The attached patch augments the epan/dissectors/packet-frame.c module to optionally generate MD5 hashes of each packet. These MD5 hashes are calculated in the same
manner as the MD5 hash used for duplicate packet removal by the editcap utility.
The ability to generate the MD5 hashes can be enabled or disabled by a new boolean preferences option: frame.generate_md5_hash. By default MD5 hash generation is disabled.
To help identify frames with matching MD5 hashes this patch also includes a new
display filter: frame.md5_hash.
svn path=/trunk/; revision=27150
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
on the first fragment of a fragmented message. This allows us to continue
dissecting chunks even if one of the first chunks in the frame was fragmented.
(It's useful to keep doing this partial dissection just so we have some idea
what's in that chunk.)
(One could rightfully argue that you should only see a fragmented chunk
bundled with another chunk when retransmitting but, well, I'm staring at
traces of an implementation--to remain nameless to protect the guilty--which
is sometimes fragmenting and then bundling the fragments into one packet.)
svn path=/trunk/; revision=23471
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
routines and routines using those routines. GLib might use different
modifiers for 64-bit quantities than the platform's C library does.
svn path=/trunk/; revision=21990
Fix for bug #491: Unexpected frame.time_delta behavior
This patch ... fixes bug 491. It does this by changing the
behaviour of the frame.time_delta field so it reflects the delta
time between captured packets (tshark already did this). To keep
the delta time between displayed packets, the field
frame.time_delta_displayed is created.
svn path=/trunk/; revision=21154
for consistency. The frame.pkt_len filter is now deprecated, but still
supported as a hidden field for an easy transition. The new field name is
frame.len.
svn path=/trunk/; revision=20519
So make the field "frame.marked" visible and tag it as generated.
Move both "time reference" and "marked frame" fields towards the end of the "frame" protocol fields.
Should be copied over to trunk-1.0
svn path=/trunk/; revision=18435
(report luns with allocation length 8 for example)
Therefore it is a bit wrong to mark these packets as [malformed packets]
Since they are truncated by scsi and this is NOTY an error condition.
Add a new exception type : ScsiBoundsError
If this exception is caught by packet-frame, then print an appropriate message
instead of [malformed packet]
For SCSI, add helper macros TRY_SCSI_SHORT_PACKET and END_...
If the packet was not short in the normal sense (snaplen < packetlen) then intercept the exception for BoundsError and rethrow it as ScsiBoundsError instead.
svn path=/trunk/; revision=17611
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17451
dont play games with lnk_t
If the preference is set to unconditionally dissect everything as docsis just call the docsis handler directly.
svn path=/trunk/; revision=17377
This file uses SEH which AFAIK is only available for MS Visual-C.
I build using MingW/gcc, so the attached patch is needed.
svn path=/trunk/; revision=17102
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
This way we (hopefully) can continue dissecting with the next packet, even if a more serious exception had occured, e.g. a memory access violation or a divide by zero exception.
Obviously, not all problems solved, as SEH won't protect us from other problems, e.g. endless loops and such
svn path=/trunk/; revision=17070
Patch for COTP reassembly.
There does not seem to be any reasonable or cleaner way to fix COTP
reassembly than adding the frame.[ch] patch.
svn path=/trunk/; revision=16813
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
user by crashing due to a null pointer dereference, punish the dissector
writer by saying he or she didn't bother providing an explanation of the
error.
The exception message isn't a const string any more; make the
"exception_message" argument to "show_exception()" a "char *", not a
"const char *".
svn path=/trunk/; revision=15251
message not be const (as we generate messages with "g_strdup_sprintf()",
which means they need to be freed; using a null message means that we
don't have to use a special string for exceptions with no message, and
don't have to worry about not freeing that).
Have THROW() throw an exception with a null message pointer. (This
means that you crash if you throw DissectorError with THROW(). Don't do
that - it means you don't get a more detailed explanation of the
dissector problem. Use the DISSECTOR_ASSERT, etc. macros in
epan/proto.h instead.)
Free the exception message for DissectorError, as it's mallocated.
svn path=/trunk/; revision=15250
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
this is useful since some bugs only trigger ia crash on some platforms.
example bug 255 which does not trigger a crash on linux redhat 7.1
svn path=/trunk/; revision=14727
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
Add a DISSECTOR_ASSERT() macro, which is the usual type of assertion
macro, but throws a DissectorError exception with a message giving the
flien and line number and the failed test as a string. Use that macro
in "alloc_field_info()".
Report that exception in the Info column and the protocol tree, as well
as logging the exception failure with g_warning().
svn path=/trunk/; revision=13078
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410