"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
variables wrap-around. Since the request/reply packets are related via
a hash based on these uniqueness variables, long NCP traces can
have mis-matches reqeust/reply records.
Thus, only do the hash-lookup for the reply packet during the first
sequential scan of the trace file. Once the pertinent info is found,
store it in the packet's private data area.
Since the memory allocated for the hash and for the structures that make
up the keys are no longer needed after the first sequential run through
the trace file, arrange to free that memory after the first sequential
run. Similar to the register_init_routine() that allows dissectors
to register callbacks for calling *before* a capture file is loaded,
set up a register_postseq_cleanup_routine() function that allows
dissectors to register callbacks for calling *after* the first
sequential run-through of the trace file is made. This is not
a *final* cleanup callback, since Ethereal will still have that trace file
open for random-access reading.
I didn't have tethereal call postseq_cleanup_all_protocols() since
tethereal doesn't keep the trace file open for random-access reading.
I could easily be swayed to make tethereal call that function, however.
svn path=/trunk/; revision=4484
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
structure to the "packet_info" structure; only stuff that's permanently
stored with each frame should be in the "frame_data" structure, and the
"column_info" structure is not guaranteed to hold the column values for
that frame at all times - it was only in the "frame_data" structure so
that it could be passed to dissectors, and, as all dissectors are now
passed a pointer to a "packet_info" structure, it could just as well be
put in the "packet_info" structure.
That saves memory, by shrinking the "frame_data" structure (there's one
of those per frame), and also lets us clean up the code a bit.
svn path=/trunk/; revision=4370
specifies how the selector values used as keys in those tables are to be
displayed, and the title to use when displaying the table.
Use that information in the code to display the initial and current
entries of various dissector tables.
Have the dissector for BACnet APDUs register itself by name, and have
the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set,
rather than doing it with a dissector table.
svn path=/trunk/; revision=4358
pointer to a "struct dissector_table", containing a pointer to a hash
table and a pointer to a list of handles. Fix
"dissector_all_tables_foreach_func()" to understand that.
svn path=/trunk/; revision=4312
dissector table contain both a hash table, to use to look up port
numbers to find a dissector, and a list of all dissectors that *could*
be assigned to ports in that hash table, to be used by user interface
code.
Make the "Decode As" dialog box code use that.
Also make it *not* let you choose whether to set the dissector for both
the UDP and TCP versions of a port; some protocols run only atop TCP,
some run only atop UDP, and even those that can run atop both may have
different dissector handles to use over TCP and UDP, so handling a
single merged list would be a mess. (If the user is setting the
dissector for a TCP port, only those protocols that Ethereal can handle
over TCP should be listed; if the user is setting the dissector for a
UDP port, only those protocols that Ethereal can handle over TCP should
be listed; if the user is setting a dissector for both, only those
protocols that Ethereal can handle over *both* TCP *and* UDP should be
listed, *and* there needs to be a way to let the "Decode As" code get
both the TCP handle *and* the UDP handle and use the right ones. If
somebody really wants that, they need to implement all of the above if
they want the code to be correct.)
Fix the code that handles setting the dissection for the IP protocol
number to correctly update the lists of protocols being dissected as TCP
and as UDP; the code before this change wasn't updating the single such
list to add new protocols.
svn path=/trunk/; revision=4311
if found, return the dissector handle for that port.
Use that routine in the X.25 dissector; revert to attaching a dissector
handle to an X.25 virtual circuit.
svn path=/trunk/; revision=4310
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
svn path=/trunk/; revision=4296
than a pointer to a dissector function, as an argument.
This means that the conversation dissector is called through
"call_dissector()", so the dissector itself doesn't have to worry about
checking whether the protocol is enabled or setting
"pinfo->current_proto", so get rid of the code that does that in
conversation dissectors. Also, make the conversation dissectors static.
Get rid of some direct calls to dissectors; replace them with calls
through handles, and, again, get rid of code to check whether a protocol
is enabled and set "pinfo->current_proto" where that code isn't needed.
Make those dissectors static if they aren't already static.
Add a routine "create_dissector_handle()" to create a dissector handle
without registering it by name, if the dissector isn't used outside the
module in which it's defined.
svn path=/trunk/; revision=4281
from being required by anyone other than packet-data.c.
