The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
svn path=/trunk/; revision=6790
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
svn path=/trunk/; revision=6778
Support for mDNS/LLMNR "cache flush" bit
Label mDNS and DNS differently in the Protocol column
Clean up summary line for PTR records
svn path=/trunk/; revision=6709
In a Router-LSA in an OSPF LS Update packet it was difficult for
the untrained to associate the informations in the link list to
the single links. This patch adds a subtree for each link with
a short summary in the tree "title".
svn path=/trunk/; revision=6677
This patch fixes decoding of the newSuperior attribute of an
LDAPv3 modrdn request. The current implementation attempts to
decode the attribute as an LDAPDN (Octext String, 0x4), when its
definition is actually Context 0 (0x80).
svn path=/trunk/; revision=6672
In OSPF(both OSPFv2 and OSPFv3),
I think it is popular that
1) LS Sequence is represented in %0x08x format
2) External Route Tag is represented in %u format
svn path=/trunk/; revision=6638
work when a build is done outside the source tree, and make
"ethereal-tap-register.c" depend on the script that builds it.
svn path=/trunk/; revision=6626
- correct typos in comments
- remove obsoleted definition of GTP_PPP_0x00, ...
- remove distinction between GTP and PPP for col_append_str_gtp(),
because this layer is GTP (or GTP-U), but never PPP
svn path=/trunk/; revision=6614
Make that rule work correctly, by making "ETHEREAL_TAP_SRC" refer to the
*source* files, making "ETHEREAL_TAP_OBJECTS" be the *object* files (as
generated from the list of source files), and adding
"ETHEREAL_TAP_OBJECTS" rather than "ETHEREAL_TAP_SRC" to the list of
objects to link.
svn path=/trunk/; revision=6574
Replace the handling of PPP packets over GTPv1 and also
establish the handling of PPP packet over GTPv0. Additionally
IPv6 packets are handled in GTPv0 and GTPv1.
Explanation:
- old solution: examining the known PPP protocols is a tough
task, because there might be more in the future -> the list
must be extended more and more (the octet 0x00 has already
been added for PPP network layer protocols, but for protocol
field compression a lot of protocols must be inserted for
IPv4(0x21), IPv6(0x57), maybe IPX (0x2b) or AppleTalk (0x29),
...)
- new solution: It is easier the other way: the most significant
nibble of the first octet must be 4 for IPv4 and 6 for IPv6.
All other values are assumed to be PPP packets, including
packets beginning with values 0x40-0x44 (header too short for
IPv4 packet) and value 0x4f (PPP protocol type (IPv6 header
compression protocol) taking precedence over IPv4 packets with
header length of 60 octets).
svn path=/trunk/; revision=6568
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
one byte, so fetch it with "tvb_get_guint8()", not "tvb_get_ntohl()".
Put in the location in the GPRS standard where that's defined, while
we're at it.
svn path=/trunk/; revision=6533
builds with zlib - "zlib.h", alas, includes <winsock.h>, and you can't
include <winsock.h> before including <winsock2.h> (at least you can
include <winsock2.h> before including <winsock.h>; thank heaven for
small favors).
svn path=/trunk/; revision=6427
can compile the code.
Note that Bill Fumerola rewrote the Cisco NetFlow dissector.
Update a bunch of addresses in the Ethereal man page, and put some
missing addresses in.
svn path=/trunk/; revision=6380
- strings are now in a subtree of a command, printing only the
text unless you go into the subtree (to see length, offset)
- generic blobs are the same as strings, only displayed in hex
- NTLMSSP challenge address lists are decoded
- a couple of unknown fields are now known
svn path=/trunk/; revision=6263
modified while the draw thread is walking it.
Changed the cmdline switch to -z so the same one can be used both for
ethereal and tethereal.
Updated man pages to reflect the RPCSTAT feature.
(Try this with Tools/Statistics/ONC-RPC/RTT and load a capture containing
onc-rpc. )
svn path=/trunk/; revision=6189
information.
