface dissectors to call
subdissectors even if no protocol tree is being built.
svn path=/trunk/; revision=9132
KPasswd is partially dissected for UDP.
It would be very useful if someone added dissection of the asn.1 encoded
AP_REQ and the KRB-PRIV blobs. I dont think I will add those.
svn path=/trunk/; revision=8905
- Dissector for FICON
- Dissector for FC-SP (Security Protocol for Fibre Channel)
- Patches to correct the reassembly of FC fragments.
- Support for new MDS Port Analyzer Adapters that carry the
frame length for truncated frames.
svn path=/trunk/; revision=8823
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
set in the config.nmake file.
Configure whether we have pcap_findalldevs() based on whether
WINPCAP_VERSION is 2.3 (if so, we don't) or 3.0 or 3.1 (if so, we do).
WinPcap 3.0 has the new libpcap declarations of "pcap_lookupnet()" and
"pcap_open_live()" in which the first argument is a "const char *"
rather than a "char *"; declare the functions and pointers to them
appropriately based on the version of WinPcap.
If we don't have pcap_findalldevs(), don't declare a pointer to it, as
we don't have a declaration of pcap_if_t.
We also need to refer to "pcap_freealldevs()", so make a pointer for it.
"symbols[]" is a const array; make the pointer to elements in it a const
pointer.
Fix some typoes.
svn path=/trunk/; revision=8660
1) string tables for t35CountryCode, t35Extension and
h221ManufacturerCode were moved into the new file t35.c
because they are common for more dissectors
2) the dissect_h245_NonStandardParameter_with_extension_marker()
was moved from h245 to h225 and renamed to
dissect_h225_NonStandardParameter() because the
NonStandardData type is different for H.225.0 and H.245
3) type of the "h245.nsp.object" dissector table was changed from
FT_UINT32 to FT_STRING, so it can select a dissector based on
an OID rather than the Adler-32 hash of an OID
4) the "h225.nsp.object" and "h225.nsp.h221" dissector tables
were created
svn path=/trunk/; revision=8550
Service-over-Frame-Relay support, including preference for Frame Relay
to select FRF 3.2/Cisco HDLC encapsulation or encapsulation of GPRS NS
PDUs.
svn path=/trunk/; revision=8362
a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
Still something wrong with NonStandardParameter, I cant find why ethereal is
wrong but it misses misses one bit in the decoding causing malformed frames.
I cant see what is wrong when looking at the packets. need furhter investigations.
Make h225 compile in as default
svn path=/trunk/; revision=8119
constrained integers with an extension marker.
Update all calls to the constrained integer dissector
Add dissection to the rfc_number type which is a constrasined integer with an extension marker
Add H245 so that it builds by default in ethereal.
It has been tested extensively by a semi-large number of people with a lot of real and synthetic captures and seems to work very well.
New protocol added to ethereal
svn path=/trunk/; revision=8032
and put them in their own file.
I had to put them im packet-per.c instead of asn1-per.c since othervise
i couldnt get it to invoke the register routine from register.c
the per dissector is compiled into ethereal by default, but there are no callers in ethereal until the h245 dissector is added.
someone that knows the registry stuff better might consider renaming it to asn1-per.c instead of packet-per.c
svn path=/trunk/; revision=8017
variables the user configures - the user isn't expected to change
GLIB_LIBS or GTK_LIBS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate libraries for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7885
variables the user configures - the user isn't expected to change
GLIB_CFLAGS or GTK_CFLAGS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate "/I" flags for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7884
GNU ADNS or not - set it based on whether ADNS_DIR is defined by
"config.nmake", and make "config.h.win32" files that specify whether we
have GNU ADNS dependent on "config.nmake".
