they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
(and the fact that nbss does not register its conversation)
this caused WANT_PDU_TRACKING to be decremented multiple times between
the dissectors
and thus ethereal could no longer reliably spot SMB PDUs that started in the middle of a tcp segment (unless we do reassembly which we dont do unless we have to since it eats soo many resources)
FIX so that ethereal once again can spot SMB (and other) protocol PDUs that start in the middle of a segment.
svn path=/trunk/; revision=10219
that dissectors for pass-through proxying protocols such as SOCKS can
allow the subdissectors they call to ask that desegmentation be done.
svn path=/trunk/; revision=9488
* Add a "match_string" field to the "packet_info" structure,
saving the string value that matched in a string dissector
lookup, by analogy to "match_port" - this was required for
dissection with token rendering of WBXML content when no public
ID was given (e.g. Nokia/Ericsson OTA provisioning data).
* Add support for textual content type based WBXML token
mapping.
* Add extra WBXML public identifiers.
* Add the Nokia/Ericsson OTA provisioning (version 7) token
definitions.
* Inform the user when a content-type based token match is found.
svn path=/trunk/; revision=9061
Make "proto_is_protocol_enabled()" and "proto_get_protocol_short_name()"
take a "protocol_t *" as an argument, so they don't have to look up the
"protocol_t" - this will probably speed them up considerably, and
they're called on almost every dissector handoff.
Get rid of a number of "proto_is_protocol_enabled()" calls that aren't
necessary (dissectors called through handles, including those called
through dissector tables, or called as heuristic dissectors, aren't even
called if their protocol isn't enabled).
Change some direct dissector calls to go through handles.
svn path=/trunk/; revision=8979
Make the Ethereal "decode as" stuff not blow up with string dissector
tables.
Selectors for uint dissector tables are unsigned, not signed.
svn path=/trunk/; revision=8408
comparison function to use based on the type value passed in. For the
traditional unsigned integer table, require FT_UINT{8,16,24,32}; if the
type is FT_STRING or FT_STRINGZ, use the string hashing functions
instead.
Add routines for manipulating entries and looking up dissectors in
string dissector tables.
svn path=/trunk/; revision=8407
Add a new routine to iterate through all dissector tables, calling a
routine for each table, to support having the "-d" code list all
dissector tables.
Get rid of "dissector_handle_get_dissector_name()"; it was put in there
for "-d", but turns out not to be necessary for that.
Clean up the usage message a bit (using the convention, adhered to by at
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually,
and also putting "-v" and "-h" in a separate lump, as Ethereal does).
svn path=/trunk/; revision=7788
ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP
PDU starts as example.
Trivial updates to the other TCP based protocols required to amke them handle
this as well. See the updates to packet-rpc.c as an example.
This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment.
svn path=/trunk/; revision=7543
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
- A new decoder called MDSHDR which decodes the internal header of the
Cisco MDS switch (this is different from the Boardwalk header).
- Support for some more new columns as part of FC support.
- Fixed the decoding of the Special Frame in FCIP.
- Fixed the decoding of credit management type field in FLOGI/PLOGI frame
in FC-ELS.
svn path=/trunk/; revision=6974
error packets, the copy of the packet that got the error, rather than
doing it in the CLNP dissector and the ICMP dissector and the ICMPv6
dissector and the PPP dissector for various control protocols; have it
do that work iff "pinfo->in_error_pkt" is set.
svn path=/trunk/; revision=6942
compile "epan/packet.c", and including it without including <winsock2.h>
before it means that, as <winsock2.h> appears to get included after we
include "inet_v6defs.h", we get complaints about a redefinition of
AF_INET6; removing the include of "inet_v6defs.h" sqelches that warning.
