Multipath TCP Option
Extensions for Multipath Operation with Multiple Addresses, as defined in http://tools.ietf.org/html/draft-ietf-mptcp-multiaddressed-04. I implemented this as a TCP option.
From me :
Remove a subtree
Add Subtype in top of multiPath subtree
svn path=/trunk/; revision=40370
officially listed as "Unassigned", and people might use it for their own
purposes (and, in fact, one bug-submitter was doing so; they probably
should have used 253 or 254, but...). Get rid of the code to dissect
it.
svn path=/trunk/; revision=40075
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
The attachted patch fixes and enhances the SCPS TCP option dissection. Changes
are:
- fix order of reserved Bit 1,2,3
- fix minimum TCP option length
- fix proto items
- add proto item for Connection ID
- removed the verify_scps() function. It's logic was broken, because it did
reset the scps_capable flag on both flows if one of them did not have it.
However sometimes that flag is only enabled in one flow direction and that flow
direction could see TCP options later on, which would get dissected as invalid.
See the attachted capture file for an example.
svn path=/trunk/; revision=38326
Fix :
packet-tcp.c:3337: error: ‘dissect_tcpopt_maxseg’ undeclared here (not in a function)
packet-tcp.c:2264: error: ‘dissec_tcpopt_exp’ defined but not used
svn path=/trunk/; revision=38176
Introduced a new tcp state variable: maxseqtobeacked, this is the
maximum seq number that can be acked by the rev party in normal case.
This new state variable only serves the proper detection of
tcp.analysis.ack_lost_segment indicator, and decouples it from the detection of
tcp.analysis.lost_segment indicator.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6081
svn path=/trunk/; revision=37922
the nonce bit, we should display 3 nibbles on the Flags summary line in order
to represent all flag bits. While arguably we need not worry about reserved
bits, the nonce bit is not currently represented, so that bit alone pushes us
into the next nibble.
svn path=/trunk/; revision=37856
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
In the explanation of TCP Option 78 (Riverbed Transparency), the labels
are "CSH IP Addr/Port" and "SSH IP Addr/Port". This should be "Src SH IP
Addr/Port" and "Dst SH IP Addr/Port".
The filter keys for these labels are correct.
svn path=/trunk/; revision=36667
Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors.
(The SSL dissector was already updated in one of two spots with bug 4535/rev
32456.)
A couple of the patches had to be manually applied.
From me: Fix the comments to match the change (including in the TCP and SSL
dissectors.)
svn path=/trunk/; revision=36332
If we thought we finished reassembly (and called the subdissector) only to find
out that the subdissector asked for more data, handle the case where the
subdissector asked for DESEGMENT_UNTIL_FIN. Previously we only handled the
possibility that the subdissector would ask for a specific number of bytes or
DESEGMENT_ONE_MORE_SEGMENT.
svn path=/trunk/; revision=36330
a retransmission), don't add it to the list (tree) of multi-segment pdus.
Otherwise, if we'd already seen the rest of the pdu and the other segments
were not retransmitted, the retransmission would break dissection of the pdu
because lookups for the segment would find the retransmission (to which the
other segments were not attached).
Since we know this segment is a retransmission, don't bother handing it off
to the subdissector either.
Use PINFO_FD_VISITED().
Add some white space in the desegmentation routine to improve readability.
Apply the same changes to the SSL dissector.
svn path=/trunk/; revision=36304
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224