Note in "config.nmake" that:
if you have GNU ADNS, ADNS_DIR should be defined as the
directory in which the ADNS .lib file resides;
if you don't have GNU ADNS, ADNS_DIR shouldn't be defined.
svn path=/trunk/; revision=7860
"EtherNet/IP" name in his original version ("IP" there is "Industrial
Protocol", not "Internet Protocol"), and to the original file name, and
getting rid of some unused variables.
svn path=/trunk/; revision=7851
you build Ethereal without ADNS. (It'd be nice if ADNS_DIR not being
defined caused the config.h file to have the appropriate #ifdefs turned
off; we can probably do that with another @xxx@ variable in
config.h.win32, and !IFDEFs in the rules to make the config.h files,
although we should then make config.h also depend on config.nmake.)
svn path=/trunk/; revision=7827
to just be an extension to AODV - and the dissectors use the same port,
which doesn't work unless there's only one dissector).
svn path=/trunk/; revision=7616
Add Response-Time statistics for each known mgcp message-type.
Fix a few bugs and remove trailing whitespace.
Use "gdouble" for printing time-values and calculating the
average. It is easier to use and shouldn't overflow on big
trace files like "guint32".
Move some functions for time statistics into the new file
timestats.c in the main directory. This code may be useful in
the rpc and smb rtt-taps as well.
svn path=/trunk/; revision=7469
Socket 0x9001 is for NLSP - it supports LANs as well as WANs, at least
as I read the specification.
Socket 0x9004 is for "IPX WAN 2".
svn path=/trunk/; revision=7387
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
- A new decoder called MDSHDR which decodes the internal header of the
Cisco MDS switch (this is different from the Boardwalk header).
- Support for some more new columns as part of FC support.
- Fixed the decoding of the Special Frame in FCIP.
- Fixed the decoding of credit management type field in FLOGI/PLOGI frame
in FC-ELS.
svn path=/trunk/; revision=6974
IO-Users is a feature for tethereal that will print statistics on io usage
similar to top talkers in other tools.
It needs to be ported to ethereal with a nice graph sometime later.
try:
-z io,users,ip
see man-page
svn path=/trunk/; revision=6972
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
- Decoders for the few remaining FC protocols not included in my first
patch. Included in this list are decoders for FC-CT (common transport),
Name Server (dNS), Fabric Configuration Server (FCS) and Zone Server
(FZS).
- Decoder for MDS Debug Port Adapter. MDS Debug Port Adapter (internal
name was Boardwalk and this is the file name) is a piece of hardware
that can be purchased with Cisco's MDS Fibre Channel switches that
converts FC frames into Ethernet frames. One end is connected to a
port on a FC switch and the other end is connected to a FE/GE Ethernet
port. The decoder included here decodes the encapsulation header that
carries information such as SOF/EOF of FC frames.
svn path=/trunk/; revision=6919
The Q bit in X.25 doesn't mean "this is QLLC traffic", it's just a "this
packet is special" indication. Have the X.25 dissector pass as the
"private_data" pointer a pointer to a gboolean indicating whether the Q
bit was set or not. Replace the "decode non-Q-bit traffic as SNA"
option with a "decode traffic as QLLC/SNA if we didn't see the Call
Request packet and thus don't know what it is" option, which hands
traffic to the QLLC dissector for that traffic. Have the QLLC dissector
hand traffic to the SNA dissector if the Q bit isn't set.
Arrange that we determine whether the Q bit is set regardless of whether
we're building the protocol tree or not.
If we don't just dissect traffic as QLLC/SNA if we didn't see the Call
Request packet, check not only for 0x45 (as an indication that it's
probably IP), check also for NLPID_ISO8473_CLNP and treat that as an
indication that it's probably OSI CLNP.
svn path=/trunk/; revision=6854
make ANSI point codes filterable in MTP3;
fix a bug in the ANSI SLS dissection;
have MTP3 store the SI for use by subdissectors;
add a new MTP3-Management dissector.
Fix Makefile.nmake to include the Wellfleet HDLC dissector.
svn path=/trunk/; revision=6837
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
svn path=/trunk/; revision=6790
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
and generate the table of stuff to register from tap source files, so
Tethereal doesn't need to know what tap listeners exist.
Get rid of "tap-xxx.h" files, as they're now empty.
