stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.
svn path=/trunk/; revision=3939
dissectors to use it, from Ronnie Sahlberg, with additional changes to
handle the case where a frame contains messages that don't run past the
end followed by one that does and where a reassembled chunk has, at the
end, a message that runs past the end of that chunk (because the
reassembly was for an earlier message).
svn path=/trunk/; revision=3923
of protocol-id-plus-datum pairs, so that multiple protocols can attach
information to the same conversation.
Dissectors that attach information to a conversation should not assume
that if they find a conversation it has one of its data attached to it;
the conversation might've been created by another dissector.
svn path=/trunk/; revision=3901
that look up conversations in hash tables, unless they are arguments
that will be ignored; if they're not being ignored, then if the argument
is a null pointer you may get a crash if it's dereferenced, and if it's
not a null pointer you'll only get a match if the conversation has
whatever stuff the arguments points to as its first address or port.
If you match a conversation with a wildcarded address and/or port, and
the address and/or port matched a non-wildcarded search argument, and
the conversation is for a connection-oriented transport protocol, set
the wildcarded address and/or port for the conversation to the value
that matched it.
svn path=/trunk/; revision=3897
"try_conversation_dissector()" does - start with as exact matches as
possible, and then start doing wildcarding - so that it can find
conversations with wildcard addresses or ports even if both address and
port arguments are supplied to it.
svn path=/trunk/; revision=3893
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
directory in which global data files are stored. If an installed binary
is being run, that's the correct directory for them; if a build-tree
binary is being run, the "manuf" file will be there, and you can put
other data files there as well, if necessary.
Do the same with plugins, except that, if there's no
"plugins\\{version}" subdirectory of that directory, fall back on the
default installation directory, so you at least have a place where you
can put plugins for use by build-tree binaries. (Should we, instead,
have the Windows build procedure create a subdirectory of the "plugins"
source directory, with the plugin version number as its name, and copy
the plugins there, so you'd use the build-tree plugin binaries?)
Move "test_for_directory()" out of "util.c" and into
"epan/filesystem.c", with the other file system access portability
wrappers and convenience routines. Fix "util.h" not to declare it - or
other routines moved to "epan/filesystem.c" a while ago.
svn path=/trunk/; revision=3858
"standard" plugin directory, and, instead of getting PLUGIN_DIR (the
*real* installation directory) from the configure script, as can be done
in UNIX, attempt to get it by getting the full pathname of the currently
running program and assuming it's in the installation directory.
svn path=/trunk/; revision=3850
"void *" that a dissector can set to point to such a structure; that
means that the stuff in the epan directory doesn't have to know anything
about the protocol-specific private data one dissector passes to
another, and that structure doesn't have to be changed if a dissector
wants to pass some new type of data to another dissector.
svn path=/trunk/; revision=3818
fractions-of-a-second (the units of which are either milliseconds or
microseconds, specified by a Boolean argument), and formats it into a
"DD days, HH hours, MM minutes, SS seconds" using a buffer supplied to
it. Have "time_secs_to_str()" and "time_msecs_to_str()" both use it.
Also, have it correctly handle the case of SS being > 0 but < 1 (which
"time_msecs_to_str()" didn't do).
Rename "rel_time_to_str()" to "rel_time_to_secs_str()", and add a
"rel_time_to_str()" routine that takes a "struct timeval" and hands its
seconds and microseconds values to "time_secs_to_str_buf()". Use
"rel_time_to_secs_str()" to format FT_RELATIVE_TIME values for now; we
might want to use "rel_time_to_str()" for them, though, or make it an
option (either a user option, or a per-field option, using the field
that also holds BASE_ values).
svn path=/trunk/; revision=3806
Defect number: 0011
Date: Jul 26 2001
Releases of Kazlib affected: 1.10 through 1.19
Status: Fixed in 1.20
Modules affected: except.c
Description: Members of the except_t structure needed to be declared
volatile because the structure is automatically allocated in the
except macro, modified after a setjmp() takes place, and accessed
after control returns via longjmp.
