a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
svn path=/trunk/; revision=2031
(i.e., the amount of data that was in the packet, even if not all of it
was captured), for use when dissecting packets containing data that
fills the packet (we want the dissector to try to dissect all of it; if
it runs past the end of the captured data, we want it to throw an
exception so that we'll put a "Short Frame" note in the protocol tree).
This means we always want a tvbuff to have a real reported length value,
so we make it an unsigned integer, and don't bother checking it for -1,
as it should never be -1.
If the reported length passed in to "tvb_set_subset()" is -1, set the
reported length to the reported length of the tvbuff of which the new
tvbuff will be a subset minus the offset in that tvbuff of the subset,
so that "-1" means "what's left of the packet after we chop off the
header". This is necessary in order to ensure that all tvbuffs have a
real reported length value.
Have "dissect_packet()" set the reported length of the top-level tvbuff
to the reported length of the frame, so that we start out with a tvbuff
with a real reported length value.
Have "tvb_offset_exists()" return FALSE if the offset is past the end of
the tvbuff.
If the offset passed to it is postitive, have "compute_offset_length()"
check for that it's not more than one byte past the end of the tvbuff -
if it's just past the end, we don't want the check to fail, as we don't
want attempts to create a subset tvbuff containing zero bytes to fail;
that would be done if a captured packet was all header and no payload,
and we'd want the dissector of the payload, not the dissector of the
header, to throw an exception, as the problem isn't with the protocol
for the header, it's with the protocol for the payload.
Convert the ATM dissector, the SSCOP dissector, the Q.2931 dissector,
and the Q.931 dissector to use tvbuffs.
Make the LAPD dissector set up a tvbuff for the Q.931 dissector (it's
not converted yet).
svn path=/trunk/; revision=2023
(the ip_tcp_options stuff is still non-tvbuff until I convert ip and tcp).
Add preliminary fix for Linux ISDN ippp devices (similar watch was posted
to ethereal-users, but did not use tvbuffs).
Change packet-raw.c to call capture_ppp()/dissect_ppp() in the case
where the frame starts with FF:03. We had been calling
capture_ip()/dissect_ip() at byte offset 4, but I think this is for
historical reasons of packet-raw.c and packet-ip.c existing before
packet-ppp.c.
svn path=/trunk/; revision=1998
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
in tvbuff terminology). This is implemented for TVBUFF_REAL and TVBUFF_SUBSET
so far; support for TVBUFF_COMPOSITE is coming soon.
Throw either ReportedBoundsError or BoundsError.
A ReportedBoundsError is reported as "Malformed Frame" since the protocol
stated that a certain number of bytes should be available but they weren't.
A BoundsError is reported as a "Short Frame" since the snaplen was too short.
Register proto_short (BoundsError) and proto_malformed (ReportedBounds)
so searches can be made on "short" and "malformed".
svn path=/trunk/; revision=1965
Modify ethernet dissector to catch BoundsError if the attempt to
create next_tvb with the length specified in the ethernet header throws
an exception. In that case, next_tv is created with as many bytes as
are available in the frame.
Both dissect_tr() and dissect_eth() now have TRY blocks, which means
I had to fiddle with 'volatile' and 'static' storage options to get
things right (at least according to gcc).
svn path=/trunk/; revision=1962
Non-tvbuff dissectors create a tvbuff when calling dissect_llc()
Changed name of current_proto to match string in COL_PROTO ("FDDI" instead of "fddi")
Changed short text to be: [Short Frame: %s] where %s is current_proto.
svn path=/trunk/; revision=1943
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
svn path=/trunk/; revision=1850
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
"dissect_init()" and "dissect_cleanup()", in "packet.c", so that we
don't duplicate those routines in Ethereal and Tethereal (and so on),
and don't have to remember to update N different versions of them if we
have to change the way we do one-time initialization and cleanup.
svn path=/trunk/; revision=1790
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
field, to allow dissectors to register their dissection routine in a
particular field's hash table with a particular "port" value, and to
make the TCP and UDP dissectors support that for their "port" field and
to look up ports in that hash table.
This replaces the hash table that the UDP dissector was using.
There's still more work needed to make this useful - right now, the hash
tables are attached to the protocol field in the register routines for
the TCP and UDP protocols, which means that the register routines for
protocols that run atop TCP and UDP can't use this unless their register
routines happen to be called after those for TCP and/or UDP, and several
other protocols need to attach hash tables to fields, and there's no
single global field for Ethernet types so we can't even attach a hash
table to such a field to allow protocols to register themselves with a
particular Ethertype - but it's a start.
svn path=/trunk/; revision=1779
handle data (snoop does this, and it's somewhat convenient if you're
trying to see whether, say, an ACCESS call is acting on the file whose
file handle you got back from a previous MOUNT request).
Boost the maximum number of bytes worth of hex data shown by
"bytes_to_str()" from 10 to 16, so that we can show the file handle 16
bytes per line (as snoop does).
svn path=/trunk/; revision=1744
proto_tree_add_protocol_format()
proto_tree_add_uint_format()
proto_tree_add_ipxnet_format()
proto_tree_add_ipv4_format()
proto_tree_add_ipv6_format()
proto_tree_add_bytes_format()
proto_tree_add_string_format()
proto_tree_add_ether_format()
proto_tree_add_time_format()
proto_tree_add_double_format()
proto_tree_add_boolean_format()
If using GCC 2.x, we can check the print-format against the variable args
passed in. Regardless of compiler, we can now check at run-time that the
field type passed into the function corresponds to what that function
expects (FT_UINT, FT_BOOLEAN, etc.)
