The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
In one case, define our own size for a string buffer
(instead of using a magic constant 'BUFSIZ');
In a few cases: do some whitespace, indentation & reformatting cleanup.
svn path=/trunk/; revision=42634
Stop decoding the packed immediately after the credentials so that we dont incorrectly flag these packets as malformed.
svn path=/trunk/; revision=41817
Add traking of when GSS authentication contexts are created and when they are destroyed
so that it is easy to "click on created in link" in a SecNFS packet to get to where the kerberos blob for authentication is
Add context created in/destroyed in to the decode so you can quickly jump to where the authantiation happened to check the decrypted krb5 credentials
svn path=/trunk/; revision=41813
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
NULL-return check.
Use val_to_str_const instead of val_to_str() in a couple places where the string
is constant.
Use val_to_str() instead of blindly passing the return value from match_strval()
into a format routine (to ensure a non-NULL string pointer). A couple of these
were cases where it could not actually return NULL, but I changed it for
consistency.
Store the return value of match_strval() rather than calling it repeatedly.
svn path=/trunk/; revision=37204
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
From me: Apply Mark's fix to the ident string. Add public #defines for
the special strings that dissect_rpc_* might return and use them in
PCNFSD. Replace a manual buffer allocation with ep_strdup_printf.
svn path=/trunk/; revision=28128