Solution: Upgrade to 1.20 or backpatch the fix.
svn path=/trunk/; revision=3793
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
the "epan" directory, as well as the top-level directory, as there's
stuff in the "epan" directory that depends on that.
svn path=/trunk/; revision=3710
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
"pinfo->{len,captured_len}"-adjusting currently done by the IP
dissector, make the IP dissector call that rather than doing the work
itself, make the IPv6 dissector call that rather than just adjusting the
tvbuff length itself, and make the IPX dissector call that rather than
just adjusting "pi.{len,captured_len}" itself.
This cleans things up a bit, and causes trailers to be properly reported
in IPX-over-Ethernet frames.
svn path=/trunk/; revision=3621
to imply that
1) conversations have source and destination addresses and ports
- they don't (if they did, they'd be monologues, not
conversations), they just have two address/port pairs for the
two endpoints, with one or more of the address or port in the
second pair possibly being wildcarded;
2) the first and second address or port argument to
"find_conversation()" or "try_conversation_dissector()" have
anything to do with the first or second address/port pair in
a conversation - they don't, the two arguments to those
routines are matched against *both* address/port pairs for a
conversation;
as otherwise people might think that they need to add flags to wildcard
the first arguments "conversation_new()" or "find_conversation()" (they
don't, they just have to pass the non-wildcarded address/port first and
then pass the wildcarded one, even if that means passing the destination
first and source second).
svn path=/trunk/; revision=3537
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
structures as arguments, that evaluates to "true" if the two addresses
are equal and "false" if they're not equal. Use that macro in the
conversation code.
svn path=/trunk/; revision=3509
the glibc "strptime()" (modified so it doesn't require the rest of
glibc), set up the configure script to check for it, and set up
Makefile.am and Makefile.nmake to use it.
Get rid of NEED_MKSTEMP - nothing uses it.
svn path=/trunk/; revision=3500
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
value.
Check that the microseconds field of an absolute time is valid, if it's
present.
Set "tm_isdst" in the "struct tm" handed to "mktime()" to -1, so that
"mktime()" will attempt to figure out whether the time is daylight
savings time or not.
Check that "mktime()" was able to convert the time.
svn path=/trunk/; revision=3487
"old_dissector_try_port()".
There are no longer any old-style heuristic or conversation dissectors,
so get rid of "old_heur_dissector_add()" and "old_conv_dissector_add()"
and the data-structure members that support old-style heuristic and
conversation dissectors.
svn path=/trunk/; revision=3478
generated code, as per Chris Foulds' note.
Also, when constructing the system ID or area string, always append the
four-octet groups, rather than overwriting them, as we had been doing.
svn path=/trunk/; revision=3414
corresponding to a named field, by matching stuff at a particular offset
in the frame, don't treat a length of 1 byte specially - the syntax for
a one-byte byte string is the same as for longer byte strings, with no
leading "0x" allowed.
Clean up white space.
svn path=/trunk/; revision=3406
argument, have it just return; this allows dissectors that don't
explicitly check for a null protocol-tree argument to pass the
protocol-tree argument to "proto_tree_add_XXX()" routines - which means
they'll get a null pointer back if the protocol-tree argument is null
because we're not constructing a protocol tree - and then later use
"proto_item_set_len()" without having to check for a null
protocol-tree-item pointer.
svn path=/trunk/; revision=3402
was specified.
This should obviate the need to handle BASE_NONE specially in the
formatting routines, so revert to the previous version.
svn path=/trunk/; revision=3359
with useful error messages. Some dissector are registering
FT_INTn or FT_UINTn fields with BASE_NONE. Now when ethereal dies
because of it the offending field will be identified so that it
can be fixed.
svn path=/trunk/; revision=3340
you have to select a base (even before this change, you had to select
one, otherwise the filter-construction GUI would crash if you selected
an FT_INTn or FT_UINTn field with BASE_NONE and then selected a
comparison operator).
svn path=/trunk/; revision=3337
status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected.
