by pass-through proxying dissectors such as the SOCKS dissector; it does
the work of processing a TCP segment, including desegmentation. Export
the "next sequence number" value to subdissectors, so they can use it
when calling "dissect_tcp_payload()".
Use that in the SOCKS dissector.
svn path=/trunk/; revision=9489
and have it return TRUE if we succeeded, FALSE otherwise - and have an
internal "process_tcp_payload()" routine handle the (TCP-specific) PDU
tracking and sequence number analysis, with an argument to indicate
whether it should do that or not (i.e., whether it's being handed a TCP
segment or reassembled data).
svn path=/trunk/; revision=8914
packets/sessions, e.g. MSProxy and SOCKS. It should not cause any of
the TCP-specific stuff such as sequence number analysis or PDU tracking
to be done. (Actually, MSProxy and SOCKS should offer desegmentation
services *themselves* and do their *own* PDU tracking, rather than just
passing stuff on to "decode_tcp_ports()", but that's another matter.)
Make "tcp_tree" once again be a local variable to "dissect_tcp()", and
pass it as an argument to those functions that use it.
svn path=/trunk/; revision=8912
Track window scaling and display the window field after it has been scaled to its real value
If we have seen a SYN packet with a WindowScalingOption
then if the option to use RelativeSequence numbers has been enabled,
then ethereal will change the presented window field to be the window after it has been scaled to the real value.
This obviously only works if we have seen the SYN packet and if the SYN packet contained a window scaling option
svn path=/trunk/; revision=8461
Supported types are Ethernet/TokenRing/IP/UDP and TCP.
Will add FibreChannel soon.
The framework for this feature needs to be enhanced in the future so that by selecting one entry and click the right mousebutton, this will bring up a menu with Prepare/Match options with suboptions for AnyDirection, ForwardOnly or ReverseOnly which updates the display filter accordingly.
Had to update some of the taps as well to change them to use a proper address structure for the address fields.
We should now be able to to these stats correctly even for ip tunneled over ip tunnelled over ip ...
svn path=/trunk/; revision=8222
length, we can't get the segment length (although we can at least try to
dissect the header). If that's the case, put in Ronnie's "short
segment" note.
Also, put into the information we pass to TCP taps an indication of
whether the segment length is valid or not.
svn path=/trunk/; revision=7705
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
svn path=/trunk/; revision=7543
a negative value.
Use "tvb_ensure_length_remaining()" in "tcp_dissect_pdus()", rather than
checking the return value of "tvb_length_remaining()" ourselves, and
make various variables and parameters in it "guint" as appropriate.
svn path=/trunk/; revision=5396
extracting PDUs from it and possibly doing reassembly. Make the COPS,
DNS, DSI, Gryphon, and SCCP dissectors use it.
Add "set_actual_length()", "tcp_dissect_pdus()",
"decode_boolean_bitfield()", "decode_numeric_bitfield()", and
"decode_enumerated_bitfield()" to the list of routines available to
dissectors on platforms where routines in the main program aren't
available to dynamically-loaded code.
Declare routines in "to_str.h" as "extern"; as I remember, that's
necessary to allow the "decode_XXX_bitfield()" routines declared therein
to be made available to plugins as per the above.
Note that new exported routines should be added to the end of the table
if that's the only change being made to the table.
Create a new "plugin_api_decls.h" header file, used to declare both the
"p_" variables and the "p_" structure members in the routine-exporting
mechanism; this reduces the number of places you have to change to
change the list of exported routines.
svn path=/trunk/; revision=5394
RPC and NDMP.
Show the RPC-over-TCP fragment header as a tree with bitfields below it.
Add a routine to show a reported bounds error as an "Unreassembled
Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented"
is set, and have NBNS and RPC use that.
Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized
(it wasn't in that list, and wasn't getting initialized).
When freeing up various hash tables and memory chunks in the RPC
dissector, zero out the pointers to them, just to make sure we don't try
to free them again.
Always destroy the TCP segment key and address memory chunks in
"tcp_desegment_init()", regardless of whether TCP desegmentation is
enabled - we don't *allocate* them if TCP desegmentation isn't enabled,
but we should free them even if it's not enabled. Also, when we free
them, set the pointers to them to null, so we don't double-free them.
Supply to subdissectors called from the TCP dissector the sequence
number of the first byte handed to the sub dissector.
svn path=/trunk/; revision=4753
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
variable that holds it an "int" rather than a "guint16".
Further strengthen the heuristics the NBSS dissector uses to distinguish
NBSS messages from continuations of NBSS messages.
If an frame contains an NBSS continuation, put the protocol tree item
for the continuation data under an NBSS protocol tree item.
Have the TCP dissector supply information to subdissectors via a "struct
tcpinfo" pointed to by "pinfo->private"; move the urgent pointer value
from a global variable into that structure, and add a Boolean flag that
indicates whether the data it's handing to a subdissector is reassembled
data or not.
Make the NBSS dissector check for continuations only in non-reassembled
data.
Fix the computation, in the TCP dissector, of the offset into the tvbuff
handed to the subdissector of the first byte of stuff that needs further
reassembly, and fix the computation of the sequence number corresponding
to that byte.
svn path=/trunk/; revision=3984
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
dissector.
Don't dissect the payload of any fragmented IPv6 packet unless it's the
initial fragment (that's what we do for IPv4).
svn path=/trunk/; revision=1882
with conversations and having TCP and UDP check whether a packet is part
of a conversation with a dissector and, if so, using that dissector on
the conversation, and "ethertype()"-style support for allowing a
dissector to call a sub-dissector via the same path that the TCP and UDP
dissectors use, based on port numbers supplied by that dissector.
svn path=/trunk/; revision=1837
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
Guy Harris