If we *do* need "inet_v6defs.h" on some platforms, put it back, but put
in an include of <winsock2.h> before it, to keep the warning away - if
we ever use AF_INET6 in "epan/packet.c", we want to use the one from
<winsock2.h> if it defines it, as that's what the rest of Ethereal uses.
svn path=/trunk/; revision=6649
handle into a routine "call_dissector_work()", and have
"dissector_try_port()" and "call_dissector()" use that routine (which
means that "call_dissector()" now saves and restores
"pinfo->can_desegment").
svn path=/trunk/; revision=6516
protocols (where there's a virtual circuit ID of some sort in packets)
what conversations are for protocols ultimately running atop
connectionless network layers. Have circuit type and ID values in the
"packet_info" structure.
Have the Frame Relay dissector set the circuit type and ID values, and
have the Wellfleet compression protocol set up circuit information and
store compression information with the circuit.
svn path=/trunk/; revision=6469
equivalents for the epan/ directory but leave winsock2.h in inet_pton.c
and inet_ntop.c for now (can't estimate the consequences).
svn path=/trunk/; revision=5928
dftest.c:
Remove #if-0-ed includes
packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c,
packet-wtp.c, ethereal_gen.py:
Remove redundant include varargs (already in snprintf.h,
and required only for snprintf.h)
Remove unused include of snprintf.h from files not using
"snprintf()".
svn path=/trunk/; revision=5889
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
in the "packet_info" structure instead, as we don't need a pointer for
every single frame in the capture file, just for each frame for which we
currently have an open "epan_dissect_t".
svn path=/trunk/; revision=5614
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
that return an "int", giving either an indication of how much data was
dissected, an indication of how much more data is needed from TCP to
dissect, or 0, meaning "this isn't one of my packets").
svn path=/trunk/; revision=5260
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4848
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
dissectors. "Old-style" dissectors return nothing. "New-style"
dissectors return one of:
a positive integer, giving the number of bytes worth of data in
the tvbuff that it considered to be part of the PDU in the
tvbuff;
zero, if it didn't consider the data in the tvbuff to be a PDU
for its protocol;
a negative integer, giving the number of additional bytes worth
of data in needs to get the complete PDU (for use with
fragmentation/segmentation when the length of the PDU isn't
known to the protocol atop the one the dissector is dissecting).
Have "call_dissector()" return the return value of new-style dissectors,
and the length of the tvbuff handed to it for old-style dissectors.
Have "dissector_try_port()" return FALSE if the subdissector is a
new-style dissector and returned 0.
Make the EAP dissector a new-style dissector, and have a "EAP fragment"
dissector that is also a new-style dissector and handles fragmentation
of EAP messages (as happens above, for example, RADIUS). Also, clean up
some signed vs. unsigned comparison problems.
Reassemble EAP-Message AVPs in RADIUS.
svn path=/trunk/; revision=4811
"init_dissection()" which calls "epan_conversation_init()", does the
work that "init_all_protocols()" did, and then calls
"reassemble_init()", so that the standard sequence of dissection
initialization is done in one place, rather than having multiple places
call the same sequence of routines.
svn path=/trunk/; revision=4797
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
variables wrap-around. Since the request/reply packets are related via
a hash based on these uniqueness variables, long NCP traces can
have mis-matches reqeust/reply records.
Thus, only do the hash-lookup for the reply packet during the first
sequential scan of the trace file. Once the pertinent info is found,
store it in the packet's private data area.
Since the memory allocated for the hash and for the structures that make
up the keys are no longer needed after the first sequential run through
the trace file, arrange to free that memory after the first sequential
run. Similar to the register_init_routine() that allows dissectors
to register callbacks for calling *before* a capture file is loaded,
set up a register_postseq_cleanup_routine() function that allows
dissectors to register callbacks for calling *after* the first
sequential run-through of the trace file is made. This is not
a *final* cleanup callback, since Ethereal will still have that trace file
open for random-access reading.
I didn't have tethereal call postseq_cleanup_all_protocols() since
tethereal doesn't keep the trace file open for random-access reading.
I could easily be swayed to make tethereal call that function, however.
svn path=/trunk/; revision=4484
Guy Harris