The attachted patch fixes and enhances the SCPS TCP option dissection. Changes
are:
- fix order of reserved Bit 1,2,3
- fix minimum TCP option length
- fix proto items
- add proto item for Connection ID
- removed the verify_scps() function. It's logic was broken, because it did
reset the scps_capable flag on both flows if one of them did not have it.
However sometimes that flag is only enabled in one flow direction and that flow
direction could see TCP options later on, which would get dissected as invalid.
See the attachted capture file for an example.
svn path=/trunk/; revision=38326
Fix :
packet-tcp.c:3337: error: ‘dissect_tcpopt_maxseg’ undeclared here (not in a function)
packet-tcp.c:2264: error: ‘dissec_tcpopt_exp’ defined but not used
svn path=/trunk/; revision=38176
Introduced a new tcp state variable: maxseqtobeacked, this is the
maximum seq number that can be acked by the rev party in normal case.
This new state variable only serves the proper detection of
tcp.analysis.ack_lost_segment indicator, and decouples it from the detection of
tcp.analysis.lost_segment indicator.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6081
svn path=/trunk/; revision=37922
the nonce bit, we should display 3 nibbles on the Flags summary line in order
to represent all flag bits. While arguably we need not worry about reserved
bits, the nonce bit is not currently represented, so that bit alone pushes us
into the next nibble.
svn path=/trunk/; revision=37856
This lets us get rid of the per-frame_data-structure prev and next
pointers, saving memory (at least according to Activity Monitor's report
of the virtual address space size on my Snow Leopard machine, it's a
noticeable saving), and lets us look up frame_data structures by frame
number in O(log2(number of frames)) time rather than O(number of frames)
time. It seems to take more CPU time when reading in the file, but
seems to go from "finished reading in all the packets" to "displaying
the packets" faster and seems to free up the frame_data structures
faster when closing the file.
It *is* doing more copying, currently, as we now don't allocate the
frame_data structure until after the packet has passed the read filter,
so that might account for the additional CPU time.
(Oh, and, for what it's worth, on an LP64 platform, a frame_data
structure is exactly 128 bytes long. However, there's more stuff to
remove, so the power-of-2 size is not guaranteed to remain, and it's not
a power-of-2 size on an ILP32 platform.)
It also means we don't need GLib 2.10 or later for the two-pass mode in
TShark.
It also means some code in the TCP dissector that was checking
pinfo->fd->next to see if it's NULL, in order to see if this is the last
packet in the file, no longer works, but that wasn't guaranteed to work
anyway:
we might be doing a one-pass read through the capture in TShark;
we might be dissecting the frame while we're reading in the
packets for the first time in Wireshark;
we might be doing a live capture in Wireshark;
in which case packets might be prematurely considered "the last packet".
#if 0 the no-longer-working tests, pending figuring out a better way of
doing it.
svn path=/trunk/; revision=36849
In the explanation of TCP Option 78 (Riverbed Transparency), the labels
are "CSH IP Addr/Port" and "SSH IP Addr/Port". This should be "Src SH IP
Addr/Port" and "Dst SH IP Addr/Port".
The filter keys for these labels are correct.
svn path=/trunk/; revision=36667
Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors.
(The SSL dissector was already updated in one of two spots with bug 4535/rev
32456.)
A couple of the patches had to be manually applied.
From me: Fix the comments to match the change (including in the TCP and SSL
dissectors.)
svn path=/trunk/; revision=36332
If we thought we finished reassembly (and called the subdissector) only to find
out that the subdissector asked for more data, handle the case where the
subdissector asked for DESEGMENT_UNTIL_FIN. Previously we only handled the
possibility that the subdissector would ask for a specific number of bytes or
DESEGMENT_ONE_MORE_SEGMENT.
svn path=/trunk/; revision=36330
a retransmission), don't add it to the list (tree) of multi-segment pdus.
Otherwise, if we'd already seen the rest of the pdu and the other segments
were not retransmitted, the retransmission would break dissection of the pdu
because lookups for the segment would find the retransmission (to which the
other segments were not attached).
Since we know this segment is a retransmission, don't bother handing it off
to the subdissector either.
Use PINFO_FD_VISITED().
Add some white space in the desegmentation routine to improve readability.
Apply the same changes to the SSL dissector.
svn path=/trunk/; revision=36304
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
This is necessary in case a subdissector had changed it but was unable to
restore it (due to the exception).
Remove check_col().
svn path=/trunk/; revision=34436
option length and values with proto_tree_add_item() intead of _add_text().
The options tree still shows the same information as before until the sub-
tree is expanded.
The goal is to do this with all TCP and IP options.
svn path=/trunk/; revision=34088
TCP bytes_in flight becomes inflated with lost packets
This patch suspends Bytes-in-Flight calculation when missing packets are detected.
svn path=/trunk/; revision=33994
Chris Maynard