While we're at it, use a similar test to eliminate the text pseudo-field
from the output of "{ethereal,tethereal} -G", as well.
svn path=/trunk/; revision=3335
and never was - there's only an Ethereal-wide "enable name resolution"
preference. Name it just "name_resolve".
Replace all tests of "g_resolving_actif" with tests of
"prefs.name_resolv", and replace all code that sets "g_resolving_actif"
with code that sets "prefs.name_resolv", so that the setting of
"prefs.name_resolv" actually affects whether names are resolved or not.
svn path=/trunk/; revision=3300
source name from "pi.compat_top_tvb", which should always be set to the
tvbuff that refers to the data that old-style dissectors are currently
working on.
Arrange that it be so set in those dissectors that create alternate data
sources and call other dissectors, and also arrange that "pi.len" and
"pi.captured_len" be set appropriately as well.
svn path=/trunk/; revision=3286
We us $(VERSION), defined in the top-level config.nmake, to replace
@VERSION@ in various files. $(RC_VERSION) and $(WTAP_VERSION) are
similarly used.
svn path=/trunk/; revision=3258
"find_last_pathname_separator()" on Win32; move the other pathname
manipulation routines from "util.c" into "epan/filesystem.c".
Remove from "util.h" the declarations of routines not defined in
"util.c", and put them into "epan/filesystem.h" if they're not already
there.
Adjust #includes to make the above work.
svn path=/trunk/; revision=3241
and "u_char" aren't declared in <sys/types.h> in Win32, you have to
include <winsock.h>, which is a pain.
Throw in some "const"s while we're at it.
svn path=/trunk/; revision=3240
"value_string.c", as they include "epan/to_str.h", and that uses "struct
timeval" in some function prototypes.
In "to_str.c", include <sys/types.h> before including <netinet/in.h>; on
at least some platforms, definitions in <netinet/in.h> require types
defined in <sys/types.h>.
In "to_str.c", include <sys/socket.h>, so that AF_INET6 is defined.
svn path=/trunk/; revision=3238
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
dissector_handle in a static variable in packet.c. Changed dissect_packet
to call dissector from using the call_dissector() function and the cached
dissector_handle for frame_dissector. Changed the order of function
calls in epan_init() to allow for this change ( it sucks to look up
a dissector when none are registered ).
svn path=/trunk/; revision=3234
to_str.{c,h}. Resolved strange situation where ipx_addr_to_str was
declared in packet.h but defined in packet-ipx.c by moving
ipx_addr_to_str, ipxnet_to_str_punct, and ipxnet_to_str from packet-ipx.{c,h} to to_str.{c,h}
svn path=/trunk/; revision=3219
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
In the CLNP dissector, set the source and destination network-layer and
"top-level" addresses; this will cause them to show up in the source and
destination columns of the summary display if you're showing the
network-layer or top-level address (although you'll probably have to
widen those columns significantly to see the entire address), and also
makes them available to subdissectors.
svn path=/trunk/; revision=3131
a byte in the hex dump,
1. Fix an off-by-one error when finding the field. This only showed up
if the selected byte had no field of its own and was only designated
as part of the parent protocol (like the 00-padding at the beginning of
TCP options).
2. Fix an off-by-one error when clicking on a character in the second
half of the "text dump" portion of the hex dump. I forgot about the
extra space between the first 8 characters and the second 8 characters.
svn path=/trunk/; revision=3117
routines need it.
When a user clicks on a hex digit or on the corresponding character
(the "text dump" portion) in the hex dump, find the field in the
proto_tree that the byte corresponds to, expand the GtkCTree so that
the field is viewable, select the field, and center it vertically.
LanAlyzer has this feature, and I've missed it in Ethereal.
svn path=/trunk/; revision=3096
require it. It makes more sense to either put cppmagic with lemon, or
in yet another common directory. I'll just put it with lemon.
svn path=/trunk/; revision=3083
name-server-over-IPX and mailslot-datagram-over-IPX packets, based on
stuff dredged out of a pile of documents on the Web.
svn path=/trunk/; revision=3079
take fully-prototyped function arguments with types appropriate to
"g_malloc()" and "g_free()", and change the calls to the functions
pointed to by those arguments not pass the extra __FILE__ and __LINE__
arguments.
svn path=/trunk/; revision=3039
in the output of "{ethereal,tethereal} -G", so that it appears only once
in the documentation.
