I still have compile warnings, but I am too tired to chase them down.
Have also fixed a number of problems.
Next thing to add is a general engine that can decode Transact messages
as they can be decode from the descriptors in the Parameters area, and I
can feed in a list of names where we know what a structure looks like,
otherwise we use made up names.
svn path=/trunk/; revision=1079
Add EXPORTALL, which is identical to EXPORT.
Make static and/or const a number of things that can be made static or
const.
svn path=/trunk/; revision=1078
(in the src/dst of the CList). In order to do this, I had to:
1. Add a new function, ether_to_str_punct(const guint8*, char) which
turns a 6-byt ether address into a string, using whatever punctuation
is passed as the char. If a null char is passed, no separator
is put between the hex digits. Unresolved IPX addresses look better
with the ether portion having no punctuation (IMHO)
2. Changed ether_to_str() to call ether_to_str_punct with ':' as the char
argument. That is, code abstraction.
3. MAXNAMELEN was moved from resolv.c to resolv.h so that packet-ipx.c
could see it.
4. A new resolve function, get_ether_name_if_known(), returns the resolved name
of an ether address, or NULL if there is none. This differs
from get_ether_name() by returning NULL rather than a text version
of the ether address.
svn path=/trunk/; revision=1076
dashes or colons as punctuation. Added period as a valid separator, to make
the resolve routines congruent with the display filter syntax options.
Document the fact that both /etc/ethers and $HOME/.ethereal/ethers are
used for resolving hardware address names. I did not know this until
I discovered it in resolv.c!
svn path=/trunk/; revision=1074
stuff them into shared read-only space.
Put the "VALS()" cast macro into the initialization of an
"hf_register_info" array.
svn path=/trunk/; revision=1072
ip_to_str() is 7 times faster than my sprintf() implementation (both of
which take very little time for the single call that match_selected() makes,
but you know....)
svn path=/trunk/; revision=1071
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
svn path=/trunk/; revision=1070
If a interface type is not recognized, set error to WTAP_ERR_UNSUPPORTED
instead of WTAP_BAD_RECORD.
Continue to check for X.25, FDDI, and loopback traces via the interface
name instead of the newly-discovered if_type field in the packet header.
Once Olivier confirms that his traces still work by checking only if_type,
I'll change the code. But he's on vacation right now. ATM, Ethernet, and
Token-Ring are discovered via the if_type field.
svn path=/trunk/; revision=1063
eth.length were being pulled put into the proto_tree (logical and GUI),
but the fields were highlighted in the hex dump w/o adding offset.
svn path=/trunk/; revision=1062
Also, explicitly compare the result of "memcmp()" against 0 - the
appearance of a comparison operator in the expression makes it clearer
what test is being done.
svn path=/trunk/; revision=1061
them - don't "#if 0" out the initializers for "hf[]", "#if 0" out the
entire declaration of "hf[]" and the call that uses "hf[]".
svn path=/trunk/; revision=1059
AppHLType is the subtype of that type; set them appropriately (as best
we can, given that we can only *guess* what kind of traffic it is) for
"iptrace" captures in Wiretap. (Alas, more work is needed to
distinguish Ethernet from Token-Ring LANE traffic....)
Handle VPI = 0, VCI = 5 as the Signalling AAL in "iptrace" captures.
svn path=/trunk/; revision=1058
all packets are recognized yet, but ILMI and Classical IP (LLCMX) are.
The ATM iptrace facility uses the ngsniffer_atm_phdr pseudo header so that
ethereal doesn't have to worry about yet another psuedo header.
svn path=/trunk/; revision=1057
(remove commas following the last member of an enum, make all bit fields
"guint32" - GCC lets you get away with that, but at least some other
compilers don't).
svn path=/trunk/; revision=1052
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
and on a comment that "libpcap"/BPF on AIX appears to return 6 as the
network type for an Ethernet device - the BSD IFT_ETHER is 6.
svn path=/trunk/; revision=1048
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
svn path=/trunk/; revision=1046
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
There was a core dump because of a coding oversight. Should be fixed
now Gilbert.
Should now handle names of form \<somepipe>
Will screw up if there is no leading slash, but in a non-fatal way, I
think.
svn path=/trunk/; revision=1041
hex window to scroll so that the data in the currently-selected field is
visible, but merely revealed core-dumping bugs in GTK+.
svn path=/trunk/; revision=1040
store the field_info pointer, from which we can get both "start" and
"length" (and "hfinfo" and "value", which I'm working towards, so that
match_selected, or a new function, and create a display filter based on
the field's name, instead of byte offset ).
svn path=/trunk/; revision=1039
dissect_rpc_string. Replaced only instance of this routine being called.
Added display filtering to rpc dissector. Replaced most instances of
proto_tree_add_text with proto_tree_add_item.
Added program version and procedure to the program tree in addition to it
being in the RPC tree.
svn path=/trunk/; revision=1037
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
svn path=/trunk/; revision=1032
destination address for calls and the source address of the reply - we
should't require the server address to be the same for a call and reply,
as they may not be on a multi-homed server (clients presumably check the
XID only, or perhaps the XID and the port whence the reply came,
although with TI-RPC I don't think they can check the port without
checking the address as well).
This requires that the conversation code not assume that the source and
destination addresses for a given packet in a conversation have the same
type, so, when comparing addresses for equality, it must explicitly
check the address types.
In said code, also check the port numbers before we check the addresses
- testing ports is cheaper, as they're just integers, and there's
probably a decent chance that you won't see two conversations between
different pairs of hosts and the *same* pair of ports in a capture file,
so the cheaper port tests are probably decently likely to fail first.
svn path=/trunk/; revision=1031