It can now be accessed with call_dissector() with the name "data".
dissect_data is now also of dissect_t.
svn path=/trunk/; revision=4271
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
"old_dissector_try_port()".
There are no longer any old-style heuristic or conversation dissectors,
so get rid of "old_heur_dissector_add()" and "old_conv_dissector_add()"
and the data-structure members that support old-style heuristic and
conversation dissectors.
svn path=/trunk/; revision=3478
dissector_handle in a static variable in packet.c. Changed dissect_packet
to call dissector from using the call_dissector() function and the cached
dissector_handle for frame_dissector. Changed the order of function
calls in epan_init() to allow for this change ( it sucks to look up
a dissector when none are registered ).
svn path=/trunk/; revision=3234
to_str.{c,h}. Resolved strange situation where ipx_addr_to_str was
declared in packet.h but defined in packet-ipx.c by moving
ipx_addr_to_str, ipxnet_to_str_punct, and ipxnet_to_str from packet-ipx.{c,h} to to_str.{c,h}
svn path=/trunk/; revision=3219
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
In the CLNP dissector, set the source and destination network-layer and
"top-level" addresses; this will cause them to show up in the source and
destination columns of the summary display if you're showing the
network-layer or top-level address (although you'll probably have to
widen those columns significantly to see the entire address), and also
makes them available to subdissectors.
svn path=/trunk/; revision=3131
the handle has been disabled, return after calling "dissect_data()",
rather than driving on and calling the dissector anyway.
svn path=/trunk/; revision=3001
It was the last dissector that used "old_call_dissector()", and
tvbuffifying it got rid of that, so get rid of "old_call_dissector()".
svn path=/trunk/; revision=2892
"{old_}dissector_try_port()", so that its value doesn't get changed out
from under a dissector that calls "{old_}dissectory_try_port()".
svn path=/trunk/; revision=2890
dissector, save the current value of "pinfo->current_proto" and restore
it before returning; when you return, you're back in the dissector that
called the routine to call a dissector, so the current protocol is the
one for that dissector. This may be important if a dissector calls a
subdissector and, after it returns, processes stuff in the packet after
the stuff dissected by the subdissectror.
This means it's safe for "dissector_try_heuristic()" to set it before
calling a heuristic dissector, as it'll put back the previous value when
it returns.
svn path=/trunk/; revision=2886
dissector is enabled and, if not, return FALSE, just as if there hadn't
been any entry for that port number in the table. If it is enabled, set
"pinfo->current_proto" from its short name before calling the dissector.
In "dissector_try_heuristic()", check whether the protocols for
dissectors are enabled and, if not, skip those dissectors, just as if
they hadn't been in the table. (We don't set "pinfo->current_proto"
before calling a dissector, as we don't know whether the dissector in
question will be the one to dissect the packet. Arguably, we should
have, for heuristic dissectors, separate "recognize" and "dissect"
routines, where the former never throws an exception and returns TRUE or
FALSE, and the latter is called only if the "recognize" routine claimed
the frame, and is just a "dissector_t" that doesn't return a value.)
In "{old_}call_dissector()", check whether the protocol for the
dissector is enabled and, if not, call "{old_}dissect_data()". if it is
enabled, set "pinfo->current_proto" from its short name before calling
the dissector.
svn path=/trunk/; revision=2861
address and a pointer to a character buffer as arguments, and puts a
printable form of the IP address into the buffer. Make "ip_to_str()"
use it.
Make "host_name_lookup()" use "ip_to_str_buf()", not "ip_to_str()", so
that it doesn't trash any strings that a dissector has gotten with
"ip_to_str()" (for example, the ARP dissector gets strings for the
source and target protocol addresses, and then may attempt to register
names for the source and target hardware addresses with
"add_ether_byip()"; if "host_name_lookup()" fails to find a host name
for the IP address, it shouldn't use "ip_to_str()" to generate an IP
address string to associate with the IP address, as if that's done twice
it'll run out of "ip_to_str()" buffers - there're only 3 of them - and
trash one of the IP address strings the ARP dissector got).
svn path=/trunk/; revision=2850
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
exports it.
Make the pointer that points to the GMemChunk for per-frame data static
to "epan/packet.c", as it's not used outside "epan/packet.c".
svn path=/trunk/; revision=2741
Guy Harris