SDLC-derived protocols such as HDLC and derivatives of it such as LAPB,
IEEE 802.2 LLC, and so on. Have the LLC and LAPB dissectors use it.
Make "dissect_numeric_bitfield()" put the low-order bit of the bitfield
in the low-order bit of an integer when printing it, so that the right
value is printed.
svn path=/trunk/; revision=436
SDLC-derived protocols such as HDLC and derivatives of it such as LAPB,
IEEE 802.2 LLC, and so on. Have the LLC and LAPB dissectors use it.
Make "dissect_numeric_bitfield()" put the low-order bit of the bitfield
in the low-order bit of an integer when printing it, so that the right
value is printed.
svn path=/trunk/; revision=434
field by itself assumes you are checking for the existence of that protocol
or field.
Changed the format of the list of filterable fields in the man page.
Developers: run "./configure" so that your configure script will re-create
dfilter2pod from the new dfilter2pod.in
svn path=/trunk/; revision=426
the rules allowing values to precede variables in a relation, like this:
192.168.1.1 eq ip.src
More profound changes should still be made to the grammar, though.
svn path=/trunk/; revision=422
call to pcap_dump_open. This allows us to control the readability of the
temporary trace file, and avoid a race condition in which a user could
open the trace file after the pcap_dump_open() call and the subsequent
chmod() call.
Thanks to Jeorg for pointing for pointing out the race condition.
svn path=/trunk/; revision=421
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=419
support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: a
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=417
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
listed in the AUTHORS file. (Arguably, that section - *and* the list of
developers in the "Help/About" box - should be generated from the
AUTHORS file by a script....)
svn path=/trunk/; revision=415
as it standed depends on your lex being flex, but that only matters if you're
a developer. The distribution will include the dfilter-scanner.c file, so
that if the user doesn't modify dfilter-scanner.l, he won't need flex to
re-create the *.c file.
The new lex scanner gives me better syntax checking for ether addresses. I
thought I could get by using GScanner, but it simply wasn't powerful enough.
All operands have English-like abbreviations and C-like syntax:
and, && ; or, || ; eq, == ; ne, != ; , etc.
I removed the ETHER_VENDOR type in favor of letting the user use the [x:y]
notation: ether.src[0:3] == 0:6:29 instead of ether.srcvendor == 00:06:29
I implemented the IPXNET field type; it had been there before, but was
not implemented. I chose to make it use integer values rather than byte
ranges, since an IPX Network is 4 bytes. So a display filter looks like this:
ipx.srcnet == 0xc0a82c00
rather than this:
ipx.srcnet == c0:a8:2c:00
I can supposrt the byte-range type IPXNET in the future, very trivially.
I still have more work to do on the parser though. It needs to check ranges
when extracting byte ranges ([x:y]) from packets. And I need to get rid
of those reduce/reduce errors from yacc!
svn path=/trunk/; revision=414
read the trace. We chmod() after pcap creates the file, but before it actually
writes data there. Thanks to Frederic Peters <fpeters@multimania.com>,
the Debian maintainer of Ethereal, for pointing this out.
svn path=/trunk/; revision=413
- call reset_tcp_reassembly before build_follow_filter
- modify reassemble_tcp so that packet validity is
checked before processing it.
svn path=/trunk/; revision=410
implicitly calls it
- compute the filter in follow_stream_cb since load_cap_file
does not honor the display filter if the dfcode is non already set
- Follow TCP stream is still buggy however (incorrect saved TCP data due
to the fact that dissect_tcp is called even if the filter applies).
svn path=/trunk/; revision=409
string pointer from the result of ip_to_str (statically allocated string).
Use the ip_src and the new field ip_dst in follow.c to build a correct
string display filter.
svn path=/trunk/; revision=408
values (for example, a sequence number in a TCP header should be printed
as an unsigned value; I have a trace in which the uppermost bit of the
sequence number is set...). If we need to be able to handle signed
values, add FT_INT{8,16,32} types.
svn path=/trunk/; revision=406
FT_NONE, so the first argument in the variable-length portion of the
argument list to the "proto_tree_add_item()" or
"proto_tree_add_item_format()" call to add the top-level protocol tree
item for a protocol has to be a null pointer.
svn path=/trunk/; revision=405
- read only the real number of packets that have been written
by the child process. That's avoid incomplete packet read.
- special timeout handling no more necessary and the whole
real time capture and display behavior is much more
satisfying with this patch.
- wiretap modified to allow the reading of 'count' packets
with wtap_loop.
svn path=/trunk/; revision=398
COL_INFO columns resize automatically even during a live
capture;
columns showing network addresses never resize automatically;
other columns resize only when a capture is done;
and make all columns resizeable by hand (once they've resized, for
auto-resizeable columns).
svn path=/trunk/; revision=394
Guy Harris