read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.
svn path=/trunk/; revision=596
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:
tr.sr
or by its negation:
!tr.sr
svn path=/trunk/; revision=591
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.
svn path=/trunk/; revision=589
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).
svn path=/trunk/; revision=584
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.
svn path=/trunk/; revision=580
to be just "fd->cap_len - offset", but it's now "pi.captured_len - offset",
which means that, for a protocol built atop TCP, like LPD, it'll take
into account the fact that the IP (and thus TCP) data in the packet may
end before the end of the frame.
svn path=/trunk/; revision=579
Add in the Identification and Time Remaining codes for LCP.
Add in a pile of other LCP options, albeit without anything more than
names for now.
Don't say "1 bytes", say "1 byte".
Don't use "dissect_data()" to dissect part of a *CP packet, and don't
dissect opaque data if there're zero bytes of it.
svn path=/trunk/; revision=578
Have a common routine to parse both LCP and IPCP, as IPCP is based on
LCP.
Have only one "value_string" array of PPP protocol types, with all the
types we know about.
svn path=/trunk/; revision=577
"dissect_payload_ppp()"; put it into a common routine, called by both
(which means we now dissect LCP and IPCP in PPP requests even if they
aren't inside PPPOE or GRE packets).
svn path=/trunk/; revision=576
that it can pop up a message box; have it do so.
Make the "Can't open file" message boxes in "colors.c" include the
"errno" error message in the message they put up.
Don't complain about being unable to open the color filter file if it
doesn't exist (perhaps the user just never made one).
Make the message for a failure to open the preferences file resemble
that for a failure to open a color filter file.
svn path=/trunk/; revision=575
NetBIOS Datagram Service in NBTland; a capture Gilbert sent had a pile
of those packets containing what looked like SMB browser announcements,
which are sent out as broadcast datagrams. Label them as such, and
treat them as such.
Might packet type 2 be the equivalent of the NetBIOS Session Service -
both of them contain SMBs, but the former is a connection-oriented
service (LLC I frames, presumably, in NBF, and TCP in NBT), and the
latter is a datagram-oriented service (LLC UI frames, presumably, in
NBF, and UDP in NBT)? For now, we leave type 2 as "SMB (over NBIPX)",
but we might want to label it as "NetBIOS session" or whatever the
appropriate term is.
svn path=/trunk/; revision=574
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=573
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=571
Fixed the default case in the packet-cdp while() statement to look for
non-zero offsets. I should fix the other cases where offset += length.
Meanwhile, however, I added cdp.tlv.type and cdp.tlv.len as two filterable
fields so that one can use "cdp.tlv.len == 0" as a display filter to
find the packet that was causing problems.
svn path=/trunk/; revision=568
routine, it's what we use elsewhere in Ethereal, all modern UNIXes have
it, and it's declared in <string.h>, unlike "index()" which isn't
necessarily declared there (and thus we get GCC warnings about "index()"
being undeclared).
svn path=/trunk/; revision=567
'configure' can update the version automatically. That way we don't
have to update the spec file every time the version of ethereal changes.
svn path=/trunk/; revision=563
and the info field an indication of whether it's Ethernet II, raw 802.3,
or (LLC-atop) 802.3 (which will be overridden by other protocols, if we
know the protocol inside the frame).
svn path=/trunk/; revision=559
In the summary display for FDDI frames, make the protocol FDDI and the
info field the description of the frame control field (which will be
overridden by other protocols, if the frame is an async LLC frame).
svn path=/trunk/; revision=558
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
if the SAPs are SNAP, based on their ethertype are I frames and UI
frames; others don't have payload to be dissected as belonging to other
protocols.
svn path=/trunk/; revision=555
temporary file with mode rw-------, so we won't assume that all UNIXes
will do so; instead, we set the umask to 0077 to take away all group and
other permissions, attempt to create the file, and then put the umask
back (puts into "try_tempfile()", called by "create_tempfile()" to
create temporary files, the "umask()" calls that Gilbert put into
"capture.c" to deal with the same problem).
svn path=/trunk/; revision=553
not using the structure members so declared, anyway; instead, put in a
comment to note that the data follows, in a certain format.
Use "guint8", "guint16", and "guint32" instead of "unsigned char",
"unsigned short", and "unsigned long", as per the rest of Ethereal; the
first two pairs are equivalent, but "unsigned long" is *not* necessarily
a 32-bit data type (it's not a 32-bit data type on most 64-bit
platforms, for example).
svn path=/trunk/; revision=550
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).
Include <time.h> in "file.c", to declare "struct tm".
Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".
svn path=/trunk/; revision=549
Guy Harris