UDH dissection in SMPP message
WTP and WSP dissection over SMPP (no reassembly)
WSP status code rendering in Info column
svn path=/trunk/; revision=7954
concatenation situation. Now the WSP dissector wanting to display the
entire PDU will stick to the sub-tvbuff boundaries in the data highlight
pane.
svn path=/trunk/; revision=7690
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
sequence numbers or offsets and are thus assumed to be received in order
with no duplicates or dropped fragments (e.g., for NetBIOS Frame, where
802.2 LLC guarantees in-order delivery to NetBIOS with no duplicates or
dropped fragments).
"show_fragment_tree()' and "show_fragment_seq_tree()" don't modify the
"fragment_items" to which the "fit" argument points, so make that
argument a "const fragment_items *".
Make all the "fragment_items" tables "static" (as they're not used
outside the modules defining them) and "const" (as they're not
modified).
Add support for reassembly of NetBIOS fragmented requests and responses.
Get rid of an unnecessary include of "packet-tr.c" in the NetBIOS
dissector, and make its table of dissection function pointers static.
Fix some typos in the AppleTalk and NetBIOS dissectors.
svn path=/trunk/; revision=6491
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
svn path=/trunk/; revision=5889
but for stuff reassembled with "fragment_add_seq()" or
"fragment_add_seq_check()".
Add a "fragment tag" string to the "fragment_items", so that packets
with fragmentation errors can be properly flagged as having "Illegal
fragments" or "Illegal segments" depending on the term used with the
protocol in question.
Make all the dissectors that can use "show_fragment_tree()" or
"show_fragment_seq_tree()", and don't already use them, do so.
svn path=/trunk/; revision=5644
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
Create a protocol tree item for the fixed part of the WTP header.
Don't assign the value of "proto_tree_add_XXX" routines to a variable if
you're not going to use the value.
svn path=/trunk/; revision=5103
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
rather than a function pointer, "dissect_wtp_fromudp()" no longer needs
to be global; make it static, register it by name, and have the WSP
dissector get the handle by calling "find_dissector()" rather than by
constructing its own handle for it.
Fix up some attributions.
svn path=/trunk/; revision=4306
- A bug related to "WSP header pages" is fixed, that
resulted into "malformed WSP frame" alerts
- "Concatenated PDUs" (Multiple PDUs within one UDP
packet) are now supported (used e.g. by Nokia 8310)
- The URL of WSP GET/POST requests is display in the
info column, same like HTTP GET requests
svn path=/trunk/; revision=4004
connectionless or connection-oriented mode on the server port; that
won't work with redirects. Instead, base it on the protocol atop which
WSP is running - atop UDP, or directly atop WTLS, it's connectionless;
atop WTP, it's connection-oriented.
svn path=/trunk/; revision=3750
the port - instead, base it on whether the dissector was called directly
from UDP or called from another WAP dissector.
That way, if you explicitly say "decode this as WTP" because there was a
redirection (or if, in the future, the WSP dissector handles
redirections for you, although that won't handle the case of a capture
where the redirection wasn't captured), the column doesn't say "UDP", it
says the right thing.
Don't register the WTLS dissector by name - nobody calls it through a
handle.
Register the WTP dissector by name, as the WTLS dissector tries to get a
handle for it - although it doesn't actually call it, or the WSP
dissector, through a handle.
svn path=/trunk/; revision=3647
"value_string" array, do it the right way, by using "val_to_str()" - the
PDU type is 4 bits, but there aren't 16 entries in the array, so a bogus
PDU type (*don't* assume that can't happen...) can cause a core dump.
svn path=/trunk/; revision=3169
statements.
Move the setting of the Protocol column in various dissectors before
anything is fetched from the packet, and also clear the Info column at
that point in those and some other dissectors, so that if an exception
is thrown, the columns don't reflect the previous protocol.
Don't use
col_add_fstr(..., "%s", string);
Use
col_add_str(..., string);
as it does the same thing, but doesn't drag all the heavy *printf
machinery in.
Fix the DDTP dissector to set the Info column regardless of whether
we're building a protocol tree or not, and to set it to "Encrypted
payload" if the payload is encrypted. Also fix a typo in a field name.
Register the FTP data dissector as being associated with the FTP data
protocol, not the FTP protocol (the removed "CHECK_DISPLAY_AS_DATA()"
call checked "proto_ftp_data", and the removed "pinfo->current_proto ="
line set it to "FTP-DATA", so it should be associated with
"proto_ftp_data").
Make the H1 dissector check whether the frame has at least 2 bytes in it
before checking the first two bytes; heuristic dissectors must not throw
exceptions until they've accepted the packet as one of theirs.
Use "tvb_format_text()" rather than "tvb_get_ptr()" and "format_text()"
in some dissectors where the result of "tvb_get_ptr()" is used only in
the "format_text()" call.
In the Quake dissector, don't check whether there are at least 4 bytes
in the packet - if we return, the packet won't be dissected at all (it's
not as if some other dissector will get to handle it), and, if we don't
return, we'll throw an exception if there aren't at least 4 bytes in the
packet, so the packet will be marked as short or malformed, as
appropriate.
In the RIPng dissector, associate the table of strings for the command
field with the command field, so that the dissector doesn't have to
format the string for the protocol tree entry itself, and so that the
filter construction dialog box can let you select "Request" or
"Response" from a list rather than requiring you to know the values for
"Request" and "Response".
Make "dissect_rpc()" static, as it's called only through a heuristic
dissector list.
Use "col_set_str()" to set the COL_PROTOCOL column for RPC protocols;
the string used is from a table provided by the dissector, and is a
string constant.
Don't format the Info column for WSP into a buffer and then format that
buffer into the column with "%s" - "col_add_fstr()" can do the
formatting for you, without having to allocate your own buffer (or run
through the *printf machinery twice).
Don't fetch fields from the WTP packet until you're ready to use them,
so that you don't throw an exception before you even set the Protocol
column or clear the Info column.
Use "pinfo->destport", not "pi.destport", in the Zebra dissector when
checking whether the packet is a request or reply, and do the check by
comparing with "pinfo->match_port" rather than TCP_PORT_ZEBRA (so that
if the dissector is ever registered on another port, it still correctly
determines whether the packet is a request or reply - the Network
Monitor HTTP dissector has port 80 wired into its brain, which is a bit
irritating if you're trying to get it to dissect HTTP proxy traffic on
port 3128 or proxy administration UI traffic on port 3132).
svn path=/trunk/; revision=2931
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
with not terminating their arrays because they knew the limits of the
value used to look up strings in the value_string array, but the
dfilter_expr_dlg does not know these limits and must rely on the terminating
{0, NULL} record.
Also, in SNA fixed a bug in which a field should have been defined as FT_UINT8
but was defined as FT_BOOLEAN.
In WTP, fixed a value string which had duplicate keys.
svn path=/trunk/; revision=2817
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
that if they threw an exception, the wrong protocol would be blamed.
Add the missing assignments.
Clean up the extraction of the null-encapsulation header.
svn path=/trunk/; revision=2730
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
protocols have been disabled.
Get rid of the "no tvbuff" dissectors for WSP and WTP - they're not used
(and shouldn't ever be used).
Make "dissect_wtp()" static, as it's not used outside "packet-wtp.c".
svn path=/trunk/; revision=2568
statements whatsoever in a "case" or "default" clause; add a "break"
statement to keep it happy. (Other compilers may also be less forgiving
than GCC.)
svn path=/trunk/; revision=2560
Guy Harris