version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
handle and call it through the handle. Make it static; this renders
"packet-nbipx.h" unnecessary.
Get rid of the "tvb_compat()" call in the IPX dissector - it calls all
dissectors through handles or lookup tables, and thus any
backwards-compatibility stuff is done by the code in libethereal.
svn path=/trunk/; revision=2735
It registers the same dissector for the LDP port for both TCP and UDP.
Still a lot of work to do, but we can see the header now.
svn path=/trunk/; revision=2714
dissect_fddi_not_bitswapped() and dissect_fddi_bitswapped(), both of which
use the standard 3-argument tvbuffified-dissector argument list.
Add a dissector table called "wtap_encap" which is used to call dissectors
from dissect_frame(). The switch() statement from this top-level dissector
is removed.
The link-layer dissectors register themselves with the "wtap_encap"
dissector table. The dissectors are now static where possible.
svn path=/trunk/; revision=2708
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
"packet-clnp.h" no longer exports anything, so remove it.
Have the X.25 dissector call subdissectors through dissector handles
(now that all the dissectors it uses are registered by name).
svn path=/trunk/; revision=2668
the BSD AF_ type values it uses into an "aftypes.h" header file for
dissectors that register themselves in that dissector table include.
svn path=/trunk/; revision=2653
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
being a global function.
The HTTP dissector should set "pinfo->current_proto" to HTTP even if we
consider the packet to be IPP, so that if we run past the end of a
tvbuff while dissecting HTTP stuff it's reported as a problem with HTTP,
not IPP.
svn path=/trunk/; revision=2648
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
source *and* destination port and/or both the source *and* destination
address passed to "find_conversation()", because the packet for which
you're trying to find the conversation may be going in the opposite
direction to the packet for which the conversation was originally
created.
Create different hash tables for wildcarded conversations, to reduce the
number of "is this a wildcard?" tests done when doing hash lookups.
This is sufficient to allow the TFTP dissector to use conversations
rather than being special-cased in the UDP dissector, and may also be
sufficient to handle a similar problem with SMTP (request goes from
client IP X port Y to server IP Z's well-known port, reply comes back
from some other port on server Z to client IP X port Y), but further use
may reveal other changes that should be made.
svn path=/trunk/; revision=2525
starting with "epan_", change the name of the library from libepan.a to
libethereal.a, and from libepan.lib to ethereal.lib.
svn path=/trunk/; revision=2492
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478
This needs some additional parts, and points to the
need for a dissector for the ident protocol, but I want to
try to automatically generate that ...
svn path=/trunk/; revision=2301
Porting and Archive Centre site.
Warn in the very beginning of that file that libpcap may not work very
well without patches. Give patches to libpcap for:
vanilla LBL libpcap 0.4
vanilla tcpdump.org libpcap 0.5
libpcap 0.4 from the HP-UX Porting and Archive Centre (which is
the only version that includes configure-script changes to work
with HP's C compiler as well as GCC)
and put them in files separate from "README.hpux" (to make it easier for
users to apply the patches).
Make those versions of the patch give a slightly different error message
if libpcap fails to find the PPA for the device, to make it easier to
figure out if the user reporting a problem with HP-UX capture has a
patched version of libpcap or not (so that we know whether the problem
may just be that they're using an unmodified libpcap, or if they're
running a patched version and that patch needs more work, e.g. to look
at devices other than just "/dev/dlpi").
Give information on how to find "patch", warn that probably only the
HP-UX Porting and Archive Centre version will work with the HP C
compiler, warn that applying a version of the patch other than the one
for the particular version of libpcap you've downloaded will probably
not work, and warn that you need to download source to libpcap in order
to do any of this in the first place.
(The current libpcap CVS tree at tcpdump.org has this patch in it, so
the next release of libpcap from tcpdump.org should have it; hopefully
the HP-UX Porting and Archive Centre will switch to that version when it
comes out, and people will just be able to push a few buttons to get an
Ethereal that works on HP-UX.)
svn path=/trunk/; revision=2264
a framework for the dissector; of the more than 400 NCP packet types, only
a handful are defined. But this dissector framework is much better than
the previous one.
svn path=/trunk/; revision=2173
a waste of time. Instead, set $(PERL) to @PERL_PATH@ in the Makefile and
call dfilter2pod.pl via $(PERL) $(src_dir)/dfilter2pod.pl
svn path=/trunk/; revision=2171
1) aclocal expects autoconf/automake macros to be hidden;
2) GTK+ hid its autoconf/automake macros;
and, if both places exist but aren't the same directory, returns a "-I"
flag to tell aclocal to look in GTK+'s directory.
Then have "autogen.sh", and Makefiles in directories with "acinclude.m4"
files, use that script and pass what flag it supplies, if any, to
aclocal.
This should, I hope, avoid problems such as those FreeBSD systems where
GTK+ was installed from a port or package (and thus stuck its macros in
"/usr/X11R6/share/aclocal") but aclocal doesn't look there.
(It doesn't solve the problem of somebody downloading and installing,
say, libtool from source - which means it probably shows up under
"/usr/local", with its macros in "/usr/local/share/aclocal" - on a
system that comes with aclocal (meaning it probably just looks in
"/usr/share/aclocal", but that may be best fixed by, whenever you
download a source tarball for something that's part of your OS,
configuring it to install in the standard system directories and
*overwriting* your OS's version.)
svn path=/trunk/; revision=2165
package build targets. Move ethereal.spec(.in) to packaging/rpm.
The spec file is different from Henri's. We might want to switch to his
for the sake of consistency.
svn path=/trunk/; revision=2162
Guy Harris