Fix the types of some variables (make the file position in
"read_cap_file()" a "long", as Wiretap supports "long" offsets, and make
processed-packet counts in packet-processing loops "int"s, as the total
packet count in a "capture_file" structure is an "int").
svn path=/trunk/; revision=6112
more complete support for L2VPNs as described in
draft-kompella-ppvpn-l2vpn;
fix a segfault in the extd_community decoder;
more consistent SAFI strings (tcpdump);
more robust V6 decoding (the assumption that v6 may come
only in unlabeled form is wrong :-|)
svn path=/trunk/; revision=6093
Put "bytes" after the byte counts for the frame sizes in the
top-level item for the "Frame" protocol, to make it clearer
what they refer to.
Put the source and destination MAC addresses into the top-level
item for Ethernet.
svn path=/trunk/; revision=6090
Basic support for AFI & Extd communities in
draft-kompella-ppvpn-l2vpn
More robust handling for unknown AFIs in BGP MP(UN)REACH NLRIs
Fix typos.
svn path=/trunk/; revision=6079
Ethereal sometimes creates a progress dialog bar and then, if
the processing is fast, quickly destroys it. The resulting
"flash" can be disconcerting. This set of patches ensures a
progress bar is either not created or is displayed for a minimum
time.
svn path=/trunk/; revision=5916
DOCSIS support, including support for "Ethernet" captures where
the raw frame is a DOCSIS frame rather than an Ethernet
frame (some Cisco cable-modem head-end gear can send out a
trace of all traffic on an Ethernet, but what it sends are
the raw bytes of DOCSIS frames, not Ethernet frames)
Get rid of second AUTHORS entry for Devin Heitmueller, merging its item
into the older entry.
Clean up the order of some lists of plugin items.
svn path=/trunk/; revision=5861
the command-line options are processed, so that we don't crash if you've
set the "column.format" preference from the command line.
Fix a grammaro in a comment.
svn path=/trunk/; revision=5838
Don't add "-I/usr/include" to CFLAGS or CPPFLAGS; GCC 3.1 warns
about it, and it's not necessary.
Expand the plugin directory path used for installation at
installation time, rather than configuration time, so the user
can reset "prefix" at installation time.
svn path=/trunk/; revision=5828
Add Zone Information Protocol support.
Rename "ddp.dst.socket" and "ddp.src.socket" to "ddp.dst_socket"
and "ddp.src_socket", as the socket number is no longer
considered part of the DDP address.
svn path=/trunk/; revision=5800
match the following latest drafts:
o draft-ietf-dhc-dhcpv6-26.txt
o draft-troan-dhcpv6-opt-prefix-delegation-01.txt
o draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt
svn path=/trunk/; revision=5765
mangling of the 802.11 dissector, and optional processing of an FCS at
the end of the frame.
When dissecting the frame-type-dependent part of the header, dissect all
management frames (including ones with an invalid subtype) the same, and
dissect all data frames (including ones with an invalid subtype) the
same.
svn path=/trunk/; revision=5696
requests - the data part of the AFS authentication request
(hf_afs_kauth_data) is displayed as a string whilst declared as a binary
array in "packet-afs-register-info.h".
svn path=/trunk/; revision=5661
This fixes some bugs:
1. With the -S option under Linux, Capture/Stop or ^E was
ignored until the next packet was read. This is because
capture.c wasn't checking for EINTR from select(), which is
returned when the child receives SIGUSR1 from the parent.
2. When reading from a pipe, a spurious error message from
pcap_open_live() was written to stderr.
3. Error messages from the child in Sync mode were displayed in
a Warning alert box.
Also, there's a new subroutine, popup_errmsg(), to replace
several instances of duplicate code.
svn path=/trunk/; revision=5616
- Exit if an error is found in the options or arguments.
- In print_usage(), improve the visibility of any getopt() error
message by suppressing the version information when -h is not
specified, and by adding an empty line.
