print register numbers as unsigned (they're guint32);
when printing a PUT_FVALUE instruction, show the value as well
as the type of the value.
That requires that a bunch of types get to_repr methods; add them for
PCRE (FTREPR_DFILTER-only - show the regular expression as text),
tvbuffs (FTREPR_DFILTER_only - show the data as a hex string), integral
types, string types other than FT_STRING, and FT_IPv6.
That means we can use fvalue_to_string_repr() for FT_IPXNET and FT_IPv6
in proto_construct_dfilter_string(), and that we don't need to handle
integer and floating types specially in MATE.
Fix some problems with the PCRE execution code for tvbuff types.
svn path=/trunk/; revision=16369
FT_UINT_BYTES and FT_UINT_STRING correctly when the tree argument is
null (which involves carving proto_tree_add_item() into bits and having
both ptvcursor_add() and proto_tree_add_item() call those bits).
svn path=/trunk/; revision=16287
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
will only process FT_PROTOCOL fields. As a result, proto_item_append_string()
calls may throw a dissector exception, as only a FT_STRING or FT_STRINGZ can be
appended to with this call.
In order to prevent these dissector assertions, silently return from the append
call if the field is a FT_PROTOCOL.
Note that when the tree is visible, the updates of the fields occur normally,
as expected.
svn path=/trunk/; revision=16035
and that extract IPv6 addresses into a "struct e_in6_addr", with
tvb_get_ipv4() and tvb_get_ipv6() calls - except for some that we
remove, by using proto_tree_add_item(), rather than replacing.
Have epan/tvbuff.h include epan/ipv6-utils.h, to define "struct
e_in6_addr" (not necessary to declare the tvbuff routines, but including
it there means "struct e_in6_addr" is guaranteed to be defined before
those declarations, so we don't get compiler complaints if we define it
*after* those declarations).
svn path=/trunk/; revision=15758
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
IPv6 addresses. Use "tvb_get_ipv4()" in the WINS Replication dissector,
so that it gets the right answer on little-endian *AND* big-endian
machines.
svn path=/trunk/; revision=15753
at the same time, make proto_construct_dfilter_string() return an emem allocated string.
This fixes a tiny memleak in print.c that never freed the string returned by this function.
svn path=/trunk/; revision=15651
proto_tree_add_ipv6(). Add tree items for the extended router source
and dest mask, and fix offsets. These changes appear to be correct,
but I don't have a valid capture with extended router data.
In proto.c, throw a dissector error if we try to pass a NULL value to
various proto_tree_set_*() routines.
Fixes bug 356.
svn path=/trunk/; revision=15375
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
printing the blurb twice, like fields2 does.
Add a script, fsanity.py, to check sanity of FT definitions. Right now the
only check is for bitmasks for integer-like fields.
svn path=/trunk/; revision=14454
Add a comment to proto_item_append_string() explaining the "danger" and what needs to be done if one decides to use proto_item_append_string()
Add a small change to WSP so that it will disable this speed optimization so not to trigger a DISSECTOR_BUG in proto_item_append_string()
svn path=/trunk/; revision=14452
values that may not be valid (e.g. dissect_ber_octet_string()
in packet-ber.c). If the length is invalid, get_uint_value() or
get_int_value() will abort. Change them to throw an exception instead.
This keeps us from having to do a lot of extra work in the dissector.
Fixes bug 182.
svn path=/trunk/; revision=14437
Not all proto_item* fields have a subtree associated to it.
If it doesnt have a subtree fi will be NULL,
test fi for NULL before trying to dereference it to avoid a coredump.
svn path=/trunk/; revision=14134
It should not dump core as far as all my tests are concerned and Menu_Statistics/ProtocolHierStats work
It needs more testing and there might still be cases where it will crash that will need to be fixed but I feel it will be worth it since it will decrease the time to filter very large capture files dramatically.
Real significant performance boost for very large captures.
(If we cant fix all the problems we can just revert this patch)
svn path=/trunk/; revision=14051
optimization for COLUMNS to make ethereal faster when filtering
optimization to make the slow find_protocol_by_id() fast.
(idea from Didier, implementation modified by me to be less intrusive)
svn path=/trunk/; revision=14026
"PROTOABBREV A name for the protocol for use in filter expressions;
it should contain only lower-case letters, digits, and
hyphens."
