"dissect_ip_tcp_options()" but for options that are like IPv6 options
(i.e., the length byte has a value that doesn't include the option code
or length byte).
Add an "ip_opts.h" header to declare it, and move the declaration of
stuff used by it and "dissect_ip_tcp_options()", and the declaration of
"dissect_ip_tcp_options()", to that header.
Use "dissect_ipv6_options()" for Mobile IPv6 options.
Get rid of the unused "mip6_opt_types[]" array in "packet-mip6.h".
svn path=/trunk/; revision=8015
a TCP segment, and probably don't want to hand the segment to a TCP tap,
if the TCP segment is included in an error packet.
svn path=/trunk/; revision=7780
length, we can't get the segment length (although we can at least try to
dissect the header). If that's the case, put in Ronnie's "short
segment" note.
Also, put into the information we pass to TCP taps an indication of
whether the segment length is valid or not.
svn path=/trunk/; revision=7705
knowing the actual length of the packet, as we don't know that length
(IP fragments don't contain the length of the full packet - you don't
know how big the reassembled packet is until you reassemble it).
We don't have to worry about dissecting the TCP header in them, though.
svn path=/trunk/; revision=7703
or the reported tcp header length.
This is probably caused either by a very very short capture length or by
nmap or someone playing firewall fragment games to the tcp flags field.
svn path=/trunk/; revision=7698
the rather brilliant keep-alive packets solaris use.
Solaris does not do RFC793 keepalives at all, instead they do a quite
brilliant workalike that gies them reliable keepalives.
svn path=/trunk/; revision=7685
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
svn path=/trunk/; revision=7543
null) to the "fragment_items" structure, and don't pass that value into
"process_reassembled_data()", just have it use the value in the
"fragment_items" structure passed to it.
Make "process_reassembled_data()" capable of handling reassembly done by
"fragment_add_seq_check()", and use it in the ATP and 802.11 dissectors;
give them "reassembled_in" fields. Make "process_reassembled_data()"
handle only the case of a completed reassembly (fd_head != NULL) so that
we can use it in those dissectors without gunking the code up too much.
svn path=/trunk/; revision=7513
Duplicate ACKs that are detected/suspected are now also flagged
with which frame the original ACK was seen in and the dup ack number.
This is displayed both in the summary pane as well as in the tree pane.
svn path=/trunk/; revision=7375
FIN flag would previously only add one to the sequence number if the
FIN packet was empty, i.e. did not carry any payload data.
This caused ethereal to incorrectly flag the ACK to such packets
(FIN+payload data) to be incorrectly flagged as
ACK to previously lost segment.
Change the algorithm to always add 1 to the segment length, and thus the sequence number for all packets with teh FIN bit set.
svn path=/trunk/; revision=7371
when doing reassembly.
In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).
In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.
There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we
don't.
In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.
svn path=/trunk/; revision=7282
belongs, as that's redundant.
Fix a bunch of cases where that was done, and map the old name to the
new name.
Instead of marking "mtp3.mtp3_standard" as obsolete, map it to
"mtp3.standard".
svn path=/trunk/; revision=7030
qualifiers as necessary to ensure that we don't have to.
"strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't
test their results as if they did.
Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes.
Update Michael Tuexen's e-mail address.
svn path=/trunk/; revision=6726
ZeroWindow: ZeroWindow segments are detected and flagged
ZeroWindowProbe: detected and flagged
ZeroWindowViolation: attempts to write >1 byte of data to a zerowindow is detected and flagged.
svn path=/trunk/; revision=6543
its starting sequence number, as the "fragment ID" when reassembling,
and include the source and destination port numbers in a
"tcp_segment_key" structure and use that as part of the key in the hash
table for segments, so that we don't get spoofed by segments in two
directions in the same conversation, or by segments in two separate
conversations between the same hosts, having the same starting sequence
number (which is not unlikely to happen if relative sequence numbers are
being used).
svn path=/trunk/; revision=6443
If the addresses are equal, compare the ports with '>' instead of '-'
since '>' will work regardless of whether the values are unsigned or not.
svn path=/trunk/; revision=6268
guaranteed to return 0, a positive number, or a negative number, based
on the result of the comparison. Furthermore, if it returns 0, meaning
the source and destination addresses are the same, we have to look at
the port numbers to decide which side of the conversation the frame is
from.
svn path=/trunk/; revision=6064
tcp sequence number analysis flags, such as retransmission , lost-segment, etc
to make it easier to search for all these conditions.
svn path=/trunk/; revision=6056