floating-point numbers, and display all the significant digits for both
single-precision and double-precision floating-point numbers in the
protocol tree, not just what "%g" does (6 digits).
Put in comments explaining how the length of filter strings is computed,
and fix some of the computations.
svn path=/trunk/; revision=6081
isn't guaranteed to return 0, 1, or -1, it returns *some* positive
number, not necessarily 1, if the first argument is greater than the
second, and *some* negative number, not necessarily -1, if the first
argument is less than the second).
svn path=/trunk/; revision=6063
While we're at it, add "extern" to a bunch of function declaration the
preceding change *didn't* require to have the "extern" added.
svn path=/trunk/; revision=5995
and <sys/types.h> is needed for <netinet/in.h>.
On systems with "inet_pton()", the API is defined using "u_char", and
we're including <sys/types.h> on platforms that have it (which should be
most if not all UNIX platforms) and including <winsock2.h> on platforms
that have it (Windows), so we might as well use "u_char" and "u_int", as
the BSD version of "inet_pton.c" does. (Besides, we weren't including
any GLib include files, so "guchar" and "guint" weren't getting defined
in any case.)
svn path=/trunk/; revision=5937
equivalents for the epan/ directory but leave winsock2.h in inet_pton.c
and inet_ntop.c for now (can't estimate the consequences).
svn path=/trunk/; revision=5928
-1,0,1 as the xxxcmp() functions will instead of just true/false.
Useful if you not only want to check for equality but also if you want to have a way to order the elements.
svn path=/trunk/; revision=5917
should do if it doesn't find an EOL; if FALSE, it behaves as before,
returning values that treat the line as ending at the end of the tvbuff,
and if TRUE, it returns -1, so its caller can do segment reassembly
until it gets the EOL.
Add an option to the SMTP dissector to do segment reassembly, and do
segment reassembly of the first line.
svn path=/trunk/; revision=5891
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
svn path=/trunk/; revision=5889
DOCSIS support, including support for "Ethernet" captures where
the raw frame is a DOCSIS frame rather than an Ethernet
frame (some Cisco cable-modem head-end gear can send out a
trace of all traffic on an Ethernet, but what it sends are
the raw bytes of DOCSIS frames, not Ethernet frames)
Get rid of second AUTHORS entry for Devin Heitmueller, merging its item
into the older entry.
Clean up the order of some lists of plugin items.
svn path=/trunk/; revision=5861
Add Zone Information Protocol support.
Rename "ddp.dst.socket" and "ddp.src.socket" to "ddp.dst_socket"
and "ddp.src_socket", as the socket number is no longer
considered part of the DDP address.
svn path=/trunk/; revision=5800
Use that in Tethereal rather than duplicating a pile of macros.
Get rid of the remaining uses of "stat()" in Tethereal - none of them
are necessary (they were just cut-and-pasted from Ethereal).
svn path=/trunk/; revision=5746
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
the argument is "fields", dump out a table of the fields, as we
currently do; if the argument is "protocols", dump out a table of the
protocols.
svn path=/trunk/; revision=5462
it throws the appropriate exception if the bytes don't exist. Use it in
the GIOP and ASN.1 code to check whether the bytes to be copied to a
buffer exist before allocating the buffer.
Make "check_offset_length_no_exception()" check for an overflow, so that
it can be used in "tvb_ensure_bytes_exist()" and do all the checking
that the code "tvb_ensure_bytes_exist()" replaces did.
Make "get_CDR_wchar()" return a "gint", so that if the length octet it
fetched has a value between 128 and 255, the length can be returned
correctly.
Fix some comments not to specify the exception thrown by various
routines that can throw various exceptions.
svn path=/trunk/; revision=5453
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
When we see PRTOMAP GETPORT calls for UDP, make sure all further UDP packets to or from
this port goes to the ONC-RPC dissector regardless of the port on the other side.
We need this because if there is ONC-RPC traffic going between the ONC-RPC Program port to a port which has a normal ethereal dissector, ethereal would dissect the traffic as the protocol associated with the other port instead.
svn path=/trunk/; revision=5430
"compute_offset_length()", and throw the exception it returns, rather
than calling "tvb_length_remaining()" and throw BoundsError if it
returns -1; this allows us to add additional exceptions without having
to change "tvb_ensure_length_remaining()".
