starting and ending frame number, and circuits with the same circuit ID
are sorted by the starting frame number (the last circuit can have 0 as
the ending frame number, meaning "unknown"), and, when looking up a
circuit, we take a frame number as an argument and return the circuit
that includes that frame.
Add a new circuit ID type for X.25 virtual circuits, and use the circuit
mechanism to keep track of the dissector for an X.25 virtual circuit
rather than having a private mechanism.
svn path=/trunk/; revision=6580
the end, although they're empty in all messages I've seen; put in a
comment noting that.
NTLMSSP_CHALLENGE messages sometimes don't appear to have the address
list; it doesn't seem to be indicated by:
any flags in the previous NEGOTIATE message other than the
Negotiation Workstation Supplied, Negotiate Domain Supplied, or
Negotiate UNICODE, but it doesn't make sense for those to affect
it, as they affect unrelated things;
any flags in the CHALLENGE message other than Negotiate OEM or
Negotiate UNICODE, but those don't make sense.
So we just check whether the address list descriptor would be in the
middle of the domain name string and, if so, assume it's absent.
NTLMSSP_AUTH messages sometimes lack both the session key and the
negotiate flags; that appears to be controlled by th Negotiate Key
Exchange flag in the initial NEGOTIATE message - if not set, those
fields are missing. We therefore remember the NEGOTIATE flags in a
conversation, and attach them to frames containing AUTH messages; we
also need those flags to determine whether the strings in the AUTH
message are Unicode or not.
Make lengths, maximum lengths, and offsets unsigned.
Display entries for empty blobs and address lists.
svn path=/trunk/; revision=6575
Make that rule work correctly, by making "ETHEREAL_TAP_SRC" refer to the
*source* files, making "ETHEREAL_TAP_OBJECTS" be the *object* files (as
generated from the list of source files), and adding
"ETHEREAL_TAP_OBJECTS" rather than "ETHEREAL_TAP_SRC" to the list of
objects to link.
svn path=/trunk/; revision=6574
handle to use to dissect GSS-API inner context tokens has to be stored
as per-frame data, not just as conversation data.
svn path=/trunk/; revision=6569
Replace the handling of PPP packets over GTPv1 and also
establish the handling of PPP packet over GTPv0. Additionally
IPv6 packets are handled in GTPv0 and GTPv1.
Explanation:
- old solution: examining the known PPP protocols is a tough
task, because there might be more in the future -> the list
must be extended more and more (the octet 0x00 has already
been added for PPP network layer protocols, but for protocol
field compression a lot of protocols must be inserted for
IPv4(0x21), IPv6(0x57), maybe IPX (0x2b) or AppleTalk (0x29),
...)
- new solution: It is easier the other way: the most significant
nibble of the first octet must be 4 for IPv4 and 6 for IPv6.
All other values are assumed to be PPP packets, including
packets beginning with values 0x40-0x44 (header too short for
IPv4 packet) and value 0x4f (PPP protocol type (IPv6 header
compression protocol) taking precedence over IPv4 packets with
header length of 60 octets).
svn path=/trunk/; revision=6568
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
This adds functions to register the command line arguments to use the API in the same way as is done for tethereal.
Later it may be extended to also register the GUI/Menu entry point to ethereal using this api but that iwll be later since the changes required to menu.c are not as intrusive as the main.c command line parsing ones were.
Some of the latest changes (before this checkin) has made ethereal to produce lots of GTK errors when starting up the extension windows.
They were there before this checking but will be investigated.
svn path=/trunk/; revision=6566
only in bind, bind_ack, alter_context, alter_context_response, and auth3
PDUs; they're a verifier of some sort in other PDUs. The verifier
appears to start with an OID for the real authentication mechanism if
the authentication type is SPNEGO.
svn path=/trunk/; revision=6563
support dissecting of v6 VPN NLRIs;
fix a little bug for displaying v4 nexthops using type 1 RD
style [dissecting started at wrong offset].
svn path=/trunk/; revision=6561
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.
Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add
-z proto,colinfo,nfs.fh.hash,nfs.fh.hash
as a parameter to tethereal.
Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.
svn path=/trunk/; revision=6560
Previous checkin did not make sense. We can not have a union without having the
union case value stored as a separate variable or else the receiving side will
not know how to decode the packet.
Therefore it can not be a union at all. Instead we have a REF pointer to a ulong
holding the number of elements, then a unique pointer to a conformant array
of structures.
Thus, the content of the reply packet for function_24 as well as
dsrolegetprimarydomaininfo can not be
[ref] PRIMARY_DOMAIN_INFO_EX_UNION *pdi;
but instead MUST be
long num_entries;
[unique][size_is(num_entries)] PRIMARY_DOMAIN_INFO_EX *pdi;
svn path=/trunk/; revision=6559
fix the name of the file in the introductory comment.
Get rid of unnecessary include of "prefs.h".
Make the MAC address fields FT_ETHER rather than FT_BYTES.
Get rid of CRs at the ends of lines.
svn path=/trunk/; revision=6553
Additional cleanups added when no longer nessecary to pass through two levels of pointers to get to the DOMAIN_CONTROLLER_INFO structure in the code.
svn path=/trunk/; revision=6550
dcerpc layer (and the subdissectors using dissect_ndr_uuid_t()) so that
it is possible to use display filters on these items.
svn path=/trunk/; revision=6547
captures.
Use #defines rather than magic numbers for various header sizes, and put
in a comment explaining the header formats.
svn path=/trunk/; revision=6545
filter, as in "ip.src == x.x.x.x || ip.src == y.y.y.y". My previous
change to allow filtering on multiple fields of the same name moved
some code into the wrong block within the function, causing the error.
svn path=/trunk/; revision=6544
ZeroWindow: ZeroWindow segments are detected and flagged
ZeroWindowProbe: detected and flagged
ZeroWindowViolation: attempts to write >1 byte of data to a zerowindow is detected and flagged.
svn path=/trunk/; revision=6543
"strrchr()", not "index()" and "rindex()"; MSVC++ doesn't declare
"index()" or "rindex()" if you include <string.h>, and they're
non-standard routines (the ANSI C names for those functions are
"strchr()" and "strrchr()").
Add a bit more to the other portability note on the topic of
non-standard vs. ANSI standard functions.
svn path=/trunk/; revision=6539
"rindex()" if you include <string.h>, and they're non-standard routines
(the ANSI C names for those functions are "strchr()" and "strrchr()").
svn path=/trunk/; revision=6538
one byte, so fetch it with "tvb_get_guint8()", not "tvb_get_ntohl()".
Put in the location in the GPRS standard where that's defined, while
we're at it.
svn path=/trunk/; revision=6533
Similar to what is available on ethereal:/Tools/ProtocolHierarchyStatistics
but this one can handle ALL protocols that tethereal has dissectors for.
Maybe a gtk/gtk2 version of this should replace the existing one in ethereal?
Try -z io,phs or -z io,phs,<filter> to test it.
svn path=/trunk/; revision=6532
Guy Harris