Add "tethereal-tap-register.c" to the .cvsignore file, as it's a new
generated file.
Update "Makefile.nmake" to generate "tethereal-tap-register.c".
Clean up "Makefile.am" and "Makefile.nmake" a bit.
svn path=/trunk/; revision=6525
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
svn path=/trunk/; revision=6521
In gtk/main.c and tethereal.c set MIBDIRS to <get_program_path()>\snmp\mibs
so that we can drop the MIB files there, instead of the default c:\usr\...
path.
Add NET_SNMP_DIR to config.nmake and modify Makefile.nmake to adjust
CFLAGs, ethereal_LIBS and tethereal_LIBS accordingly.
Define HAVE_UCD_SNMP in config.h.win32.
I tested this by creating c:\program files\ethereal\snmp\mibs and
dropping in the MIB files that come with Net-SNMP. Ethereal resolved
system.sysDescr.0 to "iso.3.6.1.2.1.1.1.0" under Windows. Under Linux
it resolved to "SNMPv2-MIB::sysDescr.0".
Ethereal.nsi still needs to be updated.
A compiled version of the Net-SNMP library can be found at
http://www.ethereal.com/distribution/win32/development/
svn path=/trunk/; revision=6385
problem. The win2k DNS MMC snap-in generates calls to this pipe.
There appear to be three calls which have been implemented as stubs
for the moment.
svn path=/trunk/; revision=6277
and the "gtk" and "gtk2" directories, so that we find "zlib.h", as we
now define "HAVE_ZLIB" in the top-level "config.h.win32" and thus try to
include "zlib.h" on Windows.
svn path=/trunk/; revision=6246
files, and have it get rid of "x11-declarations.h" and
"x11-register-info.h". Also, don't delete "packet-ncp2222.c" with "make
clean", just with "make distclean", and get rid of a duplicate
"register.c" in the list of files removed by "make clean".
svn path=/trunk/; revision=6244
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
following changes:
- Inserted packet-tds.h This is personal taste because of the many
files in the toplevel directory. Whoever works on this next is
free of course to separate it back out again.
- Removed unused includes sys/types.h, snprintf.h, netinet/in.h
- #if-0 unused function
- Removed duplicate define
- Declared all unused parameters as such
- Changed a // comment into /* */
- ifdef-DEBUG a printf statement
svn path=/trunk/; revision=6025
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
In the "configure.in" files, add
-D_U_="__attribute__((unused))"
to CFLAGS if we're using GCC, and add
-D_U_=""
otherwise, so _U_ can be used to mark arguments as unused.
Add -D_U_="" arguments to the Makefile.nmake files as well, so _U_ works
with Microsoft Visual C++ as well.
Add comments and RCS IDs to the Makefile.nmake files that don't already
have them.
svn path=/trunk/; revision=4824
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4588
Additional Windows Makefile dependencies, so more stuff gets
built as needed.
Additional stuff cleaned up by "make clean" (well, "nmake -f
makefile.nmake clean", anyway)
Make PDB_FILE be "vc*.pdb", so it referes to the PDB files
either for VC++ 5.0 or VC++ 6.0.
svn path=/trunk/; revision=4481
Add some missing files in the "clean" targets.
Use pod2html rather than man2html to build HTML man pages.
Fix ethereal.nsi.in for recent versions of NSIS, and fix a typo.
svn path=/trunk/; revision=4475
they're not built and the executables already contain debugging
information, and update the README.win32 file appropriately and add
Text2Pcap and Mergecap to it.
svn path=/trunk/; revision=4425
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
svn path=/trunk/; revision=4285
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
Throw a very small caltrop in the way of spam-harvesters, by replacing
"@" in e-mail addresses in the AUTHORS file and Ethereal man page with
"[AT]" (although I wouldn't be surprised to find that some of those
harvesters already know about that trick and "fix" those addresses so
you, too, can receive Valuable Information about Viagra, can-fail
Internet investment opportunities and stuff-envelopes-at-home jobs, and
cable descramblers).