Note that proto_tree_add_protocol_format() does not require a value field,
since the value of a protocol is always NULL. It's more intuitive w/o the
vestigial argument.
Fixed a proto_tree_add_item_format-related bug in packet-isis-hello.c
Fixed a variable usage bug in packet-v120.c. (ett_* was used instead of hf_*)
Checked in Guy's fix for the function declearation for proto_tree_add_text()
and proto_tree_add_notext().
svn path=/trunk/; revision=1713
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
Added lots of #ifdef HAVE_*_H wrappers.
Added some #defines in config.h.win32
Check for more headers in configure.in
Added prototype for inet_aton() in inet_v6defs.h.
Changed "BYTE" token (i.e., #define) in ascend-gramamr.y because it
conflicts with a windows definition. Use HEXBYTE instead.
svn path=/trunk/; revision=1448
"file.c" to "packet.c"; it's not really related to file access (or to
manipulating the packet list as a whole, which much of the stuff in
"file.c" is really for), but is more related to analyzing packets, and
moving it to "packet.c" lets me build an experimental "line-mode" flavor
of Ethereal (based on Gilbert's "tethereal" experiment) - "line-mode"
means "like tcpdump or snoop" - without having to drag in "file.c" and a
pile of GUI stuff.
svn path=/trunk/; revision=1388
In packet_hex_print(), compute (bstart + blen) only once.
In time_secs_to_str(), return a meaningful string when time == 0, instead
of returing pointer to char buffer with old, inappropriate data in it.
svn path=/trunk/; revision=1297
requests, as described in RFC 2225; they do *not* have the same format
as regular ARP requests, so dissect them differently.
Inverse ARP is also used on ATM, so add the Inverse ARP request and
reply message types. (It's also used with other protocols, e.g. Frame
Relay.)
Handle zero-length addresses (meaning the address is absent).
They can have up to 6 different address fields, so make "bytes_to_str()"
have six static buffers in which it can return strings.
svn path=/trunk/; revision=1123
(in the src/dst of the CList). In order to do this, I had to:
1. Add a new function, ether_to_str_punct(const guint8*, char) which
turns a 6-byt ether address into a string, using whatever punctuation
is passed as the char. If a null char is passed, no separator
is put between the hex digits. Unresolved IPX addresses look better
with the ether portion having no punctuation (IMHO)
2. Changed ether_to_str() to call ether_to_str_punct with ':' as the char
argument. That is, code abstraction.
3. MAXNAMELEN was moved from resolv.c to resolv.h so that packet-ipx.c
could see it.
4. A new resolve function, get_ether_name_if_known(), returns the resolved name
of an ether address, or NULL if there is none. This differs
from get_ether_name() by returning NULL rather than a text version
of the ether address.
svn path=/trunk/; revision=1076
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
name/number, and put the call/reply info, procedure, and version number
into the INFO field.
Implement "col_append_fstr()", and use it to add information to the info
field.
Make "col_add_fstr()" aware that COL_INFO fields can have more data than
other COL_XXX fields (as "col_add_str()" and "col_append_str()" already
were).
svn path=/trunk/; revision=947
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
definition of "AF_INET6". Declare those functions and, if it's not
defined, define "AF_INET6" in "inet_v6defs.h", and arrange to include
it if "inet_ntop()" is missing. (Systems will probably have both of
them or lack both of them, and we may choose not to use the system's
"inet_pton()" because it's buggy, so base the decision on whether to
include "inet_v6defs.h" on whether we're using the system's
"inet_ntop()" or not.) Fix some macro references in "Makefile.am" and
"configure.in".
svn path=/trunk/; revision=830
for converting IPv[46] numeric notation to/from binary form.
recent BIND includes those functions so fallback is not necessary on
most of the platforms.
sorry if it raises any portability problem on other platforms.
remove partial inclusion of inet_ntop() in packet-ipv6.c.
move ip6_to_str() to packet.c, it fits better there than packet-ipv6.c.
svn path=/trunk/; revision=829
the base for numbers to be displayed in, bitmasks for bitfields, and blurbs
(which are one or two sentences describing the field).
proto_tree_add*() routines now automatically handle bitfields. You tell
it which header field you are adding, and just pass it the value of the
entire field, and the proto_tree routines will do the masking and shifting
for you.
This means that bitfields are more naturally filtered via dfilter now.
Added Phil Techau's support for signed integers in dfilters/proto_tree.
Added the beginning of the SNA dissector. It's not complete, but I'm
committing it now because it has example after example of how to use
bitfields with the new header_field_info struct and proto_tree routines.
It was the impetus to change how header_field_info works.
svn path=/trunk/; revision=815
of the packet be printed (this is only done if "Print detail" is
selected; it should be grayed out of "Print summary" is selected).
If that item is selected, suppress the hex printing of uninterpreted
data items in the protocol tree.
Move some GTK+ keys not used outside of "gtk/print_dlg.c" from
"gtk/keys.h" into "gtk/print_dlg.c".
svn path=/trunk/; revision=736