as raw TCP segment data under the TCP protocol tree item, rather than as
a top-level data item - and do so even for the last of the segments
reassembled into that packet.
svn path=/trunk/; revision=4754
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
argument, so if the length was supplied as -1, it can set it to the
length of data remaining in the tvbuff, so that its callers can use that
length when getting the value for the field, rather than leaving the
length in the "field_info" structure as -1.
svn path=/trunk/; revision=4752
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
"UcpHandleString(hf_ucp_parm_NT);" - the field really is one character
long, as per the (correct) change from FT_STRING to FT_UINT8.
svn path=/trunk/; revision=4739
and use the vals_parm_NT value string in that registration.
Thanks to Marcin Gryszkalis <mgryszkalis@cerint.pl> for the bug report.
svn path=/trunk/; revision=4736
- For selected read and write SMBs, display the byte count and offset
in the info column. This makes browsing file read/writes easier to
understand.
- In dissect_nt_sids() sometimes the version number is 3 but the rest
of the sid format remains the same. This is purely by observation -
I have no documentation to confirm this.
- Use a GString instead of a fixed buffer in dissect_nt_sids().
svn path=/trunk/; revision=4733
Communities attribute in a BGP Update message.
Also, get rid of an extra space before a colon in the display for that
attribute, which isn't in other attributes.
svn path=/trunk/; revision=4732
print it with "%lld".
In any case, not all platforms on which Ethereal can be built support
64-bit integral data types, and, even on those that do, not all of them
support "%ll[doux]" as the format for printing those types, so do the
arithmetic in floating point by multiplying the bytes/s values by 8.0,
and print with "%.0f" instead.
svn path=/trunk/; revision=4731
structure containing a 32-bit conversation ID (which uniquely identifies
conversations between a SCSI initiator and target) and a 32-bit task ID
(which uniquely identifies a task within that conversation).
Have the NDMP dissector create conversations when it sees an "execute
CDB" request, and use the conversation index as the conversation ID and
the sequence number for requests and reply sequence for replies as the
task ID.
Have it use "dissect_scsi_payload()" to dissect the payload of "execute
CDB" requests and replies.
svn path=/trunk/; revision=4726
"packet-scsi.c" into "packet-scsi.c"; the iSCSI dissector doesn't need
its own versions of a pile of static data structures used only by
"packet-scsi.c", nor does it need a pile of typedefs and #defines used
only by "packet-scsi.c".
The iSCSI dissector *does* use "scsi_status_val", so make that
non-static, and export it from "packet-scsi.h".
svn path=/trunk/; revision=4724
Have the Q.931 PDU dissector, if it's Q.931-over-TPKT, check for
user-user IEs with a protocol discriminator of "X.208 and X.209 coded
user information" and, if it sees one, call an H.225.0 Call Setup
dissector if it could find the handle for it.
svn path=/trunk/; revision=4723
SAMR updates;
a bugfix in dissect_ndr_pointer() (should not check referent id
for aliases for unique pointers);
enhancement to dissect_ndr_pointer() to make it possible to
hand a generic int value to the dissector for the pointer object
in a similar way as hf_index values are passed through the
pointer layer.
svn path=/trunk/; revision=4721
fix to LookupRids to match what the IDL file says;
fix to "dissect_ndr_uint64()" to specify the right length to
"proto_tree_add_item()";
give the protocol tree items for array header counts and offsets
the correct offsets in the packet.
svn path=/trunk/; revision=4719
dissect dcerpc UDP replies correctly - use the opnum from the
request, ont the reply (the opnum from the request is frequently
wrong in Microsoft's DCE RPC implementation);
don't crash if the packet isn't found in the hash tables;
dissect SamrLookupDomain requests properly.
svn path=/trunk/; revision=4718
as FT_ETHER fields, not FT_BYTES fields.
Only label Appletalk protocol addresses as "{Source,Target} ID"; label
the others as "{Source,Target} protocol address", and have different
fields for Appletalk and other protocol addresses.
Don't put addresses into the protocol tree if they're zero-length.
svn path=/trunk/; revision=4717
as FT_ETHER fields, not FT_BYTES fields.
Don't treat Experimental Ethernet addresses as being Ethernet addresses
(they were 8 bytes long, not 48 bytes long).
Put ARP protocol addresses that are IPv4 addresses into the protocol
tree as FT_IPv4 fields, not FT_BYTES fields.
Fix the checks for MAC hardware addresses and IPv4 protocol addresses,
done to see if we should say a given Ethernet address has the same name
as a given IP address, to check both the type and length.
svn path=/trunk/; revision=4716
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
somehow doesn't like the structure member name "fh_len", for some reason
(probably some #define in some header file); change that (and other
"fh_len" variables) to "fh_length" instead.
svn path=/trunk/; revision=4705