be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Fixed GTKHash table being overwritten when number of NCP packets exceeds 255. Sequence numbers wrap so this was causing the request value table to be overwritten and subsequent malformed NCP packets.
Fixed buid_expert_data for file open reporting to correctly convert to Hex value so proper lookup in val table will succeed.
Added additional OES Linux values to build_expert_data for server entries.
svn path=/trunk/; revision=45177
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
lets us pass a NULL pinfo to expert_add_info_format() and
expert_add_undecoded_item(), which makes it possible to use those
routines deep in the bowels of many dissectors. As a proof of concept
remove the recent pinfo additions to packet-afp.c. This should also make
it easier to fix bug 3884.
svn path=/trunk/; revision=44435
NULL-return check.
Use val_to_str_const instead of val_to_str() in a couple places where the string
is constant.
Use val_to_str() instead of blindly passing the return value from match_strval()
into a format routine (to ensure a non-NULL string pointer).
svn path=/trunk/; revision=37202
argument indicating whether to include the time zone in the string. If
we're constructing a display filter, don't include the time zone,
otherwise do. Fixes bug 4756.
svn path=/trunk/; revision=32913
date as YYYY/DDD, where DDD is a 1-origin day of year. Move the formats
to a "time_fmt.h" file, included by the headers that use it. Have
abs_time_to_str() and abs_time_secs_to_str() take the date format value,
rather than a Boolean "show this as UTC" flag, as an argument. Document
the ABSOLUTE_TIME_ formats a bit better. Use that format in the CCSDS
and VCDU dissectors, rather than having those dissectors do the
formatting themselves.
svn path=/trunk/; revision=32034
indicating whether the time should be shown as local time or UTC. For
now, always pass FALSE, meaning "show as local time".
Clean up some stuff in the SNMP dissector, use abs_time_secs_to_str()
for times with one-second resolution, and update a comment in various
macros in the WSP dissector, while we're at it.
svn path=/trunk/; revision=31227
This fixes a major memory leak in the NCP dissector
caused by the fact that "in recent versions of GLib" (>= 2.10 ?)
g_mem_chunk_destroy doesn't actually free up the mem_chunk memory.
Note that there still appears to be one or more smaller
memory leaks somehow associated with NCP dissection.
Example:
A 40M capture file with mostly NCP frames which resulted in a memory
usage increase of about 20M each time the file was reloaded now results
in a 400K-800K memory usage increase each time the file is reloaded.
(If NCP dissection is disabled, there is minimal memory expansion
each time the file is reloaded).
svn path=/trunk/; revision=30481
static; make them auto variables.
Make sure that expert information is added outside "if (tree) { }", so
it gets added even if we're not building the protocol tree.
Clean up white space.
svn path=/trunk/; revision=28281
Make build_expert_data() take the size of "buffer" as an argument, and
use that when doing g_snprintf() into the buffer, to ensure we don't
overflow the buffer. Also, don't just assign to "buffer", as that
doesn't put anything *in* the buffer.
svn path=/trunk/; revision=25600
"Invalid Path With Junction Present"
Fix get extended volume info to register correct name with NDS EID value. (added data type of 20 to extract string value)
Fix expert data for file handles to report file handle in expert data. (Added data type of 22 to extract bytes value)
svn path=/trunk/; revision=24505