Expand some comments to give more details.
svn path=/trunk/; revision=3024
the handle has been disabled, return after calling "dissect_data()",
rather than driving on and calling the dissector anyway.
svn path=/trunk/; revision=3001
strings are unsigned, so that we can hand them to "isXXX()" macros
without GCC warning us that an array subscript is "char" (as in "if this
is a character with the 8th bit set, you may not get the answer you
think you should from 'isXXX()'").
svn path=/trunk/; revision=2972
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
requires that the dfilter code be initialized before the plugins are
added; this required us to *re*-initialize the dfilter code after
reading in all the plugins, as the plugins may themselves have added new
filterable fields - that was a bit of a mess), and make the
"Tools->Plugins" dialog box show the new-style plugins.
svn path=/trunk/; revision=2950
plugins, as the MGCP dissector uses it.
Don't set pointers to "dfilter_init()" and "dfilter_cleanup()" in that
transfer vector, as there *aren't* any pointers to them in the transfer
vector.
svn path=/trunk/; revision=2949
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
*future* version, not of 1.4, which is the *current* version - i.e.,
it's newer than 1.4) complains, if "dfilter-grammar.c" and
"dfilter-scanner.c" are part of "EXTRA_libethereal_a_SOURCES", that
"dfilter-grammar.o" is built both from "dfilter-grammar.c" and
"dfilter-grammar.y", and that "dfilter-scanner.o" is built both from
"dfilter-scanner.c" and "dfilter-scanner.l", and refuses to build
"Makefile.in".
Moving them to "EXTRA_DIST" makes 1.4b happy.
Automake 1.4 allows them either to be in "EXTRA_libethereal_a_SOURCES"
or in "EXTRA_DIST"; the only difference between the generated
"Makefile.in" files is which of those two variables the files are in,
and the only difference that makes is that it keeps those two files out
of "SOURCES", which means that "make ID" doesn't include them in the
files it looks at, and "make TAGS" and "make tags" don't include them in
the files they look at. I'm not sure whether the tags file should be
built from "dfilter-grammar.y" and "dfilter-scanner.l", or from
"dfilter-grammar.c" and "dfilter-scanner.c"; the former means you see
the real source file, not the generated source file, if you look for a
symbol defined in one of those files, while the latter means you can
look for symbols in code generated by YACC/Bison or Flex.
In either case, the generated files go into the distribution tarball,
which is what we want.
For now, we go with what makes Automake 1.4b happy.
svn path=/trunk/; revision=2909
It was the last dissector that used "old_call_dissector()", and
tvbuffifying it got rid of that, so get rid of "old_call_dissector()".
svn path=/trunk/; revision=2892
"{old_}dissector_try_port()", so that its value doesn't get changed out
from under a dissector that calls "{old_}dissectory_try_port()".
svn path=/trunk/; revision=2890
dissector, save the current value of "pinfo->current_proto" and restore
it before returning; when you return, you're back in the dissector that
called the routine to call a dissector, so the current protocol is the
one for that dissector. This may be important if a dissector calls a
subdissector and, after it returns, processes stuff in the packet after
the stuff dissected by the subdissectror.
This means it's safe for "dissector_try_heuristic()" to set it before
calling a heuristic dissector, as it'll put back the previous value when
it returns.
svn path=/trunk/; revision=2886
dissector is enabled and, if not, return FALSE, just as if there hadn't
been any entry for that port number in the table. If it is enabled, set
"pinfo->current_proto" from its short name before calling the dissector.
