Digital^H^H^H^H^H^H^HTru64 UNIX, but make the note about DU 3.2 a bit
speculative (I don't have 3.2 documentation handy to check whether, for
example, you can use "doconfig" interactively).
Add a note about using "doconfig" interactively - the Tru64 UNIX FAQ
mentions that in its not on using tcpdump.
Expand on the discussion of "pfconfig" to explain that you're also
enabling "local copy" mode, and to mention the "-a" option to let you
enable local copy and promiscuous mode on all devices, and to explain
*why* you want to enable local copy and promiscuous mode. Also, in the
example pfconfig command, put the network device name at the end - the
Tru64 UNIX FAQ, and the pfconfig man page, both put it there.
svn path=/trunk/; revision=2937
delete event on that window, revert all the protocol enabling settings
to the values they had when the dialog box was first popped up.
svn path=/trunk/; revision=2934
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
svn path=/trunk/; revision=2932
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
we might want to give them different blurbs at some point (the
filter-expression construction dialog currently shows both of them as
just "Universal Address"; it'd have to somehow use the blurb if we
wanted to make it obvious what they are).
svn path=/trunk/; revision=2930
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Make the IP dissector static, as it's called only via dissector tables
or dissector handles. Also make the "dissect the TOS field as the
DiffServ DS field" flag static, as it's not referred to outside of
"packet-ip.c".
In the NCP dissector, refer to the port type through "pinfo" rather than
through the global "pi", as it's a tvbuffified dissector.
svn path=/trunk/; revision=2929
statements.
Move the setting of the Protocol column in the Appletalk ARP and IPX
dissectors before anything is fetched from the packet, and also clear
the Info column at that point in those and some other dissectors, so
that if an exception is thrown, the columns don't reflect the previous
protocol.
Fix the registration of the IPX RIP dissector to use the right protocol
ID.
svn path=/trunk/; revision=2928
"pinfo->current_proto", in dissectors always called through dissector
tables and handles.
Make the IEEE 802.11 dissector static, as it's not called externally.
Clear the Info column in the Linux cooked capture and 802.1q VLAN
dissectors, before extracting anything from the packet, so that if an
exception is thrown, the Info column doesn't reflect the previous
protocol.
Don't extract the encapsulated protocol in the VLAN dissector until you
use it, so that if the frame contains the VLAN ID but not the
encapsulated protocol, we at least put the VLAN ID into the protocol
tree.
svn path=/trunk/; revision=2927
"pinfo->current_proto"; dissectors called only through dissector tables
and handles don't need to do either of those, as the dissector table and
handle code will do it for them. (Dissectors called directly, or
dissectors that can be attached to conversations, still have to do it
themselves.)
Register the PPP Multilink Protocol, PPP Link Control Protocol, and PPP
IP Control Protocol as official protocols, and register them in PPP's
dissector table rather than having PPP handle them specially; change
"dissect_cp()" to take a protocol ID, get the protocol short name
information from it, and use the protocol ID for the top-level protocol
tree item.
Set the Protocol column in the PPP Multilink Protocol dissector, and set
the Info column before extracting anything from the frame, so that if an
exception is thrown, the Info and Protocol columns will reflect that the
packet is supposed to be a PPP Multilink Protocol frame.
Make the "First fragment" and "Last fragment" flags in the PPP Multilink
Protocol header boolean bitfields, and let "proto_tree_add_boolean()" do
all the heavy lifting when displaying them, rather than doing it by
hand.
Don't extract the sequence number in the PPP Multilink Protocol until
you're ready to put it into the tree, just in case the captured packet
includes the flags but not the sequence number.
Clean up the code to check the FCS of PPP frames - extract it with
"tvb_get_letohs()" or "tvb_get_letohl()", don't extract it byte-by-byte
and then put it together yourself.
svn path=/trunk/; revision=2926
selection change event on the list of filters. Unfortunately, this can
happen after some other widgets in that dialog box have already been
destroyed - including some of the widgets that such a selection change
event can change.
