Since it was named Ethereal and up to today, Wireshark wrongly parses
the IPv4 header flags field:
* it considers it as a 4 bits wide field - according to RFC 791 its a 3 bits
wide field (first 3 bits of the 6th octect of the IPv4 header).
* if for example the DF bit is set, Wireshark displays the flag value as 0x04
(0100) when it should be 0x02 (010), idem for the MF flag.
Attached to this bug report, you can find a patch to fix the issue.
svn path=/trunk/; revision=30855
TTL-Check for local network group addresses: Normally the
only valid TTL is 1. Add a check for VRRP and GLBP, where
the only valid TTL is 255.
Me: change the logic so the funtion returns the valid ttl
instead of true/false.
svn path=/trunk/; revision=29362
to 224.0.0.x with a TTL>1. Some protocols (notably VRRP and GLBP)
send out a TTL of 255 and thus cause a notice. That should be fixed,
so for now: Add a FIXME about that.
svn path=/trunk/; revision=29024
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
e_ip->ip_ttl is currently always set to 0, in attachment fix.
I also (in same patch, sorry) submit cleanup to use ep_alloc() instead
of static e_ip buffers, I didn't test it, but I hope it's ok.
There's note about static buffers in doc/README.tapping, which should
also be updated, but I don't feel so good with my English :)
From me:
Rename e_ip to ws_ip. Update the static buffers note in README.tapping.
svn path=/trunk/; revision=28425
This is a crude hack, as the current Wireshark interface to GeoIP is not really suitable for reading several values of a single GeoIP database :-(
svn path=/trunk/; revision=27365
some functions to match.
Add GeoIP lookups to the IP dissector. Add a preference for GeoIP lookups,
which is disabled by default.
svn path=/trunk/; revision=27063
after we've checked whether the total length is less than the header
length, so that we don't believe an obviously bogus total length. (This
doesn't catch all cases of bogus total lengths, but it catches, for
example, a total length of 0.)
svn path=/trunk/; revision=26901
epan/dissectors/packet-ncp2222.inc is a bit hard to fix, so we're not
ready to enable that warning by default yet.
Throw in some casts to handle GLib routines that take arbitrary
non-const pointers (they can later return the pointers, and some
callers might want to modify or free up those pointers in cases where
they're known to be writable or allocated).
Use ep_tvb_memdup() rather than a combination of ep_alloc() and
tvb_memcpy().
Clean up some indentation.
svn path=/trunk/; revision=25601
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
Capture files generated on TCP segmentation offload (TSO) hardware have an
all-zero IP-length field in outbound packets.
Wireshark errors out on the small length and refuses to parse the packet further.
svn path=/trunk/; revision=22931