In proto_register_protocol(), generate a warning if PROTOABBREV contains
invalid characters. Along with the list above, allow underscores and
periods. Fix up whitespace.
Lower-case PROTOABBREV in several dissectors.
svn path=/trunk/; revision=13967
length values (other than -1) as very large positive values, and for
values larger than the amount of data remaining in the tvbuff, clip the
value to the length of the tvbuff, so that dissectors don't have to
worry about doing that clipping themselves.
svn path=/trunk/; revision=13913
"alloc_field_info()", so the error report can include the field with the
problem. (The file and line number isn't interesting - the bug isn't in
"alloc_field_info()", it's in the dissector that called the routine
calling "alloc_field_info()" - but the field name/abbrevition is
interesting, as it'd help developers identify the place in the dissector
where we're passing in a bogus length.)
svn path=/trunk/; revision=13081
Add a DISSECTOR_ASSERT() macro, which is the usual type of assertion
macro, but throws a DissectorError exception with a message giving the
flien and line number and the failed test as a string. Use that macro
in "alloc_field_info()".
Report that exception in the Info column and the protocol tree, as well
as logging the exception failure with g_warning().
svn path=/trunk/; revision=13078
In the past: to prevent duplicate protocol names (and alike), each time a new protocol was registered, the list of protocols were iterated and the name compared with each existing name using strcasecmp, which is slow as we have >500 protocols right now.
Now: the protocol name to check against duplicates is first converted into a hashvalue and then only this value is checked and stored in a hashtable. This way the string to check for, has to be converted/compared only a single time!
svn path=/trunk/; revision=13007
Clean up indentation.
If we dissect an octet string and then re-dissect it as a particular
type of data, don't use the end offset from the re-dissection as the
offset of the end of the octet string - just use the result of
"dissect_per_octet_string()".
svn path=/trunk/; revision=12406
records by tw fields: base (for integers), and blurb
Add a "-G values" option which shows value strings and true_false strings for
the fields that have them.
svn path=/trunk/; revision=11954
GUINT32_SWAP_LE_BE(), not GUINT32_TO_BE() - the latter converts a
host-byte-order value to big-endian, but the host might be big-endian.
svn path=/trunk/; revision=11945
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
"SLAB_ITEM_TYPE_DEFINE()" macro to define a union of the type of object
for the slab and a pointer to an object of that union type, and use that
type for items on the slab allocator free lists; that *should* avoid
having the compiler think two pointers to an item being added to or
removed from the free list don't point to the same object just because
they have different types.
svn path=/trunk/; revision=11306
object being allocated, rather than the name of the free list, as an
argument (with the name of the free list constructed from the name of
the type), and add macros to define and declare the free list, also
taking the type of the object being allocated.
svn path=/trunk/; revision=11305
support them.
From Ronnie Sahlberg: Kerberos updates with new constants from the
current draft, decryption and dissection of Kerberos blobs, and changes
to work with the changed BER dissector.
svn path=/trunk/; revision=10479
0 - now that "tvb_ensure_length_remaining()" ensures that there's at
least one byte of data, we should use "tvb_length_remaining()" for
FT_PROTOCOL fields.
svn path=/trunk/; revision=9440
to tethereal. It could be added to Ethereal, but the GUI changes to
allow the user to select PDML as a print format have not been added.
Provide a python module (EtherealXML.py) to help parse PDML.
Provide a sample app (msnchat) which uses tethereal and EtherealXML.py
to reconstruct MSN Chat sessions from packet capture files. It produces
a nice HTML report of the chat sessions.
Document tethereal's PDML and EtherealXML.py usage in doc/README.xml-output
Update tethereal's manpage to reflect the new [-T pdml|ps|text] option
svn path=/trunk/; revision=9180
pointers to the first *and* last child, in the "proto_node" structure
itself. That saves us one level of indirection and memory allocation,
and lets us append to a tree by appending to the last child directly,
rather than having to scan through the list of siblings of the first
child to find the end of that list.
svn path=/trunk/; revision=9171
replace tvb_raw_offset() which is essentially a simple assignment and which
is called a lot with a macro.
this makes my tethereal testcase 2-3% faster.
svn path=/trunk/; revision=9152
when adding them to the free list, cast the pointer to the structure to
a pointer to a "freed_item_t" which contains the "next" pointer.