This sometimes happened when "filter_prefs_delete()" hadn't been called,
so the mechanism we had been using, with a Boolean datum attached to the
dialog box, set in "filter_prefs_delete()" before we actually destroy
the dialog box, wasn't sufficient to keep that from happening.
Attach to the top-level window data items containing pointers to the
widgets changed when a filter is selected from the list, give each of
those widgets their own destroy callbacks, clear the pointer attached to
the top-level widget when the widget is destroyed, and don't do anything
to the widget when a filter is selected from the list if the pointer for
that widget is null, as that means the widget's been destroyed and we
*can't* do anything to it.
Not all filter editing dialogs created on behalf of a "Filter:" button
next to a text entry box should, when you click "OK", activate the text
entry box; if the text entry box is part of a dialog box with multiple
widgets, the user might not have filled in all of the items in that
dialog box, so you shouldn't activate it for them. Add a mechanism by
which, when creating a filter editing dialog box, you can specify
whether the "OK" button should just fill in the text entry box or should
fill it in and also activate it.
svn path=/trunk/; revision=2922
just NLM v1 plus some stuff for use by DOS/Windows clients, according to
The Open Group's "XNFS, Version 3W" ("This document describes version 3
which is backward compatible with versions 1 and 2."); copy the NLM v1
table of dissectors to the tables for NLM v2 and NLM v3.
Mark all procedures for which we lack reply dissectors and for which
there *is* a reply type, or for which we lack call dissectors and for
which there is a call type, with /* XXX */.
svn path=/trunk/; revision=2921
which includes the NLM spec.
Fix a comment to reflect what a null function pointer in a "vsff" table
really means.
Make the "nlm<N>_proc" arrays static.
Fill in the reply dissector pointers for some entries, and flag some of
those that need to be filled in with /* XXX */.
svn path=/trunk/; revision=2918
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
dissector for a particular type of RPC request or reply.
Always call that dissector, regardless of whether we're building a
protocol tree or not.
svn path=/trunk/; revision=2914
the static table of RPC calls and responses; this meant that, in some
cases, I could click on a reply packet and it'd just be shown as a UDP
packet in the protocol tree window, but if I then click on the matching
request and click on the reply again, it'll show it as an RPC reply to
the call in question.
Replace the static table with a GHashTable, which grows as necessary.
svn path=/trunk/; revision=2912
REC_HEADER2 encapsulation type.
Modified skip_header_records to accept REC_HEADER3-REC_HEADER7.
These header records would cause file read error if the capture file was
compressed.
svn path=/trunk/; revision=2910
*future* version, not of 1.4, which is the *current* version - i.e.,
it's newer than 1.4) complains, if "dfilter-grammar.c" and
"dfilter-scanner.c" are part of "EXTRA_libethereal_a_SOURCES", that
"dfilter-grammar.o" is built both from "dfilter-grammar.c" and
"dfilter-grammar.y", and that "dfilter-scanner.o" is built both from
"dfilter-scanner.c" and "dfilter-scanner.l", and refuses to build
"Makefile.in".
Moving them to "EXTRA_DIST" makes 1.4b happy.
Automake 1.4 allows them either to be in "EXTRA_libethereal_a_SOURCES"
or in "EXTRA_DIST"; the only difference between the generated
"Makefile.in" files is which of those two variables the files are in,
and the only difference that makes is that it keeps those two files out
of "SOURCES", which means that "make ID" doesn't include them in the
files it looks at, and "make TAGS" and "make tags" don't include them in
the files they look at. I'm not sure whether the tags file should be
built from "dfilter-grammar.y" and "dfilter-scanner.l", or from
"dfilter-grammar.c" and "dfilter-scanner.c"; the former means you see
the real source file, not the generated source file, if you look for a
symbol defined in one of those files, while the latter means you can
look for symbols in code generated by YACC/Bison or Flex.
In either case, the generated files go into the distribution tarball,
which is what we want.
For now, we go with what makes Automake 1.4b happy.
svn path=/trunk/; revision=2909
returns NULL and do something appropriate if it does so; instead, use
"val_to_str()", and let *it* worry about the value passed to it not
having a corresponding string.
svn path=/trunk/; revision=2908
Remove one level of indentation from a "switch()" statement, so as not
to oblige those of who use 80-column windows for editing (and will
continue to do, arguments against it nonwithstanding; I *like* being
able to have lots of windows open and visible) to have to play too many
games in order to be able to work on this code.
svn path=/trunk/; revision=2907
"guint8", not a "char".
