if the PDU was short.
This was most noticeable in NFS Read Replies not generating tap events and
thus NFS RTT statistics did not count the Read procedure.
svn path=/trunk/; revision=7490
called from the frame where the ip packet was reassembled instead of from each fragment.
For fragments, put [Reassembled in #xx] in the summary pane so it is easy
to see which fragments are successfully reassembled and which are not.
For fragments, add a "This fragment is reassembled in:xx" to the tree
pane so and make it FT_FRAMENUM so it is easy to jump top the reassembled ip packet.
svn path=/trunk/; revision=7489
Shuffle the routines for subprotocols of VINES ARP into numerical order
by protocol number.
The 32-bit net/16-bit subnet fields in the VINES IP header structure
doesn't work, as the net has to be aligned on a 32-bit boundary; replace
it with a 6-byte address field.
svn path=/trunk/; revision=7482
Show the meaning of most of the bits in the transport control field.
Show lengths, windows, sequence numbers, and the like in decimal (that's
how Sniffer Pro shows them).
svn path=/trunk/; revision=7479
This solves a problem introduced by the recent rewrite of dcerpc-over-smb
reassembly which caused the last fragment for each dcerpc pdu to be duplicated and flagged as overlapping fragment.
This
svn path=/trunk/; revision=7478
SPP packet type in the Info column rather than the Protocol column.
Give the Vines protocol number field a value_string table.
Nobody asks for the Vines IP dissector by name, so it doesn't have to be
registered by name.
svn path=/trunk/; revision=7477
in the packet when doing reassembly checks, as is done in other places
where we do TCP segment reassembly.
The return value of "tvb_reported_length_remaining()" can be negative -
it's a "gint"; assign it to a "gint", so that if we go past the end of
the packet in the main loop, we break out of that loop (and do so
elsewhere, just for cleanliness' sake).
Get rid the check in the loop to make sure we make no more than 20
iterations - all the routines that parse packets should either advance
the offset by at least one byte or return a "desegmentation required"
indication; the former means we make progress and eventually exit the
loop, the latter means we immediately exit the loop.
Use "int" variables, not "guint" variables, for packet offsets.
svn path=/trunk/; revision=7475
check, for each item, when it's past the end of the page before putting
it into the protocol tree, and advance the offset through the page as we
do so.
If the identifier codeset is ASCII, display the item as text rather than
as binary data.
svn path=/trunk/; revision=7473
Since this value has no human readable meaning it should be displayed in HEX only but make ethereal also display the "wrong" base to enhance human compatibility.
svn path=/trunk/; revision=7471
The reason for doing this is to allow a user to pick RPC as a protocol offered
by DecodeAs...
Why:
If ethereal has tcp-reseembly enabled, the heuristic dissector for rpc will not even attempt to find RPC packets.
If no PORTMAPPER/GETPORT are available either in the capture there is
currently no way for ethereal to know/learn that the conversation is ONC-RPC.
This at least will allow users to manually tell ethereal that such a conversation is ONC-RPC.
svn path=/trunk/; revision=7470
Add Response-Time statistics for each known mgcp message-type.
Fix a few bugs and remove trailing whitespace.
Use "gdouble" for printing time-values and calculating the
average. It is easier to use and shouldn't overflow on big
trace files like "guint32".
Move some functions for time statistics into the new file
timestats.c in the main directory. This code may be useful in
the rpc and smb rtt-taps as well.
svn path=/trunk/; revision=7469
and 2 function codes for Modbus/TCP, plus some bug fixes.
Use value_string tables to map function codes and exception codes to
strings.
svn path=/trunk/; revision=7468
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
Don't use "proto_tree_add_uint_format()" for the source and destination
reference fields, use "proto_tree_add_uint()". Rename the field to make
that work.
Shuffle some stuff around to clean it up.
svn path=/trunk/; revision=7464
fragmented.
"PFC_NOT_FRAGMENTED()" is checked early in "dissect_dcerpc_cn_stub()";
there's no need to check it again in either of the code paths after
that, as we know it's true in the first code path and false in the second.
svn path=/trunk/; revision=7460
reassembly. (Perhaps we *shouldn't* see reassembly in progress in both
directions, if the protocol is purely request/response, but that doesn't
mean you won't see it in a capture, due to bugs or dropped packets
or....)
svn path=/trunk/; revision=7457
read/write data that might, or might not, be DCE RPC information on a
pipe, and use that routine rather than duplicating similar code in
multiple places.
svn path=/trunk/; revision=7455
To test whether a single bit is set, just do "if (mode&bit)", not
"if ((mode&bit)==bit)".
In the places where read and write data is processed, have both a
comment indicating that it's file data and that you can transport DCERPC
over SMB just with reads and writes, to indicate why we may call the
DCERPC-over-a-pipe dissector.
svn path=/trunk/; revision=7450
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.
Add some casts to squelch compiler complaints.
svn path=/trunk/; revision=7449
Don't print Cavebear skipped - it makes the output unusable.
manuf.tmpl:
Remove entries that overwrite identical or similar results from IEEE
manuf:
Rebuild to reflect the changes in manuf.tmpl and add some new IEEE
entries.
svn path=/trunk/; revision=7447
Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.
Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.
This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.
svn path=/trunk/; revision=7445
"End-of-Connection Acknolwedgment") have none of the connection control
bits set; describe them as "Data, No Ack Required" rather than
"Unknown".
svn path=/trunk/; revision=7443
two packets have the same sequence number; use the sequence number in
the hash key.
The sequence number is not incremented for system packets, and system
packets probably don't get ACKed and thus presumably don't get
retransmitted, so don't do retransmission checks for system packets.
svn path=/trunk/; revision=7442