of function pointers handed to dissectors on platforms where
dynamically-loaded modules can't access symbols from the main program.
svn path=/trunk/; revision=2635
string formatter, like "format_text()", and, as "tvbuff.c" now calls it
(*vide infra*), we don't want to have to make "tvbuff.c" drag "packet.h"
in just to declare "bytes_to_str()". It's now declared in "strutil.h",
so include it in modules that use "bytes_to_str()" and weren't already
including it.
Add a "tvb_bytes_to_str()" wrapper that calls "tvb_get_ptr()" to get a
pointer to a chunk of N bytes at a given offset in a tvbuff and then
hands that chunk to "bytes_to_str()". Convert the code that was doing
that to use "tvb_bytes_to_str()" instead (which caught what I suspect is
a bug in the Q.2931 dissector, where it was handing an offset of 0 to
"tvb_get_ptr()" - a cut-and-pasteo, I think).
Tvbuffify the ARP dissector.
svn path=/trunk/; revision=2634
we don't have so much data in the frame that there's a trailer, so we
should set "trailer_tvb" to NULL.
Put in a comment explaining what the exception catching is all about.
svn path=/trunk/; revision=2633
we don't have so much data in the frame that there's a trailer, so we
should set "trailer_tvb" to NULL.
Put in a comment explaining what the exception catching is all about.
svn path=/trunk/; revision=2632
'tvbuff_t *volatile'." Makes "Throat-Warbler Mangrove" vs.
"Luxury-Yacht" sound almost normal....
Type-qualified pointers to non-type-qualified objects are a barrel of
fun in C. The way you declare a volatile pointer named "bar" to a
*non-volatile* "foo" is
foo *volatile bar;
as opposed to a non-volatile pointer "bar" to a volatile "foo", which is
volatile foo *bar;
GCC's complaint about variables being clobbered by longjmp refers to the
fact that "longjmp()" isn't guaranteed to restore variables stored in
registers to the values they had at the time of the "longjmp()" (if
"setjmp()" stuffs the current register values in the "jmp_buf", and
"longjmp()" just reloads them rather than walking the stack to restore
all register values pushed onto the stack, the values at the time of the
"setjmp()" will be restored, clobbering any updates done after the
"setjmp()"); the workaround provided in ANSI C is to declare the
variables in question "volatile", which will keep them out of registers
(or any other place that "setjmp()"/"longjmp()" can't handle).
svn path=/trunk/; revision=2631
Dissect RTMP requests, as well as RTMP data packets.
Call it "Routing Table Maintenance Protocol", not just "Routing Table".
Print unsigned quantities with "%u", not "%d".
Correctly handle extended vs. non-extended networks in RTMP data
packets, as per *Inside AppleTalk(R), Second Edition*.
svn path=/trunk/; revision=2630
the type/length field has a value 1500 or less, and thus is a length
field rather than an Ethernet type field - give the next dissector only
that many bytes, and put an entry in the VLAN protocol tree for the
padding.
svn path=/trunk/; revision=2629
Dissect RTMP requests, as well as RTMP data packets.
Call it "Routing Table Maintenance Protocol", not just "Routing Table".
Print unsigned quantities with "%u", not "%d".
Correctly handle extended vs. non-extended networks in RTMP data
packets, as per *Inside AppleTalk(R), Second Edition*.
svn path=/trunk/; revision=2627
hf_netb_remote_ses_no, and hf_netb_data2.
- Change hf_netb_local_ses_no and hf_netb_remote_ses_no from FT_UINT16 to
FT_UINT8.
- Add hf_netb_data2 to hf_netb.
svn path=/trunk/; revision=2626
does not incorporate a transport protocol, and is intended to use
different transport protocols as appropriate including the Session
Announcement Protocol [4], Session Initiation Protocol [11], Real- Time
Streaming Protocol [12], electronic mail using the MIME extensions, and
the Hypertext Transport Protocol."
As such, it shouldn't set the protocol column to SDP, as that means
the protocol column won't indicate what the transport protocol was;
instead, it should append "/SDP" to the protocol column - RTSP was,
after calling "dissect_sdp()", setting the protocol column to
"RTSP/SDP", and this change means that all protocols using SDP will have
the protocol column set in that fashion, and that the RTSP dissector
doesn't have to explicitly set the protocol column to cause that to
happen.
svn path=/trunk/; revision=2624
"plugins/Makefile.nmake" to build that plugin.
Add to the table of routines callable from plugins
"old_dissector_add()", "old_dissect_data()", and
"proto_is_protocol_enabled()", so that the Gryphon dissector can build
on Windows.
