That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
respectively, not Q.931 and Q.2931, in Frame Relay.
When dissecting Q.933-style multiprotocol encapsulated Frame Relay
frames, use the "osinl" dissector table to check for OSI network layer
protocols, include the NLPID in the tvbuff you hand to
"dissector_try_port()" with that dissector table, and put the NLPID into
the protocol tree as an invisible item - the NLPID is considered part of
the PDU for those protocols, so you have to include it in the tvbuff,
and the dissector will put it into the protocol tree.
Also, make sure the top-level entry for the Frame Relay protocol
includes all the bytes preceding the payload, and none of the payload
bytes.
Export a routine to do Q.933-style dissection, and have the WCP
dissector call it, rather than duplicating that code in the WCP
dissector.
Don't register OSI network layer protocols with the "fr.ietf" dissector
table; it's now sufficient to register them with the "osinl" dissector
table, as the Frame Relay dissector now checks that.
Get rid of unnecessary checks for protocols being enabled (if the
dissector is always called through handles or dissector tables, the
common code for handles and dissector tables will do the checks for
you).
Get rid of some unnecessary #includes.
svn path=/trunk/; revision=3211
as, on a large capture, it could take a significant amount of time.
Let the user stop the computation and, if they do, don't pop up the
statistics dialog box.
Create a new header file declaring the routines to create, update, and
destroy progress dialog boxes; those routines' APIs don't depend on
GTK+, but others declared in "ui_util.h" do, and we don't want to oblige
a source file to depend on GTK+ headers unless it uses a GTK+ API or an
API that depends on GTK+.
svn path=/trunk/; revision=3179
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
into a "packet-smb-browse.h" header file, and have modules that import
those routines include "packet-smb-browse.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-logon.c".
Make routines and arrays not exported static, and make routines that
return a true/false return value "gboolean" rather than "guint32".
svn path=/trunk/; revision=3147
Move the declaration of routines exported from "packet-smb-mailslot.c"
into a "packet-smb-mailslot.h" header file, and have modules that import
those routines include "packet-smb-mailslot.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-pipe.c". Make routines not exported static, and make
routines that return a true/false return value "gboolean" rather than
"guint32".
svn path=/trunk/; revision=3146
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
can now handle that; this allows us to register both the modulo-8 and
the modulo-128 versions of various X.25 bitfields with "x.25.XXX" names,
which lets us get rid of the "ex.25" protocol stuff completely and use
"x.25" for both modulo-8 and modulo-128 X.25. Do so. (Also, fix up
some cases where we appeared to be using the modulo-8 fields when
dissecting modulo-128 X.25.)
This, in turn, allows us to register the X.25 dissector, as there's now
only one protocol with which it's associated, and make it static and
have it called only through a handle, and to, when registering it with
the "llc.dsap" dissector table, associate it with "proto_x25".
That, in turn, allows us to get rid of the "CHECK_DISPLAY_AS_DATA()"
calls, and the code to set "pinfo->current_proto", in the X.25
dissector.
The code for the display filter expression dialog would, if there are
two fields with the same name registered under a protocol, list both of
them; have it list only one of them - the fields should have the same
type, the same radix, and the same value_string/true_false_string table
if any (if they don't, they're really not the same field...).
svn path=/trunk/; revision=3023
length field rather than an Ethernet type field) into a
"dissect_802_3()" routine.
In that routine, catch exceptions thrown by the IPX or LLC dissector or
dissectors under them, so that the trailer information is added to the
tree even if an exception is thrown (similar to what "ethertype()"
does).
svn path=/trunk/; revision=3002
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
not kill the goat with the *correct* sort of knife, on the *correct*
altar, and drink its blood from the *correct* goblet at the *correct*
temperature, he will wreak his revenge, perhaps, for example, causing
all your crops to sprout bearing bright green and pink polka-dots.
Add an extra 3 microns to the tip of the blade, so that the Automake God
will not be angry and fail to generate rules to install man pages. (It
would have been nice had the sacred scrolls described that particular
incantation, but so it goes....)
While we're at it, get rid of "EXTRA_MANS"; it doesn't appear to be
necessary (but such hubris may, of course, bring down the wrath of the
Automake God upon me - you can't just get rid of EXTRA_PROGRAMS, for
example, as the Automake God then forgets how to handle "ethereal_LDADD"
and the like - although in a test run the generated Makefile.in didn't
*appear* to have anything missing other than a definition of EXTRA_MANS,
which it didn't use and so presumably wouldn't miss).
svn path=/trunk/; revision=2900
dissectors for protcools that can be encapsulated inside GRE in that
table.
