stuff them into shared read-only space.
Put the "VALS()" cast macro into the initialization of an
"hf_register_info" array.
svn path=/trunk/; revision=1072
ip_to_str() is 7 times faster than my sprintf() implementation (both of
which take very little time for the single call that match_selected() makes,
but you know....)
svn path=/trunk/; revision=1071
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
svn path=/trunk/; revision=1070
If a interface type is not recognized, set error to WTAP_ERR_UNSUPPORTED
instead of WTAP_BAD_RECORD.
Continue to check for X.25, FDDI, and loopback traces via the interface
name instead of the newly-discovered if_type field in the packet header.
Once Olivier confirms that his traces still work by checking only if_type,
I'll change the code. But he's on vacation right now. ATM, Ethernet, and
Token-Ring are discovered via the if_type field.
svn path=/trunk/; revision=1063
eth.length were being pulled put into the proto_tree (logical and GUI),
but the fields were highlighted in the hex dump w/o adding offset.
svn path=/trunk/; revision=1062
Also, explicitly compare the result of "memcmp()" against 0 - the
appearance of a comparison operator in the expression makes it clearer
what test is being done.
svn path=/trunk/; revision=1061
them - don't "#if 0" out the initializers for "hf[]", "#if 0" out the
entire declaration of "hf[]" and the call that uses "hf[]".
svn path=/trunk/; revision=1059
AppHLType is the subtype of that type; set them appropriately (as best
we can, given that we can only *guess* what kind of traffic it is) for
"iptrace" captures in Wiretap. (Alas, more work is needed to
distinguish Ethernet from Token-Ring LANE traffic....)
Handle VPI = 0, VCI = 5 as the Signalling AAL in "iptrace" captures.
svn path=/trunk/; revision=1058
all packets are recognized yet, but ILMI and Classical IP (LLCMX) are.
The ATM iptrace facility uses the ngsniffer_atm_phdr pseudo header so that
ethereal doesn't have to worry about yet another psuedo header.
svn path=/trunk/; revision=1057
(remove commas following the last member of an enum, make all bit fields
"guint32" - GCC lets you get away with that, but at least some other
compilers don't).
svn path=/trunk/; revision=1052
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
and on a comment that "libpcap"/BPF on AIX appears to return 6 as the
network type for an Ethernet device - the BSD IFT_ETHER is 6.
svn path=/trunk/; revision=1048
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
svn path=/trunk/; revision=1046
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
There was a core dump because of a coding oversight. Should be fixed
now Gilbert.
Should now handle names of form \<somepipe>
Will screw up if there is no leading slash, but in a non-fatal way, I
think.
svn path=/trunk/; revision=1041
hex window to scroll so that the data in the currently-selected field is
visible, but merely revealed core-dumping bugs in GTK+.
svn path=/trunk/; revision=1040
store the field_info pointer, from which we can get both "start" and
"length" (and "hfinfo" and "value", which I'm working towards, so that
match_selected, or a new function, and create a display filter based on
the field's name, instead of byte offset ).
svn path=/trunk/; revision=1039
dissect_rpc_string. Replaced only instance of this routine being called.
Added display filtering to rpc dissector. Replaced most instances of
proto_tree_add_text with proto_tree_add_item.
Added program version and procedure to the program tree in addition to it
being in the RPC tree.
svn path=/trunk/; revision=1037
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
svn path=/trunk/; revision=1032
destination address for calls and the source address of the reply - we
should't require the server address to be the same for a call and reply,
as they may not be on a multi-homed server (clients presumably check the
XID only, or perhaps the XID and the port whence the reply came,
although with TI-RPC I don't think they can check the port without
checking the address as well).
This requires that the conversation code not assume that the source and
destination addresses for a given packet in a conversation have the same
type, so, when comparing addresses for equality, it must explicitly
check the address types.
In said code, also check the port numbers before we check the addresses
- testing ports is cheaper, as they're just integers, and there's
probably a decent chance that you won't see two conversations between
different pairs of hosts and the *same* pair of ports in a capture file,
so the cheaper port tests are probably decently likely to fail first.
svn path=/trunk/; revision=1031
much more complete decoding of browse messages.
They are now shown in the parent tree as well.
I still have problems with:
1. Times
2. Election criteral
I also haven't been able to see a BecomeBackup request, nor a
GetBackupListResp with more than one browser ... Should run a Windows NT
server or another Samba on my network.
I am also not sure of there are any more message types. Damn! Old, and
wrong MS documents!
svn path=/trunk/; revision=1025
MS Windows Browser messages. Can decode host announcements now.
Still need to decode more. Also need to break the new code out.
I also have the Browse tree at the wrong location. Can I get at the
parent of the tree somewhere, or do I have to pass it in as a variable?
svn path=/trunk/; revision=1024