Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
a time, so we dissect as far as we can.
Set the length of the EAP protocol item to the length of an EAP header.
Put information into the Info column about the EAP code and, for a
request or response, the EAP type.
svn path=/trunk/; revision=4798
"init_dissection()" which calls "epan_conversation_init()", does the
work that "init_all_protocols()" did, and then calls
"reassemble_init()", so that the standard sequence of dissection
initialization is done in one place, rather than having multiple places
call the same sequence of routines.
svn path=/trunk/; revision=4797
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
hash table before freeing the memory chunks for those elements.
Destroy that hash table when we're done, and set the pointer to it to
null so that we'll reallocate it.
svn path=/trunk/; revision=4794
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
handed looks as if it contains only a TPKT header (4 bytes long, and
those 4 bytes look like a TPKT header according to "is_tpkt()"), call
the "dissect TPKT over a TCP stream" routine. If we're doing
reassembly, that routine will force a reassembly because the TPKT
payload isn't in that segment, and the various heuristic XXX-over-TPKT
dissectors will be called again, this time with enough data for them to
say whether the TPKT payload is for them or not; if we're not doing
reassembly, we'll dissect the TPKT header and then call the "dissect a
Q.931 PDU" routine, which will throw an exception because there isn't
any payload from which to fetch data (and that's what we want to
happen).
In the "dissect TPKT over a TCP stream" routine, if reassembly is
enabled, do the check to see if we need to do reassembly to get the
payload before dissecting the TPKT header, so that we don't dissect the
TPKT header and then decide "oops, we need some more data to get the
TPKT payload".
svn path=/trunk/; revision=4792
have a TPKT header at the beginning, so there's not need for it to have
an offset as an argument; its callers don't have to know how big the
TPKT header is (or we can put a #define in "packet-tpkt.h" for it). Get
rid of the second argument.
svn path=/trunk/; revision=4791
Put in a comment noting that the payload of EAPOL Encapsulated ASF Alert
messages should perhaps be dissected as SNMP Trap messages.
Put the type of the message into the Info column.
svn path=/trunk/; revision=4789
Give the type field a value_string array, and use that field when
putting the type into the protocol tree.
Display the data under the EAPOL tree, as it's part of the EAPOL PDU.
Just use "next_tvb" as the tvbuff for the data; don't create a new one
that, the different fourth argument to "tvb_new_subset()"
nonwithstanding, refers to the same data as "next_tvb".
Call the EAP dissector through a handle.
Nobody directly calls the EAP dissector any more, they all call it
through handles; make it static.
svn path=/trunk/; revision=4787
when dissecting messages over TCP, so that an error in one message
doesn't stop us from dissecting the next message in the segment, if any.
Put an XXX comment before the code that constructs the tvbuff for each
message inside a TCP segment, noting that we really want tvbuffs to have
three lengths and to have a new type of exception thrown if you go past
the second length but not past the reported length.
svn path=/trunk/; revision=4782
Add more type values for EAP.
Fix off-by-one bug when displaying Code of EAP message.
Get rid of an unnecessary "volatile".
Give the code and type fields value_string arrays, and use them when
putting the code and type into the protocol tree.
Base the decision of whether to put the type field into the tree on the
request code, not on the length of the packet.
Display the Type-Data field, under that name, under the EAP tree, as
it's part of the EAP PDU.
svn path=/trunk/; revision=4779
packets per segment.
Instead of having a routine for dissectors such as the Q.931 dissector
to call to dissect the TPKT header, have a routine that does all the
reassembly and multiple-packets-per-segment work, and have the Q.931
dissector call it. Export "is_tpkt()", and the new routine, to plugins.
Add preferences for TPKT and Q.931 reassembly.
svn path=/trunk/; revision=4778
across segment boundaries and to, for each DNS-over-TCP PDU, create a
tvbuff containing the header and the body of the PDU, handing that to
the DNS PDU dissector.
svn path=/trunk/; revision=4776
support for Openwave-specific WSP headers;
support for Openwave-specific field names;
support for additional content types from Openwave;
support for additional language values.
svn path=/trunk/; revision=4775
how many bytes remain in the packet starting at the initial offset of
the tagged parameters, not by seeing how many bytes remain in the packet
starting 4 bytes later. (If you're trying to avoid counting a CRC that
appears at the end of the packet data, then you need to be sure there
*is* a CRC first; this may require using a different DLT_ type, in
libpcap, for those captures.)
svn path=/trunk/; revision=4769
and using gdb, extract the packet that was being dissected when the
core file was created. It works in simple cases; it will probably
fail in many other cases. Right now it only creates libpcap files, and uses
text2pcap to do so.
svn path=/trunk/; revision=4767
remembers SMBs for request/response matching, and make sure the request
and the response have the same type (or that the response has a
different type but is a valid response to the request).
svn path=/trunk/; revision=4763
call is a "ypreq_key"; the argument appears to be a "ypreq_nokey"
instead.
The response to an ALL call isn't a single item, it's a sequence of
items - all but the last item has the "more" field true, the last has it
false. Show all the items.
svn path=/trunk/; revision=4762
as raw TCP segment data under the TCP protocol tree item, rather than as
a top-level data item - and do so even for the last of the segments
reassembled into that packet.
svn path=/trunk/; revision=4754
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
argument, so if the length was supplied as -1, it can set it to the
length of data remaining in the tvbuff, so that its callers can use that
length when getting the value for the field, rather than leaving the
length in the "field_info" structure as -1.
svn path=/trunk/; revision=4752
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749