a list of disabled protocols, and to save that list from the Edit >
Protocols dialog box.
Add checks for read errors in "read_prefs()".
Clean up white space.
svn path=/trunk/; revision=8144
Still something wrong with NonStandardParameter, I cant find why ethereal is
wrong but it misses misses one bit in the decoding causing malformed frames.
I cant see what is wrong when looking at the packets. need furhter investigations.
Make h225 compile in as default
svn path=/trunk/; revision=8119
constrained integers with an extension marker.
Update all calls to the constrained integer dissector
Add dissection to the rfc_number type which is a constrasined integer with an extension marker
Add H245 so that it builds by default in ethereal.
It has been tested extensively by a semi-large number of people with a lot of real and synthetic captures and seems to work very well.
New protocol added to ethereal
svn path=/trunk/; revision=8032
to the dissector that handles the particular authentication flavour. This
gets rid of a couple of ugly switch statements and allows other authentication
modules to be written easily.
svn path=/trunk/; revision=8026
and put them in their own file.
I had to put them im packet-per.c instead of asn1-per.c since othervise
i couldnt get it to invoke the register routine from register.c
the per dissector is compiled into ethereal by default, but there are no callers in ethereal until the h245 dissector is added.
someone that knows the registry stuff better might consider renaming it to asn1-per.c instead of packet-per.c
svn path=/trunk/; revision=8017
"dissect_ip_tcp_options()" but for options that are like IPv6 options
(i.e., the length byte has a value that doesn't include the option code
or length byte).
Add an "ip_opts.h" header to declare it, and move the declaration of
stuff used by it and "dissect_ip_tcp_options()", and the declaration of
"dissect_ip_tcp_options()", to that header.
Use "dissect_ipv6_options()" for Mobile IPv6 options.
Get rid of the unused "mip6_opt_types[]" array in "packet-mip6.h".
svn path=/trunk/; revision=8015
"EtherNet/IP" name in his original version ("IP" there is "Industrial
Protocol", not "Internet Protocol"), and to the original file name, and
getting rid of some unused variables.
svn path=/trunk/; revision=7851
Support can be enabled at configure time by using "--with-adns=DIR".
If support is enabled, async queries happen whenever host name resolution
is enabled. Do we need a separate preference for async queries?
Currently, only IPv4 reverse queries are supported. I can add IPv4 forward
lookup support, but I don't have any way to test IPv6 queries.
svn path=/trunk/; revision=7640
to just be an extension to AODV - and the dissectors use the same port,
which doesn't work unless there's only one dissector).
svn path=/trunk/; revision=7616
Add Response-Time statistics for each known mgcp message-type.
Fix a few bugs and remove trailing whitespace.
Use "gdouble" for printing time-values and calculating the
average. It is easier to use and shouldn't overflow on big
trace files like "guint32".
Move some functions for time statistics into the new file
timestats.c in the main directory. This code may be useful in
the rpc and smb rtt-taps as well.
svn path=/trunk/; revision=7469
Socket 0x9001 is for NLSP - it supports LANs as well as WANs, at least
as I read the specification.
Socket 0x9004 is for "IPX WAN 2".
svn path=/trunk/; revision=7387
This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.
For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().
Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.
svn path=/trunk/; revision=7362
Add support for the OpenBSD enc(4) encapsulating interface. Add
support for Ethernet over IP (RFC 3378).
Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.
svn path=/trunk/; revision=7310
"register-static.c", or "ps.c", as we distribute them in the tarball.
Add Georgi Guninski to the credits list in the man page.
svn path=/trunk/; revision=7206
- Move all static definitions from packet-wbxml.h to packet-wbxml.c
- Comment out inclusion of packet-wbxml.h in packet-wbxml.c
- Append WBXML + version + public ID to the Info column
Then, while we're at it, get rid of packet-wbxml.h (we can reinstate it
if there's any functionality to export other than the dissector) and get
rid of the include of packet-wbxml.h (and update comments not to refer
to it).
svn path=/trunk/; revision=7153
- A new decoder called MDSHDR which decodes the internal header of the
Cisco MDS switch (this is different from the Boardwalk header).