In "dissector_try_heuristic()", check whether the protocols for
dissectors are enabled and, if not, skip those dissectors, just as if
they hadn't been in the table. (We don't set "pinfo->current_proto"
before calling a dissector, as we don't know whether the dissector in
question will be the one to dissect the packet. Arguably, we should
have, for heuristic dissectors, separate "recognize" and "dissect"
routines, where the former never throws an exception and returns TRUE or
FALSE, and the latter is called only if the "recognize" routine claimed
the frame, and is just a "dissector_t" that doesn't return a value.)
In "{old_}call_dissector()", check whether the protocol for the
dissector is enabled and, if not, call "{old_}dissect_data()". if it is
enabled, set "pinfo->current_proto" from its short name before calling
the dissector.
svn path=/trunk/; revision=2861
address and a pointer to a character buffer as arguments, and puts a
printable form of the IP address into the buffer. Make "ip_to_str()"
use it.
Make "host_name_lookup()" use "ip_to_str_buf()", not "ip_to_str()", so
that it doesn't trash any strings that a dissector has gotten with
"ip_to_str()" (for example, the ARP dissector gets strings for the
source and target protocol addresses, and then may attempt to register
names for the source and target hardware addresses with
"add_ether_byip()"; if "host_name_lookup()" fails to find a host name
for the IP address, it shouldn't use "ip_to_str()" to generate an IP
address string to associate with the IP address, as if that's done twice
it'll run out of "ip_to_str()" buffers - there're only 3 of them - and
trash one of the IP address strings the ARP dissector got).
svn path=/trunk/; revision=2850
"{old_}heur_dissector_add()", "{old_}conv_dissector_add()", and
"register_dissector()", so that an entry in those tables has associated
with it the protocol index of the protocol the dissector handles (or -1,
if there is no protocol index for it).
This is for future use in a number of places.
(Arguably, "proto_register_protocol()" should take a dissector pointer
as an argument, but
1) it'd have to handle both regular and heuristic dissectors;
2) making it take either a "dissector_t" or a union of that and
a "heur_dissector_t" introduces some painful header-file
interdependencies
so I'm punting on that for now. As with other Ethereal internal APIs,
these APIs are subject to change in the future, at least until Ethereal
1.0 comes out....)
svn path=/trunk/; revision=2849
particular protocols, and which keep track of all dissectors that could
be associated with conversations using those particular protocols - for
example, the RTP and RTCP dissectors could be assigned to UDP
conversations.
This is for future use with UI features allowing the dissector for a
given conversation to be set from the UI, to allow
1) conversations between two ports, both of which have
dissectors associated with them, that have been given to the
wrong dissector to be given to the right dissector;
2) conversations between two ports, neither of which have
dissectors associated with them, to be given to a dissector
(RTP and RTCP, for example, typically run on random ports,
and if you don't have, in a capture, traffic that would say
"OK, traffic between these two hosts and ports will be RTP
traffic", you may have to tell Ethereal explicitly what
protocol the conversation is).
svn path=/trunk/; revision=2848
"prefs_register_module()" except that it takes a protocol index as
returned by "proto_register_protocol()" as its first argument, rather
than taking two character strings as arguments as its first two
arguments, and uses the protocol's abbreviation as the name to use for
preferences in the preferences file and the "-o" flag and uses the
protocol's short name as the name to use in the tabs in the
"Edit->Preferences" window.
svn path=/trunk/; revision=2812
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.
Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.
Dissect a bit more of the type-of-service metrics etc. in OSPF packets.
Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.
Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()". Use it instead of just subtracting an offset
from "tvb_reported_length()".
svn path=/trunk/; revision=2787
NUL-terminated string, starting at a given offset. The size includes
the terminating NUL. If it doesn't find the terminating NUL, it throws
the appropriate exception, as either there's no terminating NUL in the
packet or there is but it's past the end of the captured data in the
packet.
Use that routine in the TFTP dissector. As it throws an exception if
the string isn't NUL-terminated, we can just use "%s" to print option
strings; we don't need to use "%.*s" with a string length.
svn path=/trunk/; revision=2783
replace the existing checksummer with a modified version of the BSD
checksumming code. Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.