This reduces the memory requirement for some of those structures, and
leaves us free to slab-allocate structures that have a "next" pointer
for other reasons.
svn path=/trunk/; revision=9150
structure, rather than separately allocating "fvalue_t"s and having the
"field_info" structure point to them - this appears to speed up protocol
tree construction a bit.
svn path=/trunk/; revision=9146
so that we can change tvb_get_ds_tvb() into a macro.
This function was a single line assignment and was called a lot.
This made tethereal ~2.5% faster in one testcase I use.
svn path=/trunk/; revision=9141
create generic macros for allocating/freeing structures.
remove one more slow GMemChunk and replace it with a simple linked list
~4% speed improvement in my tests.
the allocated data is never freed. this may be a problem if ethereal is
ever supported on a platform lacking resource tracking but makes the
implementation faster and simpler.
svn path=/trunk/; revision=9095
This function is also very small, so small that teh overhead for the actual function call and return is likely to be a significant part
of its execution time.
change it into a macro and make it thus slightly faster by eliminating the function call overhead.
svn path=/trunk/; revision=9083
Removed the GMemChunk used to allocate/free field_info structures
and used a free list to store the freed structs until they are allocated again.
Ethereal will allocate more field_info structs as it needs to but never free them. Instead the are just placed in a cheap and fast free list so that if we
want to use the struct again, this will be fast.
This affects the speed of the two functions
alloc_field_info() that should be slightly faster now
free_field_info() that was replaced with a 2 line macro.
All in all my testing suggests that ethereal is 2-3% faster with this patch.
svn path=/trunk/; revision=9073
In the GPROF logs proto_registrar_get_nth() used to take anything between 2.5 and 5.5% of the time.
Replace the GLIB array with a handroleld one for one of the private structures.
the function should now be virtually zero cost
and thus ethereal should be 2.5-5.5% faster on those traces.
anyone that wants to, please rerun GPROF with this fix and see what has changed.
svn path=/trunk/; revision=9058
memory if it throws an exception, as it checks whether the entire string
is in the tvbuff *before* allocating a buffer for it, and that also
means that if the length is absurdly large, an exception will be thrown,
rather than the memory allocation failing.
svn path=/trunk/; revision=9043
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
any previously-allocated version first, so that they don't leak memory.
From Olivier Biot: add a "proto_item_append_string()" routine, to append
to the string value a protocol tree item has.
svn path=/trunk/; revision=8821
that probably means you've registered two fields with the same field ID
variable, which is an error.
Fix the bugs doing so found.
svn path=/trunk/; revision=8629
support for registering fields after all the protocol
registration routines are called (i.e., adding fields to the
named field tree as they're registered);
fix the GTK 2.x version of the field list dialog to show the
correct name.
svn path=/trunk/; revision=8248
use them when generating display filters to match field values. Use
"%{FLT_DIG}g" rather than "%{FLT_DIG}f" for FT_FLOAT.
svn path=/trunk/; revision=8109
have plugin support. (Don't do so if we *do* have it, because if
"proto_init()" ever changes so that it doesn't use the argument even if
we have plugin support, we want a warning so we know that we should get
rid of that argument.)
svn path=/trunk/; revision=7972
tvb_get_string() - takes a tvbuff, an offset, and a length as
arguments, allocates a buffer big enough to hold a string with
the specified number of bytes plus an added null terminator
(i.e., length+1), copies the specified number of bytes from the
tvbuff, at the specified offset, to that buffer and puts in a
null terminator, and returns a pointer to that buffer (or throws
an exception before allocating the buffer if that many bytes
aren't available in the tvbuff);
tvb_get_stringz() - takes a tvbuff, an offset, and a pointer to
a "gint" as arguments, gets the size of the null-terminated
string starting at the specified offset in the tvbuff (throwing
an exception if the null terminator isn't found), allocates a
buffer big enough to hold that string, copies the string to that
buffer, and returns a pointer to that buffer and stores the
length of the string (including the terminating null) in the
variable pointed to by the "gint" pointer.
Replace many pieces of code allocating a buffer and copying a string
with calls to "tvb_get_string()" (for one thing, "tvb_get_string()"
doesn't require you to remember that the argument to
"tvb_get_nstringz0()" is the size of the buffer into which you're
copying the string, which might be the length of the string to be copied
*plus 1*).