- Support for some more new columns as part of FC support.
- Fixed the decoding of the Special Frame in FCIP.
- Fixed the decoding of credit management type field in FLOGI/PLOGI frame
in FC-ELS.
svn path=/trunk/; revision=6974
IO-Users is a feature for tethereal that will print statistics on io usage
similar to top talkers in other tools.
It needs to be ported to ethereal with a nice graph sometime later.
try:
-z io,users,ip
see man-page
svn path=/trunk/; revision=6972
SMB RTT statistics are similar to the RTT statistics already supported by ONC-RPC and DCE-RPC.
It will present a table with all seen SMB commands and present the Min/Max and Avg response time in ms.
Transaction2 and NT-Transaction commands are broken out and presented in its own subtables.
tethereal feature is activated with -z smb,rtt switch
and in ethereal it is activated either through -0z smb,rtt switch or through the Menu.
svn path=/trunk/; revision=6966
Move SCTP payload protocol IDs to a header file, and get the PPIDs from
that header file rather than defining them in dissectors running atop
SCTP. Use both the old(?) and official PPID for ASAP.
svn path=/trunk/; revision=6926
- Decoders for the few remaining FC protocols not included in my first
patch. Included in this list are decoders for FC-CT (common transport),
Name Server (dNS), Fabric Configuration Server (FCS) and Zone Server
(FZS).
- Decoder for MDS Debug Port Adapter. MDS Debug Port Adapter (internal
name was Boardwalk and this is the file name) is a piece of hardware
that can be purchased with Cisco's MDS Fibre Channel switches that
converts FC frames into Ethernet frames. One end is connected to a
port on a FC switch and the other end is connected to a FE/GE Ethernet
port. The decoder included here decodes the encapsulation header that
carries information such as SOF/EOF of FC frames.
svn path=/trunk/; revision=6919
just Ethernet type values. Move the type value for ISO network-layer
protocols there, and put the type value for IEEE spanning tree there as
well, use that value in the BPDU dissector, and add an item to the CHDLC
dissector for it.
svn path=/trunk/; revision=6915
The Q bit in X.25 doesn't mean "this is QLLC traffic", it's just a "this
packet is special" indication. Have the X.25 dissector pass as the
"private_data" pointer a pointer to a gboolean indicating whether the Q
bit was set or not. Replace the "decode non-Q-bit traffic as SNA"
option with a "decode traffic as QLLC/SNA if we didn't see the Call
Request packet and thus don't know what it is" option, which hands
traffic to the QLLC dissector for that traffic. Have the QLLC dissector
hand traffic to the SNA dissector if the Q bit isn't set.
Arrange that we determine whether the Q bit is set regardless of whether
we're building the protocol tree or not.
If we don't just dissect traffic as QLLC/SNA if we didn't see the Call
Request packet, check not only for 0x45 (as an indication that it's
probably IP), check also for NLPID_ISO8473_CLNP and treat that as an
indication that it's probably OSI CLNP.
svn path=/trunk/; revision=6854
make ANSI point codes filterable in MTP3;
fix a bug in the ANSI SLS dissection;
have MTP3 store the SI for use by subdissectors;
add a new MTP3-Management dissector.
Fix Makefile.nmake to include the Wellfleet HDLC dissector.
svn path=/trunk/; revision=6837
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
svn path=/trunk/; revision=6825
The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
svn path=/trunk/; revision=6790
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
and generate the table of stuff to register from tap source files, so
Tethereal doesn't need to know what tap listeners exist.
Get rid of "tap-xxx.h" files, as they're now empty.
Add "tethereal-tap-register.c" to the .cvsignore file, as it's a new
generated file.
Update "Makefile.nmake" to generate "tethereal-tap-register.c".
Clean up "Makefile.am" and "Makefile.nmake" a bit.
svn path=/trunk/; revision=6525
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
svn path=/trunk/; revision=6521
problem. The win2k DNS MMC snap-in generates calls to this pipe.