Move the includes of "plugins/plugin_api.h" and "moduleinfo.h" before
all the other includes, except for "config.h", in "plugin-mgcp.c", to
match what the Gryphon dissector does; "plugins_api.h" must be included
before any of the routines whose names it #defines in order for the
plugin to build on Windows. (It still doesn't build on Windows, as
still more routines need to be added to the table of routines callable
from plugins, but tomorrow is another day. Making libethereal a DLL may
obviate the need for that table, *if* all the routines called from a
plugin are in libethereal, as I think routines in a DLL, even a
run-time-loaded DLL, can call routines from another DLL as long as those
routines are exported from the other DLL.)
svn path=/trunk/; revision=2623
"plugins/Makefile.nmake" to build that plugin.
Add to the table of routines callable from plugins
"old_dissector_add()", "old_dissect_data()", and
"proto_is_protocol_enabled()", so that the Gryphon dissector can build
on Windows.
Move the includes of "plugins/plugin_api.h" and "moduleinfo.h" before
all the other includes, except for "config.h", in "plugin-mgcp.c", to
match what the Gryphon dissector does; "plugins_api.h" must be included
before any of the routines whose names it #defines in order for the
plugin to build on Windows. (It still doesn't build on Windows, as
still more routines need to be added to the table of routines callable
from plugins, but tomorrow is another day. Making libethereal a DLL may
obviate the need for that table, *if* all the routines called from a
plugin are in libethereal, as I think routines in a DLL, even a
run-time-loaded DLL, can call routines from another DLL as long as those
routines are exported from the other DLL.)
svn path=/trunk/; revision=2622
don't need to work around that.
The offset, for a given packet, at which "ascend_seek()" should start
searching for that packet's header must be computed separately from the
offset, for that packet, at which "ascend_seek()" should start searching
for the *next* packet - if the file is a "wdd" capture, and the packet
has a "Date:" header and a WD_DIALOUT_DISP header, the search for that
packet should start at the beginning of the "Date:" header, but the
search for the next packet should start after the WD_DIALOUT_DISP
header, as if we start it after the "Date:" header, the search will stop
at the packet's own WD_DIALOUT_DISP header, as a packet could have a
WD_DIALOUT_DISP header but no "Date:" header.
svn path=/trunk/; revision=2620
place call to" header (I presume this can happen if there was a call in
progress when the packet was sent or received); don't require the
Date: 01/12/1990. Time: 12:22:33
Cause an attempt to place call to 14082750382
to be present in every packet.
(Only the date on the first packet is used, and only if it's present in
the first packet; if the first packet doesn't have a date, we can't
easily go back and fix up the previous packets, *especially* in programs
such as Tethereal and editcap which make only one pass through the
capture.
We set the called number to a null string if that's the case; we could
assume, in the sequential pass, that it's the phone number from the last
call, and remember that for use when doing random access.)
svn path=/trunk/; revision=2617
packet is a GIOP packet.
If it has a GIOP header but doesn't have a version number we handle,
accept it as a GIOP packet; if we don't do that, we should simply return
FALSE *without* changing any of the columns or putting anything into the
protocol tree.
svn path=/trunk/; revision=2615
Don't assume that we start out getting commands from the client - the
capture may have started in the middle of a transaction, and we may be
getting a message body from the client instead. Only treat stuff as
commands if it consists of four alphabetic characters followed either by
an end-of-line or a space.
Commands in SMTP are case-insensitive; when looking for "DATA", do a
case-insensitive comparison.
If the packet contains the message body, just put "Message Body" in the
summary, don't put any of the message body itself in there. If it's a
command, put "Command:" in the summary before the first line of the
command.
When putting the message body into the protocol tree, give each line its
own entry, rather than putting the entire body in as one entry.
Don't put an entry into the protocol tree for a command parameter if
there is no command parameter.
svn path=/trunk/; revision=2614
by itself as a line ending, as well as treating CR LF and LF as line
endings.
Tweak the Telnet dissector to treat LF and CR NUL as line endings, but
not to treat CR by itself as a line ending (that's not exactly what the
NVT specification in the Telnet RFC specifies, but the resulting output
may be a bit more readable that way).
svn path=/trunk/; revision=2613
"epan/pint.h" - they caused GCC to whine about them being redefined when
I compiled on FreeBSD 3.4.
Get rid of the stuff in "packet-ipv6.h" that defines various bit vectors
differently depending on the byte order of the machine; instead, define
them so that they work with items in host byte order. This lets us use
a number of them rather than using hardwired hex values.