Add a couple of items from the AUTHORS file to the Ethereal man page.
svn path=/trunk/; revision=3781
have two independent "value_string" tables mapping RFC 1700 address
family numbers to names, nor is there any need to have the BGP dissector
and the PIM dissector have two independent sets of #defines for RFC 1700
address family numbers; put a single "value_string" table in "afn.c" and
put a declaration of it, and #defines for the address family numbers,
into "afn.h", and have the dissectors use that.
Move the #define for PGM into "ipproto.h", and add an entry for it in
the "value_string" table in "ipproto.c".
Have the PGM dissector use the standard Ethereal mechanisms for
resolving addresses, and have it use "value_string" tables for mapping
option types, the OPX bits, and packet types to strings. Use
"bytes_to_str()" to turn byte arrays into strings of hex digits. Pass
the packet type string to "dissect_pgmopts()" as an argument, rather
than making it a global. Don't use "proto_tree_add_XXX_format" routines
if you can possibly just use "proto_tree_add_XXX"; give various fields
the correct radix and type, and VALS() strings if necessary, to make
that happen (and to make filtering on them more pleasant). Put the
type, length, and total length of the options into the protocol tree as
separate fields. Don't have separate type, length, and OPX fields for
every type of option; one field will suffice. Don't format a string
with "sprintf()" and then pass that string to "col_add_fstr()" with a
format of "%s" and the string as an argument - "col_add_fstr()" can
format strings itself (that's what the "f" stands for). Don't byte-swap
and then un-byte-swap IPv4 address fields in the header, just leave them
network byte order to start with. Use the correct fields for
"proto_tree_add_XXX", rather than using the same field multiple times.
Quit early if an address family identifier isn't AFNUM_INET, as that
means the structure we use to dissect the header doesn't match the
actual header.
svn path=/trunk/; revision=3761
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
Fix text2pcap.c so that it can be compiled with Microsoft Visual C++
6.0:
protect some includes with #ifdefs, as not all the header files
in question exist in the MSVC++ build environment;
include <winsock.h> if we have it, to declare "ntohs()" and the
like;
include "getopt.h" if we need it, to declare stuff for
"getopt()";
include "config.h" if we have it, so we know whether the header
files in question exist or are needed;
rename "BYTE" to "READ_BYTE", as <winsock.h> defines BYTE as
well, and that definition causes a conflict;
get rid of references to "__FUNCTION__", as MSVC++ doesn't
define it (I suspect at least some UNIX compilers don't define
it, either).
svn path=/trunk/; revision=3428
version of automake (which will probably eventually become the next
release of automake) - it assumes variables that end with _SOURCES are
of the form "target_SOURCES", where "target" must be a target that the
Makefile builds.
Rename "DISSECTOR_SOURCES" to "DISSECTOR_SRC" in "Makefile.nmake", as
well, so that part of "Makefile.nmake" exactly matches that part of
"Makefile.am".
svn path=/trunk/; revision=3408
Perl script that generates them, so that if we have to change those
fields we can do so more conveniently.
Remove the generated header files from CVS, and arrange that we generate
them when we do a build.
svn path=/trunk/; revision=3341
for Win32, and show a slightly more informative (i.e., geared to the
user) help message when trying to capture without having WinPcap installed.
svn path=/trunk/; revision=3261
We us $(VERSION), defined in the top-level config.nmake, to replace
@VERSION@ in various files. $(RC_VERSION) and $(WTAP_VERSION) are
similarly used.
svn path=/trunk/; revision=3258
That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
length field rather than an Ethernet type field) into a
"dissect_802_3()" routine.