(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet. Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)
Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP
dissector).
svn path=/trunk/; revision=2751
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).
Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.
Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.
Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.
svn path=/trunk/; revision=2744
exports it.
Make the pointer that points to the GMemChunk for per-frame data static
to "epan/packet.c", as it's not used outside "epan/packet.c".
svn path=/trunk/; revision=2741
of the search if the caller-supplied limit goes past the end of the
tvbuff - the limit should just be what remains in the tvbuff after the
specified starting offset.
In "tvb_find_line_end_unquoted()", after searching for the next
interesting character, check the value we got back from that search, in
"char_offset", not whatever happens to be in "cur_offset", to see if we
found a character.
svn path=/trunk/; revision=2719
involving "g_module_build_path()", rather than by checking the platform
- this should let us handle non-Windows platforms that don't use ".so"
(e.g., HP-UX).
Use G_DIR_SEPARATOR_S as the pathname separator character when
generating the pathname of the module.
svn path=/trunk/; revision=2712
in order to check whether to use ANSI C features such as "const".
GCC defines it as 1 even if extensions that render the implementation
non-conformant are enabled; Sun's C compiler (and, I think, other
AT&T-derived C compilers) define it as 0 if extensions that render
the implementation non-conformant are enabled; Microsoft Visual C++
6.0 doesn't define it at all if extensions that render the implementation
non-conformant are enabled.
We define it as 0 in "config.h.win32", so that those generated files will use
those features (and thus not get type warnings when compiled with
MSVC++).
svn path=/trunk/; revision=2698
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
dissector call it through a handle, and make it static.
Give "dissect_data()" an "offset" argument, so dissectors can use it to
dissect part of the packet without having to cook up a new tvbuff.
Go back to using "dissect_data()" to dissect the data in an IPP request.
svn path=/trunk/; revision=2651
declare it, and define a "BIT_SWAP" macro that uses it, in
"epan/bitswap.h".
Use that macro to bit-swap bytes in the IEEE 802.11 dissector, rather
than the macro that was used (said macro used GCCisms and didn't compile
on Windows).
Make an "init_plugin()" routine to enable a plugin and call its init
routine, and call it from "check_plugin_status()" and
"plugins_enable_cb()", rather than having very similar code in two
places; "patable" is now part of libethereal, and, at least on Windows,
attempts to refer to it from "libui" failed. Make "patable" static to
"epan/plugins.c". (This may still not work, as now "libui" is calling a
routine in "libethereal"; if that fails, perhaps it's time to get rid of
the "enable/disable plugins" stuff completely, as new-style plugins, at
least, register themselves as protocols and should be controllable from
the "Edit->Protocols" window just as built-in dissectors are.)
svn path=/trunk/; revision=2649
dissector can get a "handle" for that dissector by name and then call
that dissector through the handle.
This allows dissectors that can't be called through a port table or a
heuristic table to be called from other dissectors without directly
referring to the dissector function - dynamically-loaded modules, under
Windows, cannot directly call functions in the main program, and
non-plugin dissectors are in the main program and thus cannot be called
from plugin dissectors unless either
1) a pointer to the dissector is put in the Big Transfer Vector
or
2) some other mechanism for getting a pointer to the dissector
is provided.
This mechanism could also support registering old-style dissectors and
calling them from new-style dissectors without the new-style dissector
having to do the argument translation itself (I didn't add support for
registering old-style dissectors because I'd prefer to have people
tvbuffify their code if they have to register a dissector...).
It could also, in the future, perhaps support
disabling of protocols;
setting "pinfo->current_proto";
inside "call_dissector()" - and inside "{old_}dissector_try_port()" and
"{old_"dissector_try_heuristic()" - allowing a pile of stuff that
currently has to be done in every dissector be done by common code.
(I have some ideas about how to do this, by
having "proto_register_protocol()" take an abbreviation - of the
sort that would be put in, for example, "pinfo->current_proto" -
as an argument;
having the calls to register dissectors take an index returned
by "proto_register_protocol()" as an argument.