Make "_tvb_get_nstringz()" static, as it's not used outside "tvbuff.c".
svn path=/trunk/; revision=5397
a negative value.
Use "tvb_ensure_length_remaining()" in "tcp_dissect_pdus()", rather than
checking the return value of "tvb_length_remaining()" ourselves, and
make various variables and parameters in it "guint" as appropriate.
svn path=/trunk/; revision=5396
where the pointer to "dissect_data()" was in 0.9.3; the pointer to
"dissect_data()" wasn't initialized in 0.9.3 (as the function wasn't
exported - you call it through a handle), so no plugin should have been
using it, and putting the pointer to "tcp_dissect_pdus()" in its place
means the structure offsets of all function pointers after it will be
the same in 0.9.3 and the next release, preserving binary compatibility
for plugins.
svn path=/trunk/; revision=5395
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
move the code from "dfilter_lookup_token()" into
"proto_registrar_get_byname()", and get rid of "dfilter_lookup_token()"
and have its callers call "proto_registrar_get_byname()" instead.
svn path=/trunk/; revision=5287
that return an "int", giving either an indication of how much data was
dissected, an indication of how much more data is needed from TCP to
dissect, or 0, meaning "this isn't one of my packets").
svn path=/trunk/; revision=5260
return types of the tvbuff accessors for floating-point types, to more
closely match the tvbuff accessors for integral types.
Fix an error in the code for fetching doubles on VAXes, and get rid of
unused union members on VAXes.
svn path=/trunk/; revision=5245
IEEE-float-to-native-float code, and use that as the basis for
IEEE-double-to-native-double code. Use that code on VAXes.
Eliminate "ieee-float.h", as we no longer use it; instead, we use the
tvbuff routines for extracting IEEE floating-point numbers.
svn path=/trunk/; revision=5243
Fix the display filter expression generated for protocol tree items
without named fields attached to them; the length defaults to 1 if not
specified in a range expression, so the length should be specified.
svn path=/trunk/; revision=5208
double-precision floating-point numbers, in big-endian and little-endian
format (hopefully there aren't any middle-endian formats; if there are,
we'll have to add them), from a tvbuff, and to return floats (for
single-precision) and doubles (for double-precision).
svn path=/trunk/; revision=5147
ETT_NONE entry.
Initialize the "tree_type" field of a "field_info" structure to -1,
meaning "this has not been given a subtree". Add checks before using
that field that it's in range. That way, you have to create a subtree
before putting protocol tree items under another item.
We allocate the "tree_is_expanded" array when we've registered all
dissectors; there's no need to allocate it while we're registering
dissectors and, in fact, doing so means we leak memory (the memory for
the version we allocated while registering dissectors).
svn path=/trunk/; revision=5068
representation string - set the representation string to the default
representation. This lets you append to an item that's been added with
"proto_tree_add_XXX" calls that don't explicitly format the
representation string.
svn path=/trunk/; revision=4973
end of the tvbuff is reached before the maximum_length passed by the
caller is reached and before a terminating NUL is found. In this case,
tvb_get_nstringz() returns a -1, but if the string is not artificially
terminated with a NUL by tvb_get_nstringz(), the
caller has no idea where the string should end because 1) the
return value "-1" gives the impression that the string ends
at the end of the buffer but 2) the string does
not end at the end of the buffer, but somewhere in the middle, due
to the packet being shorter than expected.
tvb_get_nstringz() and tvb_get_nstringz0() were both modified.
The FT_STRINGZ case in proto_tree_add_item() is made simpler.
During regression testing, when investigating a regression that I later
corrected, I discovered that strings added through proto_tree_add_item
(FT_STRING, FT_STRINGZ, and FT_UINT_STRING) leaked memory due to double
allocation of the string. The proto_tree_add_string*() functions do
not leak memory, since they only copy the string once. The memory
leak was fixed by adding another argument to the static function
proto_tree_set_string() to let the string ftype code know to g_strdup()
the string or not.
svn path=/trunk/; revision=4891
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
In the "configure.in" files, add
-D_U_="__attribute__((unused))"
to CFLAGS if we're using GCC, and add
-D_U_=""
otherwise, so _U_ can be used to mark arguments as unused.