There appear to be three calls which have been implemented as stubs
for the moment.
svn path=/trunk/; revision=6277
ranges specified with a mask, as well as manufacturer OUIs. Match the
address range values, as well as MAC addresses and manufacturer OUIs,
when translating MAC addresses to names.
Have "make-manuf" read a file containing the well-known addresses and
append it to the list of OUIs.
svn path=/trunk/; revision=6233
One example extension is rpcstat.
Try -Z rpc,rtt,100003,3 as argument to tethereal when reading a capture
containing NFSv3 packets.
tap-rpcstat.[ch] is intended to demonstrate the api and can be used to
base other extensions on.
svn path=/trunk/; revision=6175
All the deprecated widgets have not been replaced yet :
GtkList and GtkCList ==> GtkTreeView conversion :
- color_dlg.c
- column_prefs.c
- decode_as_dlg.c : done
- dfilter_expr_dialog
- filter_prefs.c
- main.c
- plugins_dlg.c : done
GtkCTree ==> GtkTreeView conversion : done
GtkText ==> GtkTextView conversion : done
Remaining problems :
- gtk_font_selection_dialog_set_filter doesn't exist anymore (but hasn't
been removed from the documentation). I don't know how to filter the
font selection dialog to get only fixed width fonts ;
- we have to remove GUI prefs which are not usefule anymore : tree line
style and tree expander style.
svn path=/trunk/; revision=6153
following changes:
- Inserted packet-tds.h This is personal taste because of the many
files in the toplevel directory. Whoever works on this next is
free of course to separate it back out again.
- Removed unused includes sys/types.h, snprintf.h, netinet/in.h
- #if-0 unused function
- Removed duplicate define
- Declared all unused parameters as such
- Changed a // comment into /* */
- ifdef-DEBUG a printf statement
svn path=/trunk/; revision=6025
"make install"; even though the resulting files are huge it's probably better
to have the debugging symbols intact. Set file and directory permissions in
/usr/local to match those in /usr.
svn path=/trunk/; revision=6016
DOCSIS support, including support for "Ethernet" captures where
the raw frame is a DOCSIS frame rather than an Ethernet
frame (some Cisco cable-modem head-end gear can send out a
trace of all traffic on an Ethernet, but what it sends are
the raw bytes of DOCSIS frames, not Ethernet frames)
Get rid of second AUTHORS entry for Devin Heitmueller, merging its item
into the older entry.
Clean up the order of some lists of plugin items.
svn path=/trunk/; revision=5861
of the directory for Ethereal configuration files, not the configuration
file directory, as the Diameter dissector looks for them in the
subdirectory.
svn path=/trunk/; revision=5606
static, and add a new "packet-data.h" to declare "proto_data".
Display escape sequences in octal in the IAPP dissector, as is now done
in the RADIUS dissector.
svn path=/trunk/; revision=5441
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
IEEE-float-to-native-float code, and use that as the basis for
IEEE-double-to-native-double code. Use that code on VAXes.
Eliminate "ieee-float.h", as we no longer use it; instead, we use the
tvbuff routines for extracting IEEE floating-point numbers.
svn path=/trunk/; revision=5243
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
Declares some variables static.
Creates a new include file packet-rsvp.h, and make use of it
(change some extern decls to #inlcude).
Move the file packet-pgm.h into packet-pgm.c as it is not used
by anything outside packet-pgm.c.
svn path=/trunk/; revision=5162
signalling and Generalized MPLS. This commit contains code for the
protocol version described in draft-ietf-ccamp-lmp-03.txt.
svn path=/trunk/; revision=5138
display of the symbolic form of the OID. Remove code that used to do
that outside of "format_oid()".
Export "format_oid()" from "packet-snmp.c" and use it in
"packet-cops.c".
Remove support for CMU SNMP and older versions of UCD SNMP from
"packet-cops.c", as it has been removed from the rest of Ethereal.
svn path=/trunk/; revision=4924
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
arguments that specify the header field indices for the checksum field
and the "checksum is bad" Boolean, and have the dissectors for some
protocols that use IGMP (DVMRP, MRDISC, MSNIP) use it rather than having
their own checksumming routines.