The abbreviation could be used elsewhere as well, e.g. in the "Decoding"
tab of the "Edit->Protocols" dialog box, and in a GUI for constructing
protocol filters. Watch this space.)
Make "dissect_sdp()" the first client of this mechanism; it's now static
to "packet-sdp.c", and all dissectors that call it - including the MGCP
plugin - now call it through a dissector handle fetched by
"find_dissector()". (Next step - see if Ethereal can now compile on
Windows as a result of this.)
svn path=/trunk/; revision=2647
tvbuff routines that a particular TVBUFF_REAL_DATA tvbuff is a "child"
of another tvbuff. This link is utilized during a tvb_free_chain(), so that
the child is freed when no longer necessary.
svn path=/trunk/; revision=2642
"proto_item_set_len()", "proto_item_set_text()", and the preference
routines expected to be used by dissectors to the table of function
pointers handed to dissectors on platforms where dynamically-loaded
modules can't access symbols from the main program.
svn path=/trunk/; revision=2638
of function pointers handed to dissectors on platforms where
dynamically-loaded modules can't access symbols from the main program.
svn path=/trunk/; revision=2635
string formatter, like "format_text()", and, as "tvbuff.c" now calls it
(*vide infra*), we don't want to have to make "tvbuff.c" drag "packet.h"
in just to declare "bytes_to_str()". It's now declared in "strutil.h",
so include it in modules that use "bytes_to_str()" and weren't already
including it.
Add a "tvb_bytes_to_str()" wrapper that calls "tvb_get_ptr()" to get a
pointer to a chunk of N bytes at a given offset in a tvbuff and then
hands that chunk to "bytes_to_str()". Convert the code that was doing
that to use "tvb_bytes_to_str()" instead (which caught what I suspect is
a bug in the Q.2931 dissector, where it was handing an offset of 0 to
"tvb_get_ptr()" - a cut-and-pasteo, I think).
Tvbuffify the ARP dissector.
svn path=/trunk/; revision=2634
"plugins/Makefile.nmake" to build that plugin.
Add to the table of routines callable from plugins
"old_dissector_add()", "old_dissect_data()", and
"proto_is_protocol_enabled()", so that the Gryphon dissector can build
on Windows.
Move the includes of "plugins/plugin_api.h" and "moduleinfo.h" before
all the other includes, except for "config.h", in "plugin-mgcp.c", to
match what the Gryphon dissector does; "plugins_api.h" must be included
before any of the routines whose names it #defines in order for the
plugin to build on Windows. (It still doesn't build on Windows, as
still more routines need to be added to the table of routines callable
from plugins, but tomorrow is another day. Making libethereal a DLL may
obviate the need for that table, *if* all the routines called from a
plugin are in libethereal, as I think routines in a DLL, even a
run-time-loaded DLL, can call routines from another DLL as long as those
routines are exported from the other DLL.)
svn path=/trunk/; revision=2623
by itself as a line ending, as well as treating CR LF and LF as line
endings.
Tweak the Telnet dissector to treat LF and CR NUL as line endings, but
not to treat CR by itself as a line ending (that's not exactly what the
NVT specification in the Telnet RFC specifies, but the resulting output
may be a bit more readable that way).
svn path=/trunk/; revision=2613
"epan/pint.h" - they caused GCC to whine about them being redefined when
I compiled on FreeBSD 3.4.
Get rid of the stuff in "packet-ipv6.h" that defines various bit vectors
differently depending on the byte order of the machine; instead, define
them so that they work with items in host byte order. This lets us use
a number of them rather than using hardwired hex values.
Put "frag.ip6f_offlg" in host byte order before using it; this means
that IP6F_MORE_FRAG can still be used even though it now works only on
items in host byte order.
svn path=/trunk/; revision=2610
Add "tvb_find_line_end_unquoted()" for the benefit of the SDP dissector;
get rid of "find_line_end_unquoted()" as nobody uses it any more.