Add -D_U_="" arguments to the Makefile.nmake files as well, so _U_ works
with Microsoft Visual C++ as well.
Add comments and RCS IDs to the Makefile.nmake files that don't already
have them.
svn path=/trunk/; revision=4824
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
dissectors. "Old-style" dissectors return nothing. "New-style"
dissectors return one of:
a positive integer, giving the number of bytes worth of data in
the tvbuff that it considered to be part of the PDU in the
tvbuff;
zero, if it didn't consider the data in the tvbuff to be a PDU
for its protocol;
a negative integer, giving the number of additional bytes worth
of data in needs to get the complete PDU (for use with
fragmentation/segmentation when the length of the PDU isn't
known to the protocol atop the one the dissector is dissecting).
Have "call_dissector()" return the return value of new-style dissectors,
and the length of the tvbuff handed to it for old-style dissectors.
Have "dissector_try_port()" return FALSE if the subdissector is a
new-style dissector and returned 0.
Make the EAP dissector a new-style dissector, and have a "EAP fragment"
dissector that is also a new-style dissector and handles fragmentation
of EAP messages (as happens above, for example, RADIUS). Also, clean up
some signed vs. unsigned comparison problems.
Reassemble EAP-Message AVPs in RADIUS.
svn path=/trunk/; revision=4811
"init_dissection()" which calls "epan_conversation_init()", does the
work that "init_all_protocols()" did, and then calls
"reassemble_init()", so that the standard sequence of dissection
initialization is done in one place, rather than having multiple places
call the same sequence of routines.
svn path=/trunk/; revision=4797
packets per segment.
Instead of having a routine for dissectors such as the Q.931 dissector
to call to dissect the TPKT header, have a routine that does all the
reassembly and multiple-packets-per-segment work, and have the Q.931
dissector call it. Export "is_tpkt()", and the new routine, to plugins.
Add preferences for TPKT and Q.931 reassembly.
svn path=/trunk/; revision=4778
argument, so if the length was supplied as -1, it can set it to the
length of data remaining in the tvbuff, so that its callers can use that
length when getting the value for the field, rather than leaving the
length in the "field_info" structure as -1.
svn path=/trunk/; revision=4752
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
function that computes the natural logarithm of a double. Using it as
the name of a pointer to a routine to do logging can cause namespace
collisions; in fact, it *does* cause them on AIX. Rename the function
argument to "logfunc".
svn path=/trunk/; revision=4700
typedef for "struct _value_string"; as such, the incomplete structure
declaration in "epan/proto.h" should declare "struct _value_string", not
"struct value_string", and casts and declarations in that header should
also use "struct _value_string", not "struct value_string".
svn path=/trunk/; revision=4699
tvb_length_remaining() except that it throws BoundsError if 'offset'
is out-of-bounds.
Allow a length argument of -1 for FT_STRING and FT_BYTES fields
in proto_tree_add_item().
Change some dissectors to either use -1 for the length argument in
calls to proto_tree_add_item(), or call tvb_ensure_length_remaining()
instead of tvb_length_remaining(), or to check the return-value
of tvb_length_remaining(). Changes to more dissectors are necessary,
but will follow later.
svn path=/trunk/; revision=4656
Digital UNIX, and HP C compilers, and it may not work with other
compilers (due to the GLib problem mentioned in the previous checkin),
so it runs the risk of being an "attractive nuisance", i.e. users may
try it, find it doesn't work, and then send mail to various Ethereal
mailing lists asking about it.
svn path=/trunk/; revision=4640
(This isn't as useful for testing purposes as it is in tcpdump and
libpcap, as GLib is configured based on the compiler used to compile it,
so you can't necessarily build an application using GLib with a compiler
different from the one used to compile GLib, but we'll add it anyway.)
svn path=/trunk/; revision=4637
X/Open specs *not* to be defined, so we also have to define
__EXTENSIONS__.
XXX - can we just define __USE_XOPEN, and not define _XOPEN_SOURCE? Is
that sufficient to get "strptime()" declared on all platforms?
svn path=/trunk/; revision=4629
#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 500
#endif
#define __USE_XOPEN
#include <time.h>
to get strptime() declared in time.h on various systems. I hope
this helps more than it hurts.
svn path=/trunk/; revision=4624
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
Separate the preferences value for those flags and the name resolution
code's value into separate variables; this means that the resolution
code no longer depends on the preferences code, and may let us
eventually have the current setting and the preference setting differ
(so that a user can temporarily override the preference setting without
causing subsequent saves of the preferences to save the temporary
value).