Don't use fixed-length buffers for null-terminated strings (even if the
code that generates those packets has a #define to limit the length of
the string). Use "tvb_get_stringz()", instead.
In some cases where a value is fetched but is only used to pass an
argument to a "proto_tree_add_XXX" routine, use "proto_tree_add_item()"
instead.
svn path=/trunk/; revision=7859
value, just copy the specified number of bytes and stick a '\0' at the
end, don't use "tvb_get_nstringz0()" - yes, you end up copying more
bytes, but you don't have to bother looking for a '\0' that might not
even be present (if the string is null-padded rather than
null-terminated).
Also, set the length of the item to the specified length, rather than to
the length up to the terminating '\0' - if the string is null-padded,
the field should include all the padding bytes.
svn path=/trunk/; revision=7785
length (rather than being given -1), the length is, in most cases, the
maximum length of a null-*padded* string, rather than the actual length
of a null-*terminated* string. Treat it as such - allocate a buffer one
larger than the length (to leave room for a terminating '\0'), and pass
the size of that buffer to "tvb_get_nstringz0()". (Otherwise, in those
cases, the last character of the string is chopped off.)
Allow "proto_tree_add_string()" to add FT_STRINGZ items to the protocol
tree, as well as FT_STRING items.
In "alloc_field_info()", if we're passed a length of -1 and the field is
an FT_STRINGZ, don't make the length be the length remaining in the
tvbuff; that way, you *can* use a length of -1 in
"proto_tree_add_item()" for an FT_STRINGZ item, and have it get the
actual length by looking for the terminating '\0'.
(We might want to distinguish between null-terminated and null-padded
strings, e.g. with an FT_STRINGZPAD type. Null-terminated strings
rarely, if ever, have a specified length; the length is found by
scanning for the terminating '\0'. Null-padded strings presumably
always have a specified length, which is the length to which the string
is padded.)
svn path=/trunk/; revision=7784
Things can happen if we pass a zero buffer length to tvb_get_nstringz0().
Throw an exception if this happens.
In various dissectors make sure the tvb_get_nstringz0()'s buffer length
is greater than zero.
svn path=/trunk/; revision=7688
"proto_construct_dfilter_string()", to more accurately reflect what it
does.
Give it, and "proto_can_match_selected()", an "epan_dissect_t *"
argument, which replaces the raw data pointer argument to
"proto_construct_dfilter_string()".
For fields that don't have a type we can directly filter on, we don't
support filtering on the field as raw data if:
the "epan_dissect_t *" argument is null;
the data source tvbuff for the field isn't the tvbuff for the
"epan_dissect_t" in question (i.e., it's in the result of a
reassembly, and "frame[N:M]" can't get at it).
Trim the length the raw data in the case of such a field to the length
of the tvbuff for the "epan_dissect_t" in question, so we don't go past
it. Fetch the raw data bytes to match from that tvbuff.
Have "proto_construct_dfilter_string()" return a null pointer if it
can't construct the filter string, and have "protocolinfo_packet()" in
the tap-protocolinfo tap ignore a field if
"proto_construct_dfilter_string()" can't construct a filter string for
it - and have it pass NULL as the "epan_dissect_t *", for now. If
somebody decides it makes sense to dump out a "frame[N:M] =" value for
non-registered fields, it can be changed to pass "edt".
svn path=/trunk/; revision=7635
given a tvbuff/offset pair referring to the byte past the end of the
item. Use it in one place in the SMB dissector (there are plenty of
other places where it could be used as well).
svn path=/trunk/; revision=7603
of their value. Provide such a method for FT_BYTES, FT_UINT_BYTES,
and FT_ETHER. Have proto_alloc_dfilter_string() use the new methods.
This is part of a movement of ftype-related code out of proto.c and
into the ftype code. The immediate effect is that generated display
filters for long byte sequences don't incorrectly have trailing periods
("...") to indicate continuation.
svn path=/trunk/; revision=7100
to be using it for stuff that should be hex, and for stuff that should
be Boolean. Use BASE_DEC if it should be decimal, BASE_HEX if it should
be hex, and make it Boolean if it should be Boolean.
svn path=/trunk/; revision=7053
"epan/proto.c" to properly handle string truncation (by checking both
for -1 and a value larger than the buffer size as an indication of
truncation, as some older versions of those routines return -1, and, if
the string was truncated, putting in a trailing '\0', as "snprintf()" on
some platforms might not put the trailing '\0' in).
svn path=/trunk/; revision=6830
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
svn path=/trunk/; revision=6802
pointer, and put "const" into the casts in "VALS()" and "TFS()" macros,
so we don't un-constify pointers to "value_string" arrays and
"true_false_string" structures.
