Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
I think I've changed all corresponding appearances from FT_STRING to FT_GUID, so assert the FT_ type as it should only be a FT_GUID now.
Add a generic implementation in guid_utils.h to have a way to store data about GUID to name resolving (something like value_string for e.g. int). It might be better to have a single registry for all GUID's of all dissectors and implement the GUID name resolving into the proto_tree_add... functions.
svn path=/trunk/; revision=18935
FT_UINT_BYTES and FT_UINT_STRING correctly when the tree argument is
null (which involves carving proto_tree_add_item() into bits and having
both ptvcursor_add() and proto_tree_add_item() call those bits).
svn path=/trunk/; revision=16287
04-stream.diff
A simplified packet reassembly API built on top of fragment_add_seq_next for
reassembling fragments that are delivered in-order, where fragments are
identified by a framenum and an offset into that frame. Streams are attached
to a conversation or a circuit and are unidirectional.
svn path=/trunk/; revision=16082
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
Among the improvements are:
- fixes to call-tracking (it's now less likely to confuse two separate
calls, for instance)
- improvements to Information Element dissection (clearer dissection,
dissects more IE types, easier to extend)
- you can now filter on the content of DTMF packets
- Analysis of timestamps (calculation of absolute timestamp, and packet
lateness).
- fixed a couple of assertion failures in subtle corner-cases.
negative relative times:
- get_timedelta()
- addtime()
- ftype-time.c:relative_val_from_unparsed()
I've also moved get_timedelta() and addtime() out of calldata.c into a
new file, epan/nstime.c, as I needed to use them in a dissector I'm
working on (and they therefore needed to go into libethereal).
svn path=/trunk/; revision=15201
This offesr memory allocation with a packet scope making memory leaks less likely and memory management faster.
Add initialization calls for both tethereal and ethereal.
Convert the ip_to_str() function to use this and avoid doing the silly rotating buffers thing it previously did.
We also need an equivalent set of functions for allocation with capture file scope (free when next capture is loaded) but i dont know where to put the free_all call.
svn path=/trunk/; revision=14984
vendor-name-and-next-three-bytes-in-hex) resolution for Ethernet/802.x
hardware addresses.
Move the ARP hardware types into a header file, for use by dissectors
other than the ARP dissector.
svn path=/trunk/; revision=12839
for organizations to an <epan/sminmpec.h> header, and add in the ones
that were used (without #defines) in the Diameter dissector.
Merge the value_string tables for them from the Diameter and Radius
dissectors into epan/sminmpec.c and merge them.
Use that value_string table in the Diameter and Radius dissectors.
Constify some stuff in the Diameter dissector.
svn path=/trunk/; revision=12159
make the source files all include the corresponding header files (so
that the declarations in the headers have to match the definitions in
the source files in order for compilation to succeed).
svn path=/trunk/; revision=12116
really more of an Ethereal/Tethereal component than a libethereal
component (nothing else in libethereal knows about capture files); move
it back out of libethereal. (The range stuff doesn't; we leave it in
libethereal.)
svn path=/trunk/; revision=11898
Anders Broman