be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
number of SACK ranges found in the SACK option.
This involved extending the IP options framework to include an extra
void* data field, which in the case of TCP is filled in with the tap
struct - other users currently pass NULL.
I first implemented the graph to sort the SACK ranges and show (in red)
the unacknowledged regions between them, but this became confusing where
the number of ranges is limited by TCP padding bytes. i.e. you can't
tell how many SACKs could have been encoded, so some of the gaps between
ranges may already have been received.
svn path=/trunk/; revision=46006
- ipv6.traffic_class.dscp use ext string so and need BASE_EXT_STRING flag (fix SIGSEGV)
- dscp_vals was removed from .h file, so make it static
- export dscp_vals_ext
svn path=/trunk/; revision=45380
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
packet-ax25.c and packet-arp.c.
Add an "ax25.pid" dissector table for those protocol IDs, use it in the
AX.25 dissector, and have dissectors register in that table with their
protocol IDs.
Get rid of some unneeded includes.
Clean up some "AX25"s in user-visible strings - say "AX.25" instead.
Clean up some indentation.
svn path=/trunk/; revision=44235
Also:
- don't use val_to_str_const() with a "format" default string;
- rename 'opt_len_type' enumeration identifiers to be less generic.
svn path=/trunk/; revision=43210
Dissect basic security option according to RFC 791 or RFC 1108 depending on the option length and the first two bytes content.
Also dissect the extended security option.
svn path=/trunk/; revision=42342
Since backporting must be manually applied anyway, other changes include fixing the displaying of the EOOL and NOP options, as well as other options without a dissect routine associated with them.
svn path=/trunk/; revision=41994
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
