Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
svn path=/trunk/; revision=1046
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
svn path=/trunk/; revision=1032
Added stat dissector.
Enhancements to portmap dissector.
Added rpc_prog_name function to packet-rpc to retrieve the name of an
rpc program. This should likely eventually be modified to use the
/etc/rpc or rpc.bynumber NIS maps in addition to the programs that
are registered within ethereal.
svn path=/trunk/; revision=1016
portmap
ypserv
ypxfr
ypserv
bootparams
Stubs currently just map procedure numbers to names. I'll add some more
decoding of the actual procedure call/reply contents eventually.
svn path=/trunk/; revision=998
all the "packet-XXX.c" files doesn't work with some "make"s; they seem
to pass only the first few names in the list to the shell, for some
reason.
Therefore, we use a script to generate the "register.c" file, and run
that script from the Makefile.
svn path=/trunk/; revision=930
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
protocols (idea shamelessly stolen from GDB). We require that the
register routines
1) be located in "packet.c" or in one of the "packet-XXX.c"
files;
2) have a name of the form "proto_register_XXX";
3) take no argument, and return no value;
4) have their names appear in the source file either at the
beginning of the line, or preceded only by "void " at the
beginning of the line;
and we require that "packet-XXX.c" files be added to "DISSECTOR_SOURCES"
in "Makefile.am".
svn path=/trunk/; revision=891
as BGP is a protocol on top of TCP, it may have trouble parsing
out-of-sync data (in most cases data is aligned on packet, it seems).
svn path=/trunk/; revision=843
definition of "AF_INET6". Declare those functions and, if it's not
defined, define "AF_INET6" in "inet_v6defs.h", and arrange to include
it if "inet_ntop()" is missing. (Systems will probably have both of
them or lack both of them, and we may choose not to use the system's
"inet_pton()" because it's buggy, so base the decision on whether to
include "inet_v6defs.h" on whether we're using the system's
"inet_ntop()" or not.) Fix some macro references in "Makefile.am" and
"configure.in".
svn path=/trunk/; revision=830
for converting IPv[46] numeric notation to/from binary form.
recent BIND includes those functions so fallback is not necessary on
most of the platforms.
sorry if it raises any portability problem on other platforms.
remove partial inclusion of inet_ntop() in packet-ipv6.c.
move ip6_to_str() to packet.c, it fits better there than packet-ipv6.c.
svn path=/trunk/; revision=829
for ip.ip_p and ip6.ip6_nxt (and other IPv6 header chain).
use val_to_str() as much as possible in dissect_{ipv6,pim,ripng}().
make --disable-zlib a default for netbsd (temporary workaround).
svn path=/trunk/; revision=827
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
OSes that don't have it.
(Yes, this is BSD code, not GPLed code. I tried getting it from Glibc,
but the glibc version is just the BSD version, so I guess it's OK to mix
BSD code in with GPLed code, or, at least, with LGPLed code....)
svn path=/trunk/; revision=805
"strncasecmp()" or "mkstemp()"; add in source to the GNU "libc"
versions, and have the "configure" script check for the routines in
question and set up the Makefile to build from our versions if they're
missing.
svn path=/trunk/; revision=745
specified number of bytes of captured data in the frame at the specified
offset, and a "IS_DATA_IN_FRAME()" macro, to test whether there are any
bytes of captured data in the frame at the specified offset, and convert
some bounds checks to use them.
Add a dissector for the Internet Printing Protocol.
svn path=/trunk/; revision=685
family has a set of debug commands that allow you to log the traffic on a
WAN or dialup connection as text, e.g.
RECV-iguana:241:(task: B04E12C0, time: 1975358.50) 15 octets @ 8003D634
[0000]: FF 03 00 3D C0 06 C9 96 2D 04 C1 72 00 05 B8
Created wtap_seek_read() which parses the textual data for and Ascend
trace, and does a normal fseek() and fread() for any other file type.
The fseek()/fread() pairs in file.c were replaced with the new function.
svn path=/trunk/; revision=652
this causes "Makefile.in" to have two GPL notices - "Makefile.in" and
the "Makefile" generated from it are generated files, so maybe that's
OK).
svn path=/trunk/; revision=638
in the IPX header, and have the dissectors it calls use it rather than
being passed the length as an argument.
Treat both packet type 20 ("WAN Broadcast") and 4 ("IPX", although 3 is
also "IPX", according to Network Monitor) as potentially being NetBIOS
packets.
The packet types for the IPX NetBIOS socket (0x0455) and the NWLink
sockets (0x0551 and 0x0553) are different (perhaps because there's one
socket for the 0x0455 NBIPX, so you have to do name service and datagram
service and have the packet types distinguish them, but NWLink has
separate sockets for name service and datagram service).
The packet type for name service and for datagram service are at
*different locations* in the packet, which is unfortunate if you want to
use the packet type to distinguish name service and datagram service
packets. Use the packet length, for now, to distinguish them, with
socket 0x0455.
Dissect datagram packets differently from name service packets.
Export "packet-netbios.c"'s "netbios_add_name()" routine, and use it
when dissecting NBIPX packets as well.
Label NBIPX packets as "NBIPX" rather than "NetBIOS".
svn path=/trunk/; revision=627
directory in which the UCD SNMP library is found (and to check for the
UCD SNMP stuff in "$prefix" if "$prefix" isn't "/usr/local"), and to
have "Makefile.am" use "$(MAKE)" rather than "make".
svn path=/trunk/; revision=624
Gilbert Ramirez