Fix a bug in the handling of WCCPv2 IP encapsulation (it was
constructing the next tvbuff before, rather than after, advancing the
offset past the redirection header).
svn path=/trunk/; revision=2893
script 'make-reg-dotc'. It is used only in the Win32 build because the
make-reg-dotc shell script is *so* sloooooooooow on Win32, due to the
multiple processes (grep, grep, sed) launched multiple times for each
source file. By putting all the text-mangling logic into a single Python
script, only one process is launched, and the source files are read
only once. It's *a lot* faster... seconds instead of minutes.
svn path=/trunk/; revision=2873
register their port as being for XXX-over-HTTP; the HTTP dissector
registers that port in the "tcp.port" table as an HTTP port, and
registers it in its *own* table with the dissector and protocol provided
to it.
Parse the HTTP MIME headers regardless of whether we're building a
protocol tree or not; we have to do so in order to find the offset of
the payload, to hand to an XXX-over-HTTP dissector.
svn path=/trunk/; revision=2872
its own; it's used not only by LLC, but by Frame Relay with RFC 2427 and
ATM with RFC 2684.
Support for RFC 2427-encapsulation Frame Relay packets, from Paul
Ionescu.
Get rid of the CISCO_IP PPP protocol type - Cisco HDLC uses, in most
cases, Ethernet packet types, so use ETHERTYPE_IP instead (they're both
0x0800).
svn path=/trunk/; revision=2854
Fix the GRE dissector to call subdissectors regardless of whether a full
protocol tree dissection is being done or not.
svn path=/trunk/; revision=2842
Add a new subdissector table in the LLC dissector for protocol IDs with
a Cisco OUI, and register the CDP, CGMP, and VTMP dissectors in that
table, rather than calling them via a switch statement.
Register the ISL dissector by name, and have the Ethernet dissector call
it via a handle.
Fix the handling of the checksum field in the CDP dissector.
The strings in CDP are counted, not null-terminated; treat them as such.
Fix the handling of the encapsulated frame CRC, and the encapsulated
frame, in the ISL dissector, at least for Ethernet frames; it may not be
correct for encapsulated Token Ring frames.
svn path=/trunk/; revision=2792
Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.
Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.
Dissect a bit more of the type-of-service metrics etc. in OSPF packets.
Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.
Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()". Use it instead of just subtracting an offset
from "tvb_reported_length()".
svn path=/trunk/; revision=2787
"asn1_string_value_decode()", as it can be used for various character
string types as well.
Turn "asn1_octet_string_decode()" into "asn1_string_decode()", which
takes an additional argument giving the tag expected for the string in
question, and make "asn1_octet_string_decode()" a wrapper around it.
Clean up the ASN.1 dissection in the Kerberos dissector, making more use
of the code in "asn1.c", wrapping more operations up in macros, and
doing some more type checking.
Use "REP" rather than "RESP" in names and strings; "REP" is what the
Kerberos spec uses.
Make the routines in the Kerberos dissector not used outside that
dissector static.
Fix some problems with the dissection of strings in the Kerberos
dissector (it was extracting the data from the wrong place in the
packet).
In Kerberos V5, the "kvno" item in the EncryptedData type is optional;
treat it as such.
Treat integers as unsigned in the Kerberos dissector.
svn path=/trunk/; revision=2777
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
handle and call it through the handle. Make it static; this renders
"packet-nbipx.h" unnecessary.
Get rid of the "tvb_compat()" call in the IPX dissector - it calls all
dissectors through handles or lookup tables, and thus any
backwards-compatibility stuff is done by the code in libethereal.
svn path=/trunk/; revision=2735
It registers the same dissector for the LDP port for both TCP and UDP.
Still a lot of work to do, but we can see the header now.
svn path=/trunk/; revision=2714
dissect_fddi_not_bitswapped() and dissect_fddi_bitswapped(), both of which
use the standard 3-argument tvbuffified-dissector argument list.
Add a dissector table called "wtap_encap" which is used to call dissectors
from dissect_frame(). The switch() statement from this top-level dissector
is removed.
The link-layer dissectors register themselves with the "wtap_encap"
dissector table. The dissectors are now static where possible.
svn path=/trunk/; revision=2708
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
Gilbert Ramirez