Put "frag.ip6f_offlg" in host byte order before using it; this means
that IP6F_MORE_FRAG can still be used even though it now works only on
items in host byte order.
svn path=/trunk/; revision=2610
big-endian and little-endian platforms; just put "ddp.hops_len" in host
byte order and have one version. (This removes one usage of BIG_ENDIAN
and LITTLE_ENDIAN from Ethereal - our redefining of them causes warnings
on FreeBSD 3.4, so I'd like not to export them to all the dissectors if
possible - and also fixes "ddp_hops()" to work correctly on
little-endian machines, as the little-endian version wasn't
byte-swapping its argument.)
svn path=/trunk/; revision=2609
you're either reading commands, or you're reading message data;
if you're reading commands, and you see a DATA command, you
start reading data;
if you're reading data, and you see an EOM, you start reading
commands.
Also, *always* fill in the per-frame data you allocate for a frame, and
*always* attach it to the packet.
The old state machine assumed it was done with the SMTP conversation
once it saw an EOM, and the dissector wouldn't fill in the per-frame
data it'd allocated and attach it to the packet if it thought it was
done with the SMTP conversation. This meant that:
1) the per-frame data allocated for frames following the EOM
(e.g., a QUIT command) would contain random junk for data
such as the packet type;
2) that per-frame data would be re-allocated every time the
frame was looked at, as it wouldn't be attached to the frame,
so you might well get *different* random junk each time the
frame was looked at.
This caused Tethereal and Ethereal to sometimes fail to recognize
commands following the EOM - but it wouldn't *always* fail to do so,
sometimes it'd work and sometimes it wouldn't.
Fix a comment; conversations are *not* removed during filter operations,
and the visited flag is *not* cleared during a filter operation - that's
only true on a *redissection* operation. In any case, given that frames
can, after the initial sequential scan through the capture, be visited
in any order, and visited repeatedly, it's irrelevant whether
conversations are removed or not - we have to associate with each frame
information telling us how to process it.
svn path=/trunk/; revision=2608
is WTAP_ENCAP_LAPB *or* WTAP_ENCAP_V120, and we have to set "p2p.sent"
in the capture file for *all* WTAP_ENCAP_LAPD captures; fix the
i4btrace and Sniffer capture file readers to do so.
(XXX - should we eliminate "x25.flags", and use "p2p.sent" instead? The
directions for X.25 are DTE->DCE and DCE->DTE, not "sent" and
"received", but I suspect that "sent" and "received" should be thought
of from the point of view of the DTE, so DTE->DCE is "sent" and DCE->DTE
is "received"; the directions for ISDN are user->network and
network->user, but I suspect that "sent" and "received" should be
thought of from the standpoint of the user equipment, so user->network
is "sent" and network->user is "received".)
svn path=/trunk/; revision=2606
fix the interpretation of the date and time reported in capture
files;
use that date and time only to set the start date and time of
the capture, not to generate the time stamp for every packet.
Make the "struct tm" used for that local to the code to handle that
production in the grammar, rather than global.
For all captures, we *can* now fstat a compressed file (and have been
able to do so for a while, in fact), so revert to doing so and using the
ctime of the capture file if we can't get a date and time from the
file's contents.
svn path=/trunk/; revision=2605
Remove what appear to be a pair of dangling "else"s.
Before calling "mktime()" on a "struct tm", you have to set "tm_isdst",
so it knows what to do about daylight savings time; set it to -1, so it
picks the appropriate time (except, presumably, for those times that
don't exist, when the clock is moved forward, where there is no
appropriate time, and those times that exist twice, when the clock is
moved backward, where there are *two* times and you can't tell which is
appropriate).
svn path=/trunk/; revision=2604
compiles.
Doing so reveals that the NBIPX dissector needs to be fixed, as it calls
routines in "packet-netbios.c" whose calling sequence changed; doing so
involves tvbuffifying it.
svn path=/trunk/; revision=2602
Add "tvb_find_line_end_unquoted()" for the benefit of the SDP dissector;
get rid of "find_line_end_unquoted()" as nobody uses it any more.
Add "tvb_pbrk_guint8()" for the benefit of
"tvb_find_line_end_unquoted()"; it searches for any of a number of
characters, unlike "tvb_find_guint8()" which searches for only one.
svn path=/trunk/; revision=2595
Add "tvb_find_line_end()", to find a CR and/or LF-terminated line in a
tvbuff and return its length and the offset of the character after the
line end, for the use of those dissectors.
Add "tvb_strncaseeql()", which is like "tvb_strneql()" except that it
does a case-insensitive comparison.
svn path=/trunk/; revision=2590
The GIOP reply status is 4 bytes long, not 1 byte long.
Dissect the reply body for exceptions; the GIOP dissector used to do
that.
Add to the Info column the stuff that the GIOP dissector used to add
(request ID, etc.).
svn path=/trunk/; revision=2589
available, don't try to create a tvbuff for the GIOP header - that'll
throw an exception before we even get to look at the packet to see if
it's a GIOP packet. Instead, just return FALSE, as we don't have enough
data to determine whether it's a GIOP packet or not.
svn path=/trunk/; revision=2587
Guy Harris