Add "tvb_pbrk_guint8()" for the benefit of
"tvb_find_line_end_unquoted()"; it searches for any of a number of
characters, unlike "tvb_find_guint8()" which searches for only one.
svn path=/trunk/; revision=2595
Add "tvb_find_line_end()", to find a CR and/or LF-terminated line in a
tvbuff and return its length and the offset of the character after the
line end, for the use of those dissectors.
Add "tvb_strncaseeql()", which is like "tvb_strneql()" except that it
does a case-insensitive comparison.
svn path=/trunk/; revision=2590
variables and a "dissector" routine, a "plugin_reg_handoff()" routine,
which will act just like the "reg_handoff()" routine of a non-plugin
dissector, registering the dissector with handoff tables.
This lets them plug into both TCP and UDP, or plug into protocols other
than TCP or UDP.
Those new-style plugin are enabled and disabled using the standard
"Edit->Protocols" mechanism (and thus should use
"OLD_CHECK_DISPLAY_AS_DATA()" or "CHECK_DISPLAY_AS_DATA()"); they don't
show up in the list of plugins, aren't enabled or disabled from that
list, and, as they don't have a filter, can't have the filter changed
from that list - instead, they should register preferences for port
numbers and the like if they should be configurable to use different
ports.
Make the Gryphon protocol a new-style plugin.
svn path=/trunk/; revision=2565
source *and* destination port and/or both the source *and* destination
address passed to "find_conversation()", because the packet for which
you're trying to find the conversation may be going in the opposite
direction to the packet for which the conversation was originally
created.
Create different hash tables for wildcarded conversations, to reduce the
number of "is this a wildcard?" tests done when doing hash lookups.
This is sufficient to allow the TFTP dissector to use conversations
rather than being special-cased in the UDP dissector, and may also be
sufficient to handle a similar problem with SMTP (request goes from
client IP X port Y to server IP Z's well-known port, reply comes back
from some other port on server Z to client IP X port Y), but further use
may reveal other changes that should be made.
svn path=/trunk/; revision=2525
"globals.h" file to "epan/resolv.h", as it's exported by
"epan/resolv.c", have files that use "g_resolving_actif" include
"resolv.h", and don't have "epan/resolv.c" include "globals.h" so that
it doesn't drag in, for example, headers that, in turn, drag in GTK+
headers.
svn path=/trunk/; revision=2517
"config.h", and update it to include stuff added to "config.h" and
remove stuff removed from "config.h".
Give libethereal a "config.h.win32" and make its "Makefile.nmake" file
copy it to "config.h".
svn path=/trunk/; revision=2504
the string rather than the offset of the end of the string, plus a patch
to "tvb_get_nstringz()" to treat the return value of "tvb_strnlen()" as
a length rather than an end offset.
svn path=/trunk/; revision=2502
file, rather than the top-level Ethereal configuration file, check for
"inet_aton()", "inet_pton()", and "inet_ntop()". Then make its
Makefile.am include the appropriate object files if necessary.
Otherwise, they don't get built and put into libethereal, and therefore
attempts to link with anything in libethereal that uses them fail on
platforms that lack ethem, causing the build to fail.
That means a bunch of things need to be fixed to cope with libethereal
having its own "config.h" file; this means removing the include of
"config.h" from some libethereal header files. Move the definitions of
the path names used only by "resolv.c" to "resolv.c" from "resolv.h" (so
"resolv.h" doesn't need "config.h", define HAVE_PLUGINS in the configure
script (so we don't have to include it in "plugins.h" to check whether
HAVE_DLFCN_H is defined).
Unfortunately, stuff outside libethereal needs to know PLUGIN_DIR; for
now, define that in the top-level configuration file, and have Ethereal
and Tethereal pass it as an argument to "epan_init()" - that should be
cleaned up at some point.
Remove from the top-level configure script checks for things used only
in libethereal.
svn path=/trunk/; revision=2498
starting with "epan_", change the name of the library from libepan.a to
libethereal.a, and from libepan.lib to ethereal.lib.
svn path=/trunk/; revision=2492
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478