Also, fix it to correctly add the "checksum is bad" Boolean.
svn path=/trunk/; revision=4665
"--define", we now build the RPM and SRPM packages in packages/rpm.
As a result, one need not be root to build RPM-based packages.
Move the specfile to packaging/rpm/SPECS.
Update the INSTALL document to include the various packaging makefile
targets.
svn path=/trunk/; revision=4581
note that protocol constants are subject to change.
(packet format is also subject to change. but 22 draft should go
to wg last call very soon, and I really hope it to be the final one...)
svn path=/trunk/; revision=4504
on a desktop as "Ethereal".
Add a "BinaryPattern" entry; I think this is KDE-specific, and causes
KFM (and Konqueror, I suspect) to tag any executable file that matches
the pattern as being an Ethereal binary (or, at least, to tag some
executable files in that fashion), so make it match both "ethereal" and
"ethereal-static".
svn path=/trunk/; revision=4404
some fields not in the current version of the Free Desktop Group's
Desktop Entry Standard.
Update "Makefile.am" so that the ".desktop" file and the new image files
are in the release tarball.
svn path=/trunk/; revision=4403
Add a routine to ui_util.c that sets a window's icon pixmap to a 16x16
version of the 3D logo. Call the routine for each window that is created.
This has been tested with kwm and Sawfish (which expect a 16x16 icon), but
we may have to come up with a better solution for other window managers
(e.g. olwm and mwm).
Add a 3D exclamation point image. Replace the exclamation point and
Ethereal logo images used in simple_dialog() with their 3D counterparts.
Remove the old icons from the source distribution.
svn path=/trunk/; revision=4390
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
svn path=/trunk/; revision=4285
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
svn path=/trunk/; revision=4281
work on dissecting the Information frame of QLLC packets.
Thanks to mario.ferreira@hsbc.com.br for lots of information on SNA
over X.25.
svn path=/trunk/; revision=4207
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
tvbuffified heuristic-dissector interface, but have it immediately turn
its arguments into an old-style buffer pointer and offset.
Register the SMB dissector as a heuristic NetBIOS dissector, and have
"dissect_netbios_payload()" just try the heuristics, as it no longer has
to call the SMB dissector explicitly.
svn path=/trunk/; revision=3973
shell. (This also arranges that the source to "idl2eth" - which is now
"idl2eth.sh" - not be deleted by "make clean").
Add "doc/idl2eth.pod" to the list of files in a source tarball.
svn path=/trunk/; revision=3940
the lists of source and generated files for plugins.
While we're at it, make all those lists show the files in the same
order.
svn path=/trunk/; revision=3888
Update Makefile.am and Makefile.nmake files to build it (although it's
not currently built by default; you have to do "make idl2eth.1" on UNIX,
and something similar on Windows.
Put a full copyright notice into "doc/Makefile.nmake", along with a
comment explaining why stuff depends on "../config.h". Also, add
"clean" rules to it to get rid of generated files for mergecap and
text2pcap documentation.
svn path=/trunk/; revision=3801
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
Throw a very small caltrop in the way of spam-harvesters, by replacing
"@" in e-mail addresses in the AUTHORS file and Ethereal man page with
"[AT]" (although I wouldn't be surprised to find that some of those
harvesters already know about that trick and "fix" those addresses so
you, too, can receive Valuable Information about Viagra, can-fail
Internet investment opportunities and stuff-envelopes-at-home jobs, and
cable descramblers).
Add a couple of items from the AUTHORS file to the Ethereal man page.
svn path=/trunk/; revision=3781
have two independent "value_string" tables mapping RFC 1700 address
family numbers to names, nor is there any need to have the BGP dissector
and the PIM dissector have two independent sets of #defines for RFC 1700
address family numbers; put a single "value_string" table in "afn.c" and
put a declaration of it, and #defines for the address family numbers,
into "afn.h", and have the dissectors use that.