Add routines to create various types of widgets for preferences, and to
fetch the values for "enumerated" preferences, and use them both in the
code to handle hardwired preference pages and table-driven preference
pages.
svn path=/trunk/; revision=4536
Support for generating filter expressions based on packet list
column values
Support for adding filter expressions generated from column or
protocol tree field values to the current expression rather
than replacing the current expression
svn path=/trunk/; revision=4522
variables wrap-around. Since the request/reply packets are related via
a hash based on these uniqueness variables, long NCP traces can
have mis-matches reqeust/reply records.
Thus, only do the hash-lookup for the reply packet during the first
sequential scan of the trace file. Once the pertinent info is found,
store it in the packet's private data area.
Since the memory allocated for the hash and for the structures that make
up the keys are no longer needed after the first sequential run through
the trace file, arrange to free that memory after the first sequential
run. Similar to the register_init_routine() that allows dissectors
to register callbacks for calling *before* a capture file is loaded,
set up a register_postseq_cleanup_routine() function that allows
dissectors to register callbacks for calling *after* the first
sequential run-through of the trace file is made. This is not
a *final* cleanup callback, since Ethereal will still have that trace file
open for random-access reading.
I didn't have tethereal call postseq_cleanup_all_protocols() since
tethereal doesn't keep the trace file open for random-access reading.
I could easily be swayed to make tethereal call that function, however.
svn path=/trunk/; revision=4484
file directory is just a drive letter (e.g., if the directory is
"c:\Ethereal"), don't "stat()" it to see if it exists (as that'll fail,
falsely leading us to believe it needs to be created; the attempt to do
so will fail), just assume it exists.
svn path=/trunk/; revision=4482
Additional Windows Makefile dependencies, so more stuff gets
built as needed.
Additional stuff cleaned up by "make clean" (well, "nmake -f
makefile.nmake clean", anyway)
Make PDB_FILE be "vc*.pdb", so it referes to the PDB files
either for VC++ 5.0 or VC++ 6.0.
svn path=/trunk/; revision=4481
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
display representation should be put into protocol tree items if a
protocol tree is to be constructed; have it set "proto_tree_is_visible"
from that argument.
svn path=/trunk/; revision=4408
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
the "The Compiler and Tools" section on
http://fink.sourceforge.net/doc/porting/basics.php
Do so on MacOS X regardless of whether the compiler is called "gcc" or
not, as that page also indicates that the compiler is installed as "cc".
svn path=/trunk/; revision=4354
the parent under which the field was registered.
This is the *unoptimized* version, to give developers something
to use while the optimized version is being created.
svn path=/trunk/; revision=4351
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
plugin APIs, and add the new "dissector_add_handle()".
Add an entry in the dissector table structure for
"create_dissector_handle".
svn path=/trunk/; revision=4314
pointer to a "struct dissector_table", containing a pointer to a hash
table and a pointer to a list of handles. Fix
"dissector_all_tables_foreach_func()" to understand that.
svn path=/trunk/; revision=4312
dissector table contain both a hash table, to use to look up port
numbers to find a dissector, and a list of all dissectors that *could*
be assigned to ports in that hash table, to be used by user interface
code.
Make the "Decode As" dialog box code use that.
Also make it *not* let you choose whether to set the dissector for both
the UDP and TCP versions of a port; some protocols run only atop TCP,
some run only atop UDP, and even those that can run atop both may have
different dissector handles to use over TCP and UDP, so handling a
single merged list would be a mess. (If the user is setting the
dissector for a TCP port, only those protocols that Ethereal can handle
over TCP should be listed; if the user is setting the dissector for a
UDP port, only those protocols that Ethereal can handle over TCP should
be listed; if the user is setting a dissector for both, only those
protocols that Ethereal can handle over *both* TCP *and* UDP should be
listed, *and* there needs to be a way to let the "Decode As" code get
both the TCP handle *and* the UDP handle and use the right ones. If
somebody really wants that, they need to implement all of the above if
they want the code to be correct.)
