Use registered fields in both the TACACS and TACACS+ dissectors, and put
in Booleans for request vs. response in TACACS+, as it used to be there
(the request type determines that in TACACS).
svn path=/trunk/; revision=3689
table for IGMP packet types (we treat requests as "Query or Request", as
the type doesn't say which it is).
Base the query vs. request decision on the reported length of the
packet, not the captured length.
Checksum the packet only if it's not fragmented and the captured length
is greater than or equal to the amount to be checksummed, and, for
requests where we don't wire in the length to be checksummed, base it on
the reported length of the packet, not the captured length.
svn path=/trunk/; revision=3683
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
that's how Network Monitor displays them. (What are they if they're not
0xffff?).
The PDC Startup announcement message, if not short, includes an LMNT
token between the NT version and LM20 token.
After the DB Count in an Announce change to UAS or SAM message there are
that number of DBChange Info Structures, according to Network Monitor;
dissect them. After that, there is a domain SID size, and, if that size
is non-zero, a domain SID, and only then
In a SAM LOGON request, the domain SID size is a 4-byte quantity, not a
2-byte quantity, and is followed by a domain SID, an NT version, an LMNT
token, and an LM token, according to Network Monitor.
Display the NT version in decimal, as that's how Network Monitor
displays it.
svn path=/trunk/; revision=3666
LM token - it appears to have the value 0xffff in several captures, and
follows an "LMNT Token" field, so it might be an LM token.
svn path=/trunk/; revision=3663
Fixed up some longstanding bugs (predating the tvbuffification)
discovered during regression testing of the tvbuffification.
svn path=/trunk/; revision=3661
compressed Sniffer files by sequentially moving forward, and we no
longer seek backward by seeking to the beginning and then seeking
forward to the new position, we now seek to the beginning of the
compressed block that contains the target position, if we're not already
in that block, and then move to the appropriate position in that block.
svn path=/trunk/; revision=3658
- at least some versions of makewhatis (e.g., the Solaris version)
uses that name in a case-sensitive fashion, so you can't do "man
ethereal", say, you have to do "man Ethereal", and that doesn't work as
the man page file is "ethereal.1", not "Ethereal.1".
svn path=/trunk/; revision=3656
unnecessary as a result of the change that made subdissectors for
GIOP-based protocols register themselves with the GIOP dissector with
their protocol ID and had the GIOP dissector check whether the protocol
is enabled before calling its dissector, so that subdissectors can be
disabled from the "Edit->Protocols" dialog box.
svn path=/trunk/; revision=3654
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
the port - instead, base it on whether the dissector was called directly
from UDP or called from another WAP dissector.
That way, if you explicitly say "decode this as WTP" because there was a
redirection (or if, in the future, the WSP dissector handles
redirections for you, although that won't handle the case of a capture
where the redirection wasn't captured), the column doesn't say "UDP", it
says the right thing.
Don't register the WTLS dissector by name - nobody calls it through a
handle.
Register the WTP dissector by name, as the WTLS dissector tries to get a
handle for it - although it doesn't actually call it, or the WSP
dissector, through a handle.
svn path=/trunk/; revision=3647
invent something that's almost like "value_string" and almost like
"val_to_str()".
Split the command-code field into client and server command code fields,
make them enumerated fields, and put that field into the tree when
dissecting it in the header, not when putting the body into the tree.
Put the body of both unknown client and server requests into the tree,
and just label it as "Body", as is done with the body of known requests.
Display the status code in the same fashion in all places where it's put
into the protocol tree.
When dissecting a SRV_MULTI message, keep dissecting until we run out of
submessages - don't quit when we run out of data in the packet, as that
means we won't throw an exception and won't take the frame as short.
svn path=/trunk/; revision=3646
suggests, and that RFC 2858 obsoletes RFC 2283 which says you can,
doesn't matter - Ethereal's job isn't to enforce protocol standards or
to refuse to dissect stuff that doesn't conform to the final version of
standards; if it can dissect stuff that's now illegal but that wasn't
illegal in the past, and do so without causing problems when dissecting
currently legal stuff, it should so so, so that if you have captures
that include now-illegal stuff (perhaps from old devices that haven't
been upgraded, or from old captures), you can still see what was
happening.
svn path=/trunk/; revision=3644