Move the #define for PGM into "ipproto.h", and add an entry for it in
the "value_string" table in "ipproto.c".
Have the PGM dissector use the standard Ethereal mechanisms for
resolving addresses, and have it use "value_string" tables for mapping
option types, the OPX bits, and packet types to strings. Use
"bytes_to_str()" to turn byte arrays into strings of hex digits. Pass
the packet type string to "dissect_pgmopts()" as an argument, rather
than making it a global. Don't use "proto_tree_add_XXX_format" routines
if you can possibly just use "proto_tree_add_XXX"; give various fields
the correct radix and type, and VALS() strings if necessary, to make
that happen (and to make filtering on them more pleasant). Put the
type, length, and total length of the options into the protocol tree as
separate fields. Don't have separate type, length, and OPX fields for
every type of option; one field will suffice. Don't format a string
with "sprintf()" and then pass that string to "col_add_fstr()" with a
format of "%s" and the string as an argument - "col_add_fstr()" can
format strings itself (that's what the "f" stands for). Don't byte-swap
and then un-byte-swap IPv4 address fields in the header, just leave them
network byte order to start with. Use the correct fields for
"proto_tree_add_XXX", rather than using the same field multiple times.
Quit early if an address family identifier isn't AFNUM_INET, as that
means the structure we use to dissect the header doesn't match the
actual header.
svn path=/trunk/; revision=3761
in the list of files in the distribution.
Make "doc" one of the subdirectories; this lets us remove
"doc/Makefile.in" from EXTRA_DIST, and might also ensure that stuff gets
rebuilt in that directory when it changes (for example, I don't know
whether "make dist" would have automatically rebuilt "doc/Makefile.in"
without "doc" being in the SUBDIRS list; if not, that might explain why
"doc/Makefile.in" didn't include rules for the mergecap man page in the
0.8.19 tarball).
svn path=/trunk/; revision=3735
files that might be left over from a UNIX build, so that they'll be
reconstructed from the "config.h.win32" files on a Windows build.
(If you have "config.h" files left over from a UNIX build, the Windows
build will fail.)
Update "README.win32" to mention "cleanbld.bat", and to correctly list
the files generated using tools that don't come with Windows or MSVC++.
Also note that some of them can't be built on UNIX systems.
svn path=/trunk/; revision=3713
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
files. See text2pcap.1 (built from doc/text2pcap.pod) for details.
Changed 'tethereal -x' output to match hex dump format of text2pcap,
Ethereal and others.
svn path=/trunk/; revision=3421
version of automake (which will probably eventually become the next
release of automake) - it assumes variables that end with _SOURCES are
of the form "target_SOURCES", where "target" must be a target that the
Makefile builds.
Rename "DISSECTOR_SOURCES" to "DISSECTOR_SRC" in "Makefile.nmake", as
well, so that part of "Makefile.nmake" exactly matches that part of
"Makefile.am".
svn path=/trunk/; revision=3408
Perl script that generates them, so that if we have to change those
fields we can do so more conveniently.
Remove the generated header files from CVS, and arrange that we generate
them when we do a build.
svn path=/trunk/; revision=3341
binaries, so users only need to make sure they have that version
installed in order to have Ethereal (and tcpdump, and snort, and so on)
accept "lanN"-style names (i.e., names of the sort reported by lanscan
and handled by ifconfig), rather than "dlpiN".
Get rid of the patches to update libpcap, get rid of the discussion in
"README.hpux" of patching libpcap and just say "get 0.6.2", and make the
notes on HP-UX kernel patches to fix problems with capturing outgoing
packets a separate item in the list of items in "README.hpux".
Also update the error messages Ethereal and Tethereal display if they
can't open a device and the error is "can't find PPA for XXX" to say
"get 0.6.2" rather than "patch libpcap and recompile.
svn path=/trunk/; revision=3288
That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
respectively, not Q.931 and Q.2931, in Frame Relay.