In that routine, catch exceptions thrown by the IPX or LLC dissector or
dissectors under them, so that the trailer information is added to the
tree even if an exception is thrown (similar to what "ethertype()"
does).
svn path=/trunk/; revision=3002
script 'make-reg-dotc'. It is used only in the Win32 build because the
make-reg-dotc shell script is *so* sloooooooooow on Win32, due to the
multiple processes (grep, grep, sed) launched multiple times for each
source file. By putting all the text-mangling logic into a single Python
script, only one process is launched, and the source files are read
only once. It's *a lot* faster... seconds instead of minutes.
svn path=/trunk/; revision=2873
Fix the GRE dissector to call subdissectors regardless of whether a full
protocol tree dissection is being done or not.
svn path=/trunk/; revision=2842
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
starting with "epan_", change the name of the library from libepan.a to
libethereal.a, and from libepan.lib to ethereal.lib.
svn path=/trunk/; revision=2492
a framework for the dissector; of the more than 400 NCP packet types, only
a handful are defined. But this dissector framework is much better than
the previous one.
svn path=/trunk/; revision=2173
I put the header file info in packet-cops.c since no one else uses it.
Fix the version number and plugin directory in config.h.win32.
svn path=/trunk/; revision=2044
protocols encapsulated inside DDP register themselves with that table.
Pull the EIGRP dissector into its own file, as suggested by Paul
Ionescu; it's not an IP-specific protocol.
svn path=/trunk/; revision=2022
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
only the dissector source files, not the header files; that way you
don't feed the header files to "make-reg-dotc", as "make-reg-dotc" won't
find any registration routines there so there's no point in feeding
header files to it.
Doing so means that we can make "DISSECTOR_OBJECTS" in "Makefile.nmake"
by doing
DISSECTOR_OBJECTS = $(DISSECTOR_SOURCES:.c=.obj)
rather than separately enumerating the object files, as Nmake supports
System V "make"-style substitution.
This should let users who change "DISSECTOR_SOURCES" in one of those
files just copy it to the other file.
svn path=/trunk/; revision=1938
build "register.c" in the top-level Makefile;
set path in "config.nmake" to include the Cygwin directory for
tools - those tools are needed to build "register.c";
remove constructed source files, and some additional object
files, when doing "nmake clean".
svn path=/trunk/; revision=1896
console-subsystem program, so that when not run from a shell window it
doesn't cause a shell window to be popped up. (Yes, this means that any
messages it prints, when not popped up from a shell window, get lost,
but the same is true of Ethereal on UNIX/X.) Trick for doing this
shamelessly stolen from the Win32 port of the GIMP.
We do not want to build Tethereal or editcap as Windows-subsystem
programs, however, so we take the "/SUBSYSTEM" flag out of LDFLAGS and
put it into the link commands for Ethereal, Tethereal, and editcap.
svn path=/trunk/; revision=1857
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
"dfilter-grammar.h".
Use the "-o" flag, rather than using the "-t" flag and redirecting the
standard output, in the rules to get Flex to produce scanner code; that
way, if Flex fails to run for some reason, we don't leave around a
zero-length or otherwise incorrect "XXX-scanner.c" file that might
keep a subsequent make from thinking it has to generate that file.
svn path=/trunk/; revision=1807
be built as multi-threaded programs; add "/MT" to the list of compiler
flags.
Add "clean" rules in subdirectories, and run subdirectory "nmake -f
Makefile.nmake clean" when "nmake -f Makefile.nmake clean" is done in
the top-level directory, so that "nmake -f Makefile.nmake clean" cleans
everything up.
svn path=/trunk/; revision=1791
Ethereal/win32 now supports command-line options.
Tethereal now compiles on win32, except for the fact that I haven't
put the Makefile.nmake changes in for that yet.
svn path=/trunk/; revision=1758
is being added
- MPLS Traffic Engineering extensions for RSVP
- MPLS-encapsulated IP packets on Ethernet
- OSPF Extensions for MPLS (including generic opaque LSA
support for OSPF)
THe following features will be committed at a later date (if I get around
to writing them :-)
- Label Distribution Protocol (LDP)
- IS-IS Extensions for MPLS
svn path=/trunk/; revision=1707
Ethernet; used for communication with Siemens S5 PLC's over Ethernet),
and his changes to display OSI COTP TSAPs that consist solely of
printable characters as text rather than as hex data and to decode the
version number resource in COTP.
svn path=/trunk/; revision=1677
Olivier Biot