Make some things "const" to keep the compiler happy with the previous
change.
svn path=/trunk/; revision=6684
the same long name, short name, or filter name, and abort if there are.
Fix the duplicate names that found (and another name error found while
fixing one of those errors).
svn path=/trunk/; revision=6425
floating-point numbers, and display all the significant digits for both
single-precision and double-precision floating-point numbers in the
protocol tree, not just what "%g" does (6 digits).
Put in comments explaining how the length of filter strings is computed,
and fix some of the computations.
svn path=/trunk/; revision=6081
equivalents for the epan/ directory but leave winsock2.h in inet_pton.c
and inet_ntop.c for now (can't estimate the consequences).
svn path=/trunk/; revision=5928
the argument is "fields", dump out a table of the fields, as we
currently do; if the argument is "protocols", dump out a table of the
protocols.
svn path=/trunk/; revision=5462
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
move the code from "dfilter_lookup_token()" into
"proto_registrar_get_byname()", and get rid of "dfilter_lookup_token()"
and have its callers call "proto_registrar_get_byname()" instead.
svn path=/trunk/; revision=5287
Fix the display filter expression generated for protocol tree items
without named fields attached to them; the length defaults to 1 if not
specified in a range expression, so the length should be specified.
svn path=/trunk/; revision=5208
ETT_NONE entry.
Initialize the "tree_type" field of a "field_info" structure to -1,
meaning "this has not been given a subtree". Add checks before using
that field that it's in range. That way, you have to create a subtree
before putting protocol tree items under another item.
We allocate the "tree_is_expanded" array when we've registered all
dissectors; there's no need to allocate it while we're registering
dissectors and, in fact, doing so means we leak memory (the memory for
the version we allocated while registering dissectors).
svn path=/trunk/; revision=5068
representation string - set the representation string to the default
representation. This lets you append to an item that's been added with
"proto_tree_add_XXX" calls that don't explicitly format the
representation string.
svn path=/trunk/; revision=4973
end of the tvbuff is reached before the maximum_length passed by the
caller is reached and before a terminating NUL is found. In this case,
tvb_get_nstringz() returns a -1, but if the string is not artificially
terminated with a NUL by tvb_get_nstringz(), the
caller has no idea where the string should end because 1) the
return value "-1" gives the impression that the string ends
at the end of the buffer but 2) the string does
not end at the end of the buffer, but somewhere in the middle, due
to the packet being shorter than expected.
tvb_get_nstringz() and tvb_get_nstringz0() were both modified.
The FT_STRINGZ case in proto_tree_add_item() is made simpler.
During regression testing, when investigating a regression that I later
corrected, I discovered that strings added through proto_tree_add_item
(FT_STRING, FT_STRINGZ, and FT_UINT_STRING) leaked memory due to double
allocation of the string. The proto_tree_add_string*() functions do
not leak memory, since they only copy the string once. The memory
leak was fixed by adding another argument to the static function
proto_tree_set_string() to let the string ftype code know to g_strdup()
the string or not.
svn path=/trunk/; revision=4891
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
argument, so if the length was supplied as -1, it can set it to the
length of data remaining in the tvbuff, so that its callers can use that
length when getting the value for the field, rather than leaving the
length in the "field_info" structure as -1.
svn path=/trunk/; revision=4752
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
tvb_length_remaining() except that it throws BoundsError if 'offset'
is out-of-bounds.
Allow a length argument of -1 for FT_STRING and FT_BYTES fields
in proto_tree_add_item().
Change some dissectors to either use -1 for the length argument in
calls to proto_tree_add_item(), or call tvb_ensure_length_remaining()
instead of tvb_length_remaining(), or to check the return-value
of tvb_length_remaining(). Changes to more dissectors are necessary,
but will follow later.
svn path=/trunk/; revision=4656
items to the protocol tree; it's interpreted as "the rest of the data in
the tvbuff". This can be used if
1) the item covers the entire packet or the remaining payload in
the packet
or
2) the item's length won't be known until it's dissected, and
will be then set with "proto_item_set_len()" - if an
exception is thrown in the dissection, it means the item ran
*past* the end of the tvbuff, so saying it runs to the end of
the tvbuff is reasonable.
