bitfields are a pain to use when dealing with structures with a fixed
layout in memory (you have to worry about bit order, for example).
Don't assume that the Ethernet header is aligned on a 2-byte boundary -
use "pntohs()" to extract stuff from it. (Perhaps C will force it onto
a 2-byte boundary, but why take chances, and why leave the code
vulnerable to changes outside this module?)
Don't assume that the pointers to the IP and TCP headers are nicely
aligned - use "memcpy()", not structure assignment, to copy the headers.
(They're probably *not* nicely aligned on platforms that require 4-byte
alignment of 4-byte integral quantities; the code was dumping core on
SPARC with an alignment error.)
Don't even make those pointers be pointers to structures, as that may
cause the C compiler to generate in-line 4-byte loads and stores for
"memcpy()" (in fact, it *did* do so with GCC 2.95.1 on SPARC), which has
the same problem as structure assignment.
Don't test the IP protocol number twice when handling PPP.
svn path=/trunk/; revision=4378
to reflect tvbuff-based access to packet data.
Update calls that deal with columns to pass "pinfo->cinfo" rather than
"pinfo->fd".
Update the example of preference registration to reflect the replacement
of the BXXP dissector with the BEEP dissector.
svn path=/trunk/; revision=4376
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4371
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
"config.guess" and "config.sub" vefore running "libtool", and restore
them after running "libtool", so that it doesn't gratuitously "help" us
by installing whatever old versions of those scripts happen to be part
of the version of libtool on the machine.
svn path=/trunk/; revision=4369
"returns an invalid file handle, if used in a Windows program,
that will cause the program to hang indefinitely"), so we can't
use a pipe to a print command to print to a printer.
Eventually, we should try to use the native Win32 printing API
for this (and also use various UNIX printing APIs, when present?).
For now, we support only printing to a file in Windows.
svn path=/trunk/; revision=4366
will override our versions of "config.guess" and "config.sub", which we
don't want. (We don't use "--force" with "automake --add-missing".)
svn path=/trunk/; revision=4363
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
the "The Compiler and Tools" section on
http://fink.sourceforge.net/doc/porting/basics.php
Do so on MacOS X regardless of whether the compiler is called "gcc" or
not, as that page also indicates that the compiler is installed as "cc".
svn path=/trunk/; revision=4354
the parent under which the field was registered.
This is the *unoptimized* version, to give developers something
to use while the optimized version is being created.
svn path=/trunk/; revision=4351
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
svn path=/trunk/; revision=4350
you're doing NetBIOS-over-TCP (yes, I've seen that, with one response
being a Transaction and the other being a Read and X), so the frame
number is insufficient as a key in the hash table of matched
request/response pairs; use the frame number and the MID.
svn path=/trunk/; revision=4344
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337
files would put a 32-bit quantity on a 16-bit boundary without padding;
this means that many compilers will insert the padding and thus make the
structure not match what's in the file.
Instead of using a C structure, #define values for the offsets of
fields, read the header into an array of bytes, and extract values using
the offsets.
svn path=/trunk/; revision=4334
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