Fix the code that handles setting the dissection for the IP protocol
number to correctly update the lists of protocols being dissected as TCP
and as UDP; the code before this change wasn't updating the single such
list to add new protocols.
svn path=/trunk/; revision=4311
if found, return the dissector handle for that port.
Use that routine in the X.25 dissector; revert to attaching a dissector
handle to an X.25 virtual circuit.
svn path=/trunk/; revision=4310
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
svn path=/trunk/; revision=4296
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
svn path=/trunk/; revision=4281
from being required by anyone other than packet-data.c.
It can now be accessed with call_dissector() with the name "data".
dissect_data is now also of dissect_t.
svn path=/trunk/; revision=4271
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
of packet data captured.
Make the "BYTES_ARE_IN_FRAME()" macro take a "captured length of the
packet" argument.
Add some length checks to capture routines.
svn path=/trunk/; revision=4235
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
Fix up Info column to put "Request" or "Response" *after* the name of
the request.
Give the Negotiate Protocol request its full name.
svn path=/trunk/; revision=4139
"ds_name"s shouldn't be freed when the tvbuff is freed. (Thanks and a
tip of the Hatlo hat to the FreeBSD memory allocator for complaining
about multiple frees of the same string.)
svn path=/trunk/; revision=4136
FT_INT64 type, and make the Diameter dissector use it.
Handle the 64-bit integer types in the display filter semantics checks.
svn path=/trunk/; revision=4125
It makes no difference if they really are function declarations;
however, in plugins, when building on OSes that don't let
dynamically-loaded modules access functions in the main program (e.g.,
Windows), when compiling a plugin, <plugin_api.h> defines the names of
those functions as (*pointer_name), so they turn into declarations of
pointer variables pointing to the functions in question, and, on
platforms with a def/ref model in the linker, if a plugin has more than
one source file that gets linked into the plugin, the linker may get
upset at two definitions of the same variable.
svn path=/trunk/; revision=4114
former depends on having "guint64" and the latter depends on
"%ll[douxX]" being what's used to print 64-bit integers, and there are
platforms on which Etheeal runs that don't have "guint64" or that don't
use "%ll[douxX]" to print 64-bit integers.
Get rid of the routines to extract 64-bit integers into "gint64"s and
"guint64"s, as per Ronnie Sahlberg's suggestion, to discourage people
from writing code that won't work on all platforms; they should be using
FT_UINT64, or the routines in "int-64bit.c", instead.
svn path=/trunk/; revision=4102
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
"snprintf()" returns a negative number, that's an error, and we assume
"errno" was set and return NULL, otherwise we cast its return value to
"size_t" and compare it with the size of the buffer we were given, and,
if it was bigger, we know that "snprintf()" didn't generate all the
characters it could be cause they wouldn't have fit, so we set "errno"
to ENOSPC and return NULL.
svn path=/trunk/; revision=4095
doesn't exist, or is out of date with respect to "config.h.win32", it's
remade - stuff in "ftypes" and "dfilter" includes "config.h", and it
should get the "config.h" in "epan".
svn path=/trunk/; revision=4091
there were 2 functions which accepted 'maxlength' == -1, but the function
prototypes had maxlength as a guint --- fixed.
svn path=/trunk/; revision=4087
and generates the path name; have it, if the file is to be opened for
reading on Win32, check whether it exists and, if not, check for it in
the old home directory-based configuration directory and, if so, return
that path instead, so that files saved with earlier versions of Ethereal
will be seen.
svn path=/trunk/; revision=4072
On Windows, put the ".ethereal" directory under the user profile
directory rather than the home directory.
Update the documentation to reflect that, and to fix other out-of-date
information, as well as some typos.
svn path=/trunk/; revision=4068
Use that routine rather than duplicating that code in the routines to
write out the preference file and filter files.
Use it in the code for the color filter dialog, so that the directory in
question is created if necessary.
As that routine returns an error indication, have the code that calls
that routine put up a message box if the attempt fails.
svn path=/trunk/; revision=4065
".ethereal" directory is under it; get rid of "get_home_dir()", and put
its code inside "get_persconffile_dir()". (The personal configuration
file directory may move, on Windows, to the user's profile directory.)
svn path=/trunk/; revision=4062
reside. Use it, rather than concatenating the user's home directory and
".ethereal" in a number of files.