Convert a number of "proto_tree_add_XXX()" calls using
"tvb_length_remaining()", values derived from the result of
"tvb_length()", or 0 (in the case of items whose length is unknown) to
use -1 instead (using 0 means that if an exception is thrown, selecting
the item highlights nothing; using -1 means it highlights all the data
for that item that's available).
In some places where "tvb_length()" or "tvb_length_remaining()" was used
to determine how large a packet is, use "tvb_reported_length()" or
"tvb_reported_length_remaining()", instead - the first two calls
indicate how much captured data was in the packet, the latter two calls
indicate how large the packet actually was (and the fact that using the
latter could cause BoundsError exceptions to be thrown is a feature - if
such an exception is thrown, the frame really *was* short, and it should
be tagged as such).
Replace some "proto_tree_add_XXX()" calls with equivalent
"proto_tree_add_item()" calls.
Fix some indentation.
svn path=/trunk/; revision=4578
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
the parent under which the field was registered.
This is the *unoptimized* version, to give developers something
to use while the optimized version is being created.
svn path=/trunk/; revision=4351
take a dissector handle as an argument, rather than a pointer to a
dissector function and a protocol ID. Associate dissector handles with
dissector table entries.
svn path=/trunk/; revision=4308
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
structure, the check for a null tvbuff pointer in "alloc_field_info()",
and the "tvb_create_from_top()" macro; they're no longer needed, as
there's no non-tvbuffified dissector code remaining.
svn path=/trunk/; revision=4205
Fix up Info column to put "Request" or "Response" *after* the name of
the request.
Give the Negotiate Protocol request its full name.
svn path=/trunk/; revision=4139
FT_INT64 type, and make the Diameter dissector use it.
Handle the 64-bit integer types in the display filter semantics checks.
svn path=/trunk/; revision=4125
without requiring compiler support for them, and updates to the
Diameter, L2TP, NFS, and NLM dissectors to use it and to the ONC RPC
dissector to allow ONC RPC subdissectors to use it.
svn path=/trunk/; revision=4099
there were 2 functions which accepted 'maxlength' == -1, but the function
prototypes had maxlength as a guint --- fixed.
svn path=/trunk/; revision=4087
"proto_item_set_text()" except that it appends the result of the
formatting to the item's current text, rather than replacing the item's
current text. Use it in the DNS dissector.
svn path=/trunk/; revision=3880
but, before you set the text, you throw an exception while putting stuff
under the subtree, you end up with an absolutely blank protocol tree
item, which is really gross. Instead of calling
"proto_tree_add_notext()", call "proto_tree_add_text()" with at least a
minimal label - yes, it does mean you do some work that will probably be
unnecessary, but, absent a scheme to arrange to do that work if it *is*
necessary (e.g., catching exceptions), the alternative is an ugly
protocol tree display.
svn path=/trunk/; revision=3879
fractions-of-a-second (the units of which are either milliseconds or
microseconds, specified by a Boolean argument), and formats it into a
"DD days, HH hours, MM minutes, SS seconds" using a buffer supplied to
it. Have "time_secs_to_str()" and "time_msecs_to_str()" both use it.
Also, have it correctly handle the case of SS being > 0 but < 1 (which
"time_msecs_to_str()" didn't do).
Rename "rel_time_to_str()" to "rel_time_to_secs_str()", and add a
"rel_time_to_str()" routine that takes a "struct timeval" and hands its
seconds and microseconds values to "time_secs_to_str_buf()". Use
"rel_time_to_secs_str()" to format FT_RELATIVE_TIME values for now; we
might want to use "rel_time_to_str()" for them, though, or make it an
option (either a user option, or a per-field option, using the field
that also holds BASE_ values).
svn path=/trunk/; revision=3806
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
corresponding to a named field, by matching stuff at a particular offset
in the frame, don't treat a length of 1 byte specially - the syntax for
a one-byte byte string is the same as for longer byte strings, with no
leading "0x" allowed.