Ethereal:
- If the -k option is specified, use the interface in the preferences
file, if present.
- Prevent the user from specifying any hidden options which are used
internally in -S mode.
Tethereal:
- Fix a memory leak in the processing of the -f option.
- In print_usage(), change "capture file type" to "output file type",
which I think is clearer; move the -q flag from the non-libpcap case
to the libpcap case.
svn path=/trunk/; revision=5525
1) OSPF Link State Request packet in V2 has 4-octets LS type field
whereas 2-octets MBZ and 2-octets LS type field in V3.
2) 6th argument to proto_tree_add_item() has to be boolean value.
svn path=/trunk/; revision=5456
static, and add a new "packet-data.h" to declare "proto_data".
Display escape sequences in octal in the IAPP dissector, as is now done
in the RADIUS dissector.
svn path=/trunk/; revision=5441
Don't show progress bar for quick "Find Frame" searches
Add "Find Next" and "Find Previous" to repeat searches
Add documentation for "Find Next" and "Find Previous".
svn path=/trunk/; revision=5378
frame is marked, so that you can use Find Frame to find the next marked
frame, and can filter the display to show only marked frames.
Update the documentation to note that "frame.marked" is set on marked
frames.
svn path=/trunk/; revision=5377
Clean up the "Error processing TLV" error messages to
1) indicate the type of TLV
and
2) indicate the type of error.
Clean up white space.
Make routines static if they're not used outside this file.
svn path=/trunk/; revision=5237
method length and use that in all comparisons, from Blair Cooper.
Fix the check for "M-" to check also whether there are at least two
characters in the line.
svn path=/trunk/; revision=5071
field in the "Capture Options" dialog, put the descriptive name of the
device in parentheses after the actual device path.
svn path=/trunk/; revision=5070
count display.
Update the Tethereal man page to reflect the new option.
Update both the Ethereal and Tethereal man pages to use the same style
to describe options, e.g.
-Z Cause Ethereal to draw the mark of Zorro on the display.
rather than
-Z Causes Ethereal to draw the mark of Zorro on the display.
(some were using the first and some were using the second).
Update the Ethereal man page to do the same for menu items.
Update both the Ethereal and Tethereal man pages to better describe the
"-N" flag (by noting that any form of name resolution *not* specified in
the flag is turned *off*).
svn path=/trunk/; revision=5005
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
In the "configure.in" files, add
-D_U_="__attribute__((unused))"
to CFLAGS if we're using GCC, and add
-D_U_=""
otherwise, so _U_ can be used to mark arguments as unused.
Add -D_U_="" arguments to the Makefile.nmake files as well, so _U_ works
with Microsoft Visual C++ as well.
Add comments and RCS IDs to the Makefile.nmake files that don't already
have them.
svn path=/trunk/; revision=4824
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
set the columns, for use with EAP payloads inside RADIUS packets.
From Adam Sulmicki: dissect SSL-encoded stuff inside EAP.
svn path=/trunk/; revision=4806
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
Add more type values for EAP.
Fix off-by-one bug when displaying Code of EAP message.
Get rid of an unnecessary "volatile".
Give the code and type fields value_string arrays, and use them when
putting the code and type into the protocol tree.
Base the decision of whether to put the type field into the tree on the
request code, not on the length of the packet.
Display the Type-Data field, under that name, under the EAP tree, as
it's part of the EAP PDU.
svn path=/trunk/; revision=4779
support for Openwave-specific WSP headers;
support for Openwave-specific field names;
support for additional content types from Openwave;
support for additional language values.
svn path=/trunk/; revision=4775
Communities attribute in a BGP Update message.
