dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
Redo the way the variable part of COTP and CLTP packets are handled, by
having a single routine to handle it for all packets, rather than having
the dissector for each type of packet handle the parameters those
packets are supposed to have.
Fix "is_LI_NORMAL_AK()" to test (heuristically) whether an AK COTP
packet is normal rather than extended, rather than testing whether it's
normal, and invert the test where it's used (i.e. make what it does
correspond to what its name says, which means we invert the test it
does, and then change the code that uses it appropriately).
Add support for the "preferred maximum TPDU size" and "inactivity timer"
parameters, and fix various problems in the dissection of particular
parameters.
svn path=/trunk/; revision=2100
a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
svn path=/trunk/; revision=2031
2 - Consistantly display LCN in decimal (they used to be displayed in
decimal in the packet list, and in hexadecimal in the tree view).
svn path=/trunk/; revision=2026
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
proto_tree_add_protocol_format()
proto_tree_add_uint_format()
proto_tree_add_ipxnet_format()
proto_tree_add_ipv4_format()
proto_tree_add_ipv6_format()
proto_tree_add_bytes_format()
proto_tree_add_string_format()
proto_tree_add_ether_format()
proto_tree_add_time_format()
proto_tree_add_double_format()
proto_tree_add_boolean_format()
If using GCC 2.x, we can check the print-format against the variable args
passed in. Regardless of compiler, we can now check at run-time that the
field type passed into the function corresponds to what that function
expects (FT_UINT, FT_BOOLEAN, etc.)
Note that proto_tree_add_protocol_format() does not require a value field,
since the value of a protocol is always NULL. It's more intuitive w/o the
vestigial argument.
Fixed a proto_tree_add_item_format-related bug in packet-isis-hello.c
Fixed a variable usage bug in packet-v120.c. (ett_* was used instead of hf_*)
Checked in Guy's fix for the function declearation for proto_tree_add_text()
and proto_tree_add_notext().
svn path=/trunk/; revision=1713
outside "packet-x25.c", it's only registered as a protocol init
routine), and explicitly declare it as taking no arguments (GCC doesn't
complain about passing a pointer to a routine with an unspecified
argument list to "register_init_routine()", which expects a pointer to a
routine with no arguments, but Microsoft Visual C{++} 6.0 does complain
about it).
svn path=/trunk/; revision=1664
routine to be called every time a new capture file is opened instead of
calling it in read_cap_file() and do_capture().
svn path=/trunk/; revision=1651
This function is used to re-initialize the hash table used by the X.25
dissector to record the upper layer protocol used by each VC. The hash
table should be re-initialized each time we read / start a new capture.
I moved the definition of the function from packet.h to packet-x25.h, and
added calls to reinit_x25_hashtable() in read_cap_file (file.c) and
do_capture (capture.c).
svn path=/trunk/; revision=1644
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
if I correctly read the Windows NT DDK documentation on WAN drivers, for
PPP as well - an ISO NLPID, so use the "nlpid.h" values where they
exist.
Currently doesn't treat NLPID_PPP as PPP, but if we get a PPP-over-X.25
capture, we may find that it should do so.
svn path=/trunk/; revision=1577
"fd->cap_len" for the frame length - or to use macros such as
"BYTES_ARE_IN_FRAME()", "IS_DATA_IN_FRAME()", and "END_OF_FRAME", which
use "pi.captured_len" - so that they correctly handle frames where the
actual data length of the packet is less than the size of the raw frame,
e.g. with encapsulations such as ISL.
svn path=/trunk/; revision=1531
- use a subtree for each facility
- decode the DTE address when appropriate
Address decoding in call setup and clearing packets :
- the A bit is the first bit of the general format identifier
- correct use of this A bit (toa parameter) in x25_ntoa
svn path=/trunk/; revision=1300
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
more display filters for X.25;
no LCN in X.25 RESTART / DIAGNOSTIC / REGISTRATION packets;
support for nettl file format (nettl is a trace tool for HP-UX).
For now, it only supports traces for X.25 interfaces (tested
with HP-UX 10.20).
svn path=/trunk/; revision=879
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
packet-lapb.c :
check the validity of the first byte in the frame.
packet-x25.c :
- in get_x25_pkt_len() : check that we are not reading after the end of
the captured data
- in dissect_x25() : various checks to avoid reading after the end of
the captured data
- in dissect_x25() : use offset (and not 2) as the length of the
underlying protocol header.
Olivier
svn path=/trunk/; revision=669
file, instead of throwing out all but LANE or RFC 1483 data frames and
pretending that the former are just Ethernet or Token-Ring frames.
Add some level of decoding for ATM LANE, but not all of it; the rest,
including decoding non-LANE frames, is left as an exercise for somebody
who has captures they want to decode, an interest in decoding them, ATM
expertise, and time....
svn path=/trunk/; revision=523
support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: a
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=417
Guy Harris