Clean up white space.
svn path=/trunk/; revision=3406
argument, have it just return; this allows dissectors that don't
explicitly check for a null protocol-tree argument to pass the
protocol-tree argument to "proto_tree_add_XXX()" routines - which means
they'll get a null pointer back if the protocol-tree argument is null
because we're not constructing a protocol tree - and then later use
"proto_item_set_len()" without having to check for a null
protocol-tree-item pointer.
svn path=/trunk/; revision=3402
was specified.
This should obviate the need to handle BASE_NONE specially in the
formatting routines, so revert to the previous version.
svn path=/trunk/; revision=3359
with useful error messages. Some dissector are registering
FT_INTn or FT_UINTn fields with BASE_NONE. Now when ethereal dies
because of it the offending field will be identified so that it
can be fixed.
svn path=/trunk/; revision=3340
you have to select a base (even before this change, you had to select
one, otherwise the filter-construction GUI would crash if you selected
an FT_INTn or FT_UINTn field with BASE_NONE and then selected a
comparison operator).
svn path=/trunk/; revision=3337
status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected.
While we're at it, use a similar test to eliminate the text pseudo-field
from the output of "{ethereal,tethereal} -G", as well.
svn path=/trunk/; revision=3335
source name from "pi.compat_top_tvb", which should always be set to the
tvbuff that refers to the data that old-style dissectors are currently
working on.
Arrange that it be so set in those dissectors that create alternate data
sources and call other dissectors, and also arrange that "pi.len" and
"pi.captured_len" be set appropriately as well.
svn path=/trunk/; revision=3286
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
a byte in the hex dump,
1. Fix an off-by-one error when finding the field. This only showed up
if the selected byte had no field of its own and was only designated
as part of the parent protocol (like the 00-padding at the beginning of
TCP options).
2. Fix an off-by-one error when clicking on a character in the second
half of the "text dump" portion of the hex dump. I forgot about the
extra space between the first 8 characters and the second 8 characters.
svn path=/trunk/; revision=3117
routines need it.
When a user clicks on a hex digit or on the corresponding character
(the "text dump" portion) in the hex dump, find the field in the
proto_tree that the byte corresponds to, expand the GtkCTree so that
the field is viewable, select the field, and center it vertically.
LanAlyzer has this feature, and I've missed it in Ethereal.
svn path=/trunk/; revision=3096
in the output of "{ethereal,tethereal} -G", so that it appears only once
in the documentation.
Expand some comments to give more details.
svn path=/trunk/; revision=3024
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
be loaded and their initialization routines called in right after we
call the initialization routines for built-in dissectors, but don't call
their handoff registration routines yet, and then call the handoff
registration routines right after calling the handoff registration
routines for built-in dissectors.
Do all that in "proto_init()", rather than "epan_init()".
That way, we call all dissector registration routines together, and then
call all dissector handoff registration routines together; all the
registration routines are called before any handoff registration
routines, as is required, and, as "proto_init()" is called by
"epan_init()" before "dfilter_init()" is called, all filterable fields
have been registered before "dfilter_init()" is called, and no plugins
have to call "dfilter_init()" themselves to get their fields registered.
Remove pointers to "dfilter_init()" and "dfilter_cleanup()" from the
plugin address table, as plugins shouldn't be calling them any more, and
remove calls to them from plugins.
svn path=/trunk/; revision=2940
protocols, in addition to adding structures to the list of filterable
fields. Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as
pinfo->current_proto;
the dialog box for constructing filters;
the preferences tab for the protocol;
and so on (although we're not yet using it in all those places).
Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.
Make some routines and variables that aren't exported static.
Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.
svn path=/trunk/; revision=2810
string formatter, like "format_text()", and, as "tvbuff.c" now calls it
(*vide infra*), we don't want to have to make "tvbuff.c" drag "packet.h"
in just to declare "bytes_to_str()". It's now declared in "strutil.h",
so include it in modules that use "bytes_to_str()" and weren't already
including it.
Add a "tvb_bytes_to_str()" wrapper that calls "tvb_get_ptr()" to get a
pointer to a chunk of N bytes at a given offset in a tvbuff and then
hands that chunk to "bytes_to_str()". Convert the code that was doing
that to use "tvb_bytes_to_str()" instead (which caught what I suspect is
a bug in the Q.2931 dissector, where it was handing an offset of 0 to
"tvb_get_ptr()" - a cut-and-pasteo, I think).
Tvbuffify the ARP dissector.
svn path=/trunk/; revision=2634