Do not use "match_strval()" unless you're prepared to check whether it
returns NULL and do something appropriate if it does so; instead, use
"val_to_str()", and let *it* worry about the value passed to it not
having a corresponding string.
svn path=/trunk/; revision=2906
"Internetwork analyzer" capture, from Jeff Foster. (It's not a
replacement for the heuristics, as
1) at least one PPP capture doesn't have a type 7 record
and
2) LAPB/X.25 and LAPD/ISDN might both be "HDLC" captures and
we'd need to figure out how to tell them apart.)
svn path=/trunk/; revision=2902
not kill the goat with the *correct* sort of knife, on the *correct*
altar, and drink its blood from the *correct* goblet at the *correct*
temperature, he will wreak his revenge, perhaps, for example, causing
all your crops to sprout bearing bright green and pink polka-dots.
Add an extra 3 microns to the tip of the blade, so that the Automake God
will not be angry and fail to generate rules to install man pages. (It
would have been nice had the sacred scrolls described that particular
incantation, but so it goes....)
While we're at it, get rid of "EXTRA_MANS"; it doesn't appear to be
necessary (but such hubris may, of course, bring down the wrath of the
Automake God upon me - you can't just get rid of EXTRA_PROGRAMS, for
example, as the Automake God then forgets how to handle "ethereal_LDADD"
and the like - although in a test run the generated Makefile.in didn't
*appear* to have anything missing other than a definition of EXTRA_MANS,
which it didn't use and so presumably wouldn't miss).
svn path=/trunk/; revision=2900
type, so "netbios_add_name()" doesn't need to check for it doing so
(yes, the tvbuff stuff *does* catch "get_netbios_name()" running past
the end of the packet, and causes an exception to be thrown). Get rid
of the check, and get rid of "netbios_add_name()"s return value.
In "dissect_nbipx_dg()", always call the SMB dissector if there's data
left in the packet, regardless of whether the "tree" argument is null or
not; subdissectors should always be called, so they can build any
internal state on the first pass through the capture, and so that they
can fill in the Protocol and Info columns.
svn path=/trunk/; revision=2899
XXX - this causes the Info column for M3UA packets to have stuff from
SCTP as well as M3UA, but doesn't cause the Protocol column to say
"SCTP/M3UA", just "M3UA"; fixing that requires that the M3UA dissector
be able to find out whether it's already put "/M3UA" into the Protocol
column, but I Have A Cunning Plan to handle that which might also allow
display filters containing only protocol names (i.e., filters that care
only whether a given packet contains data for a given protocol) to run
much faster.
svn path=/trunk/; revision=2898
for "Bridging PDU"s (which I'm assuming are 802.1d Spanning Tree BPDUs),
and have the STP and LANBridge100 STP dissectors register them with the
"ppp.protocol" dissector table.
Fix the value for the PPP type for MPLS Multicast (it's 0x0283, not
0x0281).
svn path=/trunk/; revision=2896
character sets in it (we currently only handle a few character sets, and
all "handle" means, so far, is "display the name of the character set as
well as the numerical value; we don't actually handle, say, Unicode in
such a way as to keep a Unicode version of an ASCII string from having
every other byte be "\000").
svn path=/trunk/; revision=2894
dissectors for protcools that can be encapsulated inside GRE in that
table.
Fix a bug in the handling of WCCPv2 IP encapsulation (it was
constructing the next tvbuff before, rather than after, advancing the
offset past the redirection header).
svn path=/trunk/; revision=2893
It was the last dissector that used "old_call_dissector()", and
tvbuffifying it got rid of that, so get rid of "old_call_dissector()".
svn path=/trunk/; revision=2892
"{old_}dissector_try_port()", so that its value doesn't get changed out
from under a dissector that calls "{old_}dissectory_try_port()".
svn path=/trunk/; revision=2890
Guy Harris