Fix up some additional places to use G_DIR_SEPARATOR_S as the pathname
separator.
svn path=/trunk/; revision=4061
strings used to generate pathnames.
Move the definition of PF_DIR from <epan/epan.h> to <epan/filesystem.h>,
so that files requiring only the definition of PF_DIR don't have to
include <epan/epan.h>, and get rid of no-longer-necessary includes of
<epan/epan.h>.
Add a routine to get the directory for "system files" such as
"/etc/ethers" - it's "/etc" on UNIX, and the datafile directory on
Windows (as there's no "/etc" on Windows). Use that to construct the
pathname of the ethers and ipxnet files.
svn path=/trunk/; revision=4056
which the Ethereal binary is found; there's no notion of "/etc" or of
"/etc/ethers" or "/etc/ipxnets" files on Windows.
Update the documentation to reflect that, and fix a typo in the Ethereal
and Tethereal man pages.
svn path=/trunk/; revision=4055
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.
svn path=/trunk/; revision=3939
dissectors to use it, from Ronnie Sahlberg, with additional changes to
handle the case where a frame contains messages that don't run past the
end followed by one that does and where a reassembled chunk has, at the
end, a message that runs past the end of that chunk (because the
reassembly was for an earlier message).
svn path=/trunk/; revision=3923
of protocol-id-plus-datum pairs, so that multiple protocols can attach
information to the same conversation.
Dissectors that attach information to a conversation should not assume
that if they find a conversation it has one of its data attached to it;
the conversation might've been created by another dissector.
svn path=/trunk/; revision=3901
that look up conversations in hash tables, unless they are arguments
that will be ignored; if they're not being ignored, then if the argument
is a null pointer you may get a crash if it's dereferenced, and if it's
not a null pointer you'll only get a match if the conversation has
whatever stuff the arguments points to as its first address or port.
If you match a conversation with a wildcarded address and/or port, and
the address and/or port matched a non-wildcarded search argument, and
the conversation is for a connection-oriented transport protocol, set
the wildcarded address and/or port for the conversation to the value
that matched it.
svn path=/trunk/; revision=3897
"try_conversation_dissector()" does - start with as exact matches as
possible, and then start doing wildcarding - so that it can find
conversations with wildcard addresses or ports even if both address and
port arguments are supplied to it.
svn path=/trunk/; revision=3893
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
directory in which global data files are stored. If an installed binary
is being run, that's the correct directory for them; if a build-tree
binary is being run, the "manuf" file will be there, and you can put
other data files there as well, if necessary.
Do the same with plugins, except that, if there's no
"plugins\\{version}" subdirectory of that directory, fall back on the
default installation directory, so you at least have a place where you
can put plugins for use by build-tree binaries. (Should we, instead,
have the Windows build procedure create a subdirectory of the "plugins"
source directory, with the plugin version number as its name, and copy
the plugins there, so you'd use the build-tree plugin binaries?)
Move "test_for_directory()" out of "util.c" and into
"epan/filesystem.c", with the other file system access portability
wrappers and convenience routines. Fix "util.h" not to declare it - or
other routines moved to "epan/filesystem.c" a while ago.
svn path=/trunk/; revision=3858
"standard" plugin directory, and, instead of getting PLUGIN_DIR (the
*real* installation directory) from the configure script, as can be done
in UNIX, attempt to get it by getting the full pathname of the currently
running program and assuming it's in the installation directory.
svn path=/trunk/; revision=3850
"void *" that a dissector can set to point to such a structure; that
means that the stuff in the epan directory doesn't have to know anything
about the protocol-specific private data one dissector passes to
another, and that structure doesn't have to be changed if a dissector
wants to pass some new type of data to another dissector.
svn path=/trunk/; revision=3818
fractions-of-a-second (the units of which are either milliseconds or
microseconds, specified by a Boolean argument), and formats it into a
"DD days, HH hours, MM minutes, SS seconds" using a buffer supplied to
it. Have "time_secs_to_str()" and "time_msecs_to_str()" both use it.
Also, have it correctly handle the case of SS being > 0 but < 1 (which
"time_msecs_to_str()" didn't do).