When dissecting Q.933-style multiprotocol encapsulated Frame Relay
frames, use the "osinl" dissector table to check for OSI network layer
protocols, include the NLPID in the tvbuff you hand to
"dissector_try_port()" with that dissector table, and put the NLPID into
the protocol tree as an invisible item - the NLPID is considered part of
the PDU for those protocols, so you have to include it in the tvbuff,
and the dissector will put it into the protocol tree.
Also, make sure the top-level entry for the Frame Relay protocol
includes all the bytes preceding the payload, and none of the payload
bytes.
Export a routine to do Q.933-style dissection, and have the WCP
dissector call it, rather than duplicating that code in the WCP
dissector.
Don't register OSI network layer protocols with the "fr.ietf" dissector
table; it's now sufficient to register them with the "osinl" dissector
table, as the Frame Relay dissector now checks that.
Get rid of unnecessary checks for protocols being enabled (if the
dissector is always called through handles or dissector tables, the
common code for handles and dissector tables will do the checks for
you).
Get rid of some unnecessary #includes.
svn path=/trunk/; revision=3211
as, on a large capture, it could take a significant amount of time.
Let the user stop the computation and, if they do, don't pop up the
statistics dialog box.
Create a new header file declaring the routines to create, update, and
destroy progress dialog boxes; those routines' APIs don't depend on
GTK+, but others declared in "ui_util.h" do, and we don't want to oblige
a source file to depend on GTK+ headers unless it uses a GTK+ API or an
API that depends on GTK+.
svn path=/trunk/; revision=3179
organizes the protocols in the same hierarchical order in which
they are found in the packet.
The GUI needs some more refinement (placment of vertical
scrollbar, style of GtkCTree, initial sizing of window).
I need to add an option to honor/not honor the current display filter.
svn path=/trunk/; revision=3162
into a "packet-smb-browse.h" header file, and have modules that import
those routines include "packet-smb-browse.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-logon.c".
Make routines and arrays not exported static, and make routines that
return a true/false return value "gboolean" rather than "guint32".
svn path=/trunk/; revision=3147
Move the declaration of routines exported from "packet-smb-mailslot.c"
into a "packet-smb-mailslot.h" header file, and have modules that import
those routines include "packet-smb-mailslot.h" rather than declaring the
routines themselves; do the same for routines exported from
"packet-smb-pipe.c". Make routines not exported static, and make
routines that return a true/false return value "gboolean" rather than
"guint32".
svn path=/trunk/; revision=3146
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
can now handle that; this allows us to register both the modulo-8 and
the modulo-128 versions of various X.25 bitfields with "x.25.XXX" names,
which lets us get rid of the "ex.25" protocol stuff completely and use
"x.25" for both modulo-8 and modulo-128 X.25. Do so. (Also, fix up
some cases where we appeared to be using the modulo-8 fields when
dissecting modulo-128 X.25.)
This, in turn, allows us to register the X.25 dissector, as there's now
only one protocol with which it's associated, and make it static and
have it called only through a handle, and to, when registering it with
the "llc.dsap" dissector table, associate it with "proto_x25".
That, in turn, allows us to get rid of the "CHECK_DISPLAY_AS_DATA()"
calls, and the code to set "pinfo->current_proto", in the X.25
dissector.
The code for the display filter expression dialog would, if there are
two fields with the same name registered under a protocol, list both of
them; have it list only one of them - the fields should have the same
type, the same radix, and the same value_string/true_false_string table
if any (if they don't, they're really not the same field...).
svn path=/trunk/; revision=3023
length field rather than an Ethernet type field) into a
"dissect_802_3()" routine.
In that routine, catch exceptions thrown by the IPX or LLC dissector or
dissectors under them, so that the trailer information is added to the
tree even if an exception is thrown (similar to what "ethertype()"
does).
svn path=/trunk/; revision=3002
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
not kill the goat with the *correct* sort of knife, on the *correct*
altar, and drink its blood from the *correct* goblet at the *correct*
temperature, he will wreak his revenge, perhaps, for example, causing
all your crops to sprout bearing bright green and pink polka-dots.