Also, get rid of an extra space before a colon in the display for that
attribute, which isn't in other attributes.
svn path=/trunk/; revision=4732
reassembled TCP data being able to indicate that they need still more
reassembly, so that, for example, a dissector can indicate that it needs
reassembly in order to dissect a header that says how long the PDU is
and, when that reassembly is done and it dissects the header, it can
then indicate that it needs more reassembly to get the entire PDU.
svn path=/trunk/; revision=4694
check for GNU "sed", and skip the "bad sed" checks if it's
found;
check for "/bin/sed" as well as "/usr/bin/sed" on Solaris;
put the "sed" checks into a separate section of code with its
own test for the host OS, to make it a bit cleaner to add any
checks needed on other OSes.
svn path=/trunk/; revision=4681
The original checkinstall assumed /usr/local as the GTK+ install
install directory even if an alternate directory directory was
specified when configure was run. checkinstall now checks for
GTK+ in the configured directory and punts (checks if gtk-config
is in the path) if it doesn't find GTK+ in the configured
location.
svn path=/trunk/; revision=4595
Support for generating filter expressions based on packet list
column values
Support for adding filter expressions generated from column or
protocol tree field values to the current expression rather
than replacing the current expression
svn path=/trunk/; revision=4522
Add some missing files in the "clean" targets.
Use pod2html rather than man2html to build HTML man pages.
Fix ethereal.nsi.in for recent versions of NSIS, and fix a typo.
svn path=/trunk/; revision=4475
"gboolean", as it's a Boolean value, and move it to the beginning of the
structure in Tethereal, as it is in Ethereal.
From Graeme Hewson:
Check for "pcap_dispatch()" returning -1, meaning an error
occurred; if it does, stop capturing, and report the error.
If we get a signal in tethereal, stop the capture with a
"longjmp()", rather than by clearning the "go" flag;
"pcap_dispatch()", on many platforms, keeps reading rather than
returning a captured packet count of 0 if the system call to
read packets returns -1 with an errno of EINTR, so the
"pcap_dispatch()" won't be broken out of if the signal handler
returns.
Fix a typo in an error message.
svn path=/trunk/; revision=4471
fixed to put something interesting there, fix the GIOP dissector to
restore the Protocol column if no heuristic dissector succeeded, and fix
up the plugin GIOP subdissectors to use "col_set_str()" to set the
Protocol column.
svn path=/trunk/; revision=4424
fix a bogus batch mode inference rule of make, so that
"vc60.pdb" files are created in the proper directory;
delete ".pdb" files in a "nmake -f Makefile.nmake clean";
include the text2pcap and mergecap ".pdb" files in the Windows
binary distribution.
svn path=/trunk/; revision=4385
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
Adds an "Add Expression..." button to the color filter
creation dialog.
Improve the look of the "Add color to protocols" window.
Clean up some ugly code.
Give John credit in the AUTHORS file for the coloring stuff.
svn path=/trunk/; revision=4301
display the returned FID in the Info column for NT Create And X
replies;
display the setup words, and treat the second word as a FID in
Transaction requests presumed to contain DCE RPC-over-SMB.
Add the FID to the Info column for other open/create replies while we're
at it.
svn path=/trunk/; revision=4219
1) print the payload length in AH headers correctly (the field's
value is length of the payload, minus 2, divided by 2, so we
have to add 2 before multiplying by 2);
2) correctly handle, in an SIOCGIFCONF list, entries whose
address has an "sa_len" field less than the size of a "struct
sockaddr" (the length of the address in an entry is the
maximum of the real length and the size of a "struct
sockaddr").
svn path=/trunk/; revision=4186
Frascone.
Small white-space fix.
Display the preference level in router advertisements as signed, not
unsigned, as per RFC 1256, which says it's a "signed, twos-complement
value".
svn path=/trunk/; revision=4118
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
I have enhanced the standard Ethereal Icon and added the following
renderings:
* 32x32 - 256 Colour with transparency
* 16x16 - 256 Colour with transparency
* 16x16 - 16 Colour
Add to the list of authors in the man page the names of people who've
contributed to Wiretap but not to the rest of Ethereal - there's
currently no Wiretap man page, so we might as well give them credit in
the Ethereal man page.
svn path=/trunk/; revision=4053