Rename "rel_time_to_str()" to "rel_time_to_secs_str()", and add a
"rel_time_to_str()" routine that takes a "struct timeval" and hands its
seconds and microseconds values to "time_secs_to_str_buf()". Use
"rel_time_to_secs_str()" to format FT_RELATIVE_TIME values for now; we
might want to use "rel_time_to_str()" for them, though, or make it an
option (either a user option, or a per-field option, using the field
that also holds BASE_ values).
svn path=/trunk/; revision=3806
Defect number: 0011
Date: Jul 26 2001
Releases of Kazlib affected: 1.10 through 1.19
Status: Fixed in 1.20
Modules affected: except.c
Description: Members of the except_t structure needed to be declared
volatile because the structure is automatically allocated in the
except macro, modified after a setjmp() takes place, and accessed
after control returns via longjmp.
Solution: Upgrade to 1.20 or backpatch the fix.
svn path=/trunk/; revision=3793
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
the "epan" directory, as well as the top-level directory, as there's
stuff in the "epan" directory that depends on that.
svn path=/trunk/; revision=3710
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
to imply that
1) conversations have source and destination addresses and ports
- they don't (if they did, they'd be monologues, not
conversations), they just have two address/port pairs for the
two endpoints, with one or more of the address or port in the
second pair possibly being wildcarded;
2) the first and second address or port argument to
"find_conversation()" or "try_conversation_dissector()" have
anything to do with the first or second address/port pair in
a conversation - they don't, the two arguments to those
routines are matched against *both* address/port pairs for a
conversation;
as otherwise people might think that they need to add flags to wildcard
the first arguments "conversation_new()" or "find_conversation()" (they
don't, they just have to pass the non-wildcarded address/port first and
then pass the wildcarded one, even if that means passing the destination
first and source second).
svn path=/trunk/; revision=3537
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
structures as arguments, that evaluates to "true" if the two addresses
are equal and "false" if they're not equal. Use that macro in the
conversation code.
svn path=/trunk/; revision=3509
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
value.
Check that the microseconds field of an absolute time is valid, if it's
present.
Set "tm_isdst" in the "struct tm" handed to "mktime()" to -1, so that
"mktime()" will attempt to figure out whether the time is daylight
savings time or not.
Check that "mktime()" was able to convert the time.
svn path=/trunk/; revision=3487
"old_dissector_try_port()".
There are no longer any old-style heuristic or conversation dissectors,
so get rid of "old_heur_dissector_add()" and "old_conv_dissector_add()"
and the data-structure members that support old-style heuristic and
conversation dissectors.
svn path=/trunk/; revision=3478
generated code, as per Chris Foulds' note.
Also, when constructing the system ID or area string, always append the
four-octet groups, rather than overwriting them, as we had been doing.
svn path=/trunk/; revision=3414
corresponding to a named field, by matching stuff at a particular offset
in the frame, don't treat a length of 1 byte specially - the syntax for
a one-byte byte string is the same as for longer byte strings, with no
leading "0x" allowed.
Clean up white space.
svn path=/trunk/; revision=3406
argument, have it just return; this allows dissectors that don't
explicitly check for a null protocol-tree argument to pass the
protocol-tree argument to "proto_tree_add_XXX()" routines - which means
they'll get a null pointer back if the protocol-tree argument is null
because we're not constructing a protocol tree - and then later use
"proto_item_set_len()" without having to check for a null
protocol-tree-item pointer.
svn path=/trunk/; revision=3402
was specified.
This should obviate the need to handle BASE_NONE specially in the
formatting routines, so revert to the previous version.
svn path=/trunk/; revision=3359
with useful error messages. Some dissector are registering
FT_INTn or FT_UINTn fields with BASE_NONE. Now when ethereal dies
because of it the offending field will be identified so that it
can be fixed.
svn path=/trunk/; revision=3340
you have to select a base (even before this change, you had to select
one, otherwise the filter-construction GUI would crash if you selected
an FT_INTn or FT_UINTn field with BASE_NONE and then selected a
comparison operator).
svn path=/trunk/; revision=3337
status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected.
While we're at it, use a similar test to eliminate the text pseudo-field
from the output of "{ethereal,tethereal} -G", as well.
svn path=/trunk/; revision=3335
Guy Harris