Add an extra 3 microns to the tip of the blade, so that the Automake God
will not be angry and fail to generate rules to install man pages. (It
would have been nice had the sacred scrolls described that particular
incantation, but so it goes....)
While we're at it, get rid of "EXTRA_MANS"; it doesn't appear to be
necessary (but such hubris may, of course, bring down the wrath of the
Automake God upon me - you can't just get rid of EXTRA_PROGRAMS, for
example, as the Automake God then forgets how to handle "ethereal_LDADD"
and the like - although in a test run the generated Makefile.in didn't
*appear* to have anything missing other than a definition of EXTRA_MANS,
which it didn't use and so presumably wouldn't miss).
svn path=/trunk/; revision=2900
dissectors for protcools that can be encapsulated inside GRE in that
table.
Fix a bug in the handling of WCCPv2 IP encapsulation (it was
constructing the next tvbuff before, rather than after, advancing the
offset past the redirection header).
svn path=/trunk/; revision=2893
script 'make-reg-dotc'. It is used only in the Win32 build because the
make-reg-dotc shell script is *so* sloooooooooow on Win32, due to the
multiple processes (grep, grep, sed) launched multiple times for each
source file. By putting all the text-mangling logic into a single Python
script, only one process is launched, and the source files are read
only once. It's *a lot* faster... seconds instead of minutes.
svn path=/trunk/; revision=2873
register their port as being for XXX-over-HTTP; the HTTP dissector
registers that port in the "tcp.port" table as an HTTP port, and
registers it in its *own* table with the dissector and protocol provided
to it.
Parse the HTTP MIME headers regardless of whether we're building a
protocol tree or not; we have to do so in order to find the offset of
the payload, to hand to an XXX-over-HTTP dissector.
svn path=/trunk/; revision=2872
its own; it's used not only by LLC, but by Frame Relay with RFC 2427 and
ATM with RFC 2684.
Support for RFC 2427-encapsulation Frame Relay packets, from Paul
Ionescu.
Get rid of the CISCO_IP PPP protocol type - Cisco HDLC uses, in most
cases, Ethernet packet types, so use ETHERTYPE_IP instead (they're both
0x0800).
svn path=/trunk/; revision=2854
Fix the GRE dissector to call subdissectors regardless of whether a full
protocol tree dissection is being done or not.
svn path=/trunk/; revision=2842
Add a new subdissector table in the LLC dissector for protocol IDs with
a Cisco OUI, and register the CDP, CGMP, and VTMP dissectors in that
table, rather than calling them via a switch statement.
Register the ISL dissector by name, and have the Ethernet dissector call
it via a handle.
Fix the handling of the checksum field in the CDP dissector.
The strings in CDP are counted, not null-terminated; treat them as such.
Fix the handling of the encapsulated frame CRC, and the encapsulated
frame, in the ISL dissector, at least for Ethernet frames; it may not be
correct for encapsulated Token Ring frames.
svn path=/trunk/; revision=2792
Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.
Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.
Dissect a bit more of the type-of-service metrics etc. in OSPF packets.
Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.
Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()". Use it instead of just subtracting an offset
from "tvb_reported_length()".
svn path=/trunk/; revision=2787
"asn1_string_value_decode()", as it can be used for various character
string types as well.
Turn "asn1_octet_string_decode()" into "asn1_string_decode()", which
takes an additional argument giving the tag expected for the string in
question, and make "asn1_octet_string_decode()" a wrapper around it.
Clean up the ASN.1 dissection in the Kerberos dissector, making more use
of the code in "asn1.c", wrapping more operations up in macros, and
doing some more type checking.
Use "REP" rather than "RESP" in names and strings; "REP" is what the
Kerberos spec uses.
Make the routines in the Kerberos dissector not used outside that
dissector static.
Fix some problems with the dissection of strings in the Kerberos
dissector (it was extracting the data from the wrong place in the
packet).
In Kerberos V5, the "kvno" item in the EncryptedData type is optional;
treat it as such.
Treat integers as unsigned in the Kerberos dissector.
svn path=/trunk/; revision=2777
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772