| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=2320
|
|
svn path=/trunk/; revision=2319
|
|
finished ...
The SMTP dissection is a good start, but does not handle the message
body at all ...
On to that next.
svn path=/trunk/; revision=2302
|
|
SCTP ports in "col_set_port()", and add a "get_sctp_port()" routine to
resolve SCTP port numbers to services.
Also, make the "get_XXX_port()" routines format the port number as an
unsigned integer, rather than a signed integer, if the service name for
the port isn't found (the port number passed in is unsigned).
svn path=/trunk/; revision=2295
|
|
supplied in the "p_add_proto_data()" call that created the entry, not
the pointer to the data structure that holds the protocol and data
arguments to "p_add_proto_data()" (the protocol is uninteresting, as
its value is the value supplied as the "proto" argument to
"p_get_proto_data()".
The "frame_proto_data" structure isn't needed outside the code that
handles it; remove its definition from "packet.h" and put it in
"packet.c".
svn path=/trunk/; revision=2260
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
|
|
Move max_len settings in various col_* functions outside of loop.
Add 'writable' flag to col_info. check_col() honors its. dissect_packet()
sets it as TRUE. dissect_ah() optionally sets it to FALSE.
Add col_set_writable() function to set the 'writable' flag. Accepts
frame_data arg just like the rest of the column functions. It checks to
make sure fd->cinfo is not NULL.
svn path=/trunk/; revision=2125
|
|
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
|
|
a particular type, rather than taking a varargs list, along the lines of
the "proto_tree_add_XXX_format()" routines.
Replace most calls to "proto_tree_add_item()" and
"proto_tree_add_item_hidden()" with calls to those routines.
Rename "proto_tree_add_item()" and "proto_tree_add_item_hidden()" to
"proto_tree_add_item_old()" and "proto_tree_add_item_hidden_old()", and
add new "proto_tree_add_item()" and "proto_tree_add_item_hidden()"
routines that don't take the item to be added as an argument - instead,
they fetch the argument from the packet whose tvbuff was handed to them,
from the offset handed to them.
svn path=/trunk/; revision=2031
|
|
too.
svn path=/trunk/; revision=2030
|
|
(i.e., the amount of data that was in the packet, even if not all of it
was captured), for use when dissecting packets containing data that
fills the packet (we want the dissector to try to dissect all of it; if
it runs past the end of the captured data, we want it to throw an
exception so that we'll put a "Short Frame" note in the protocol tree).
This means we always want a tvbuff to have a real reported length value,
so we make it an unsigned integer, and don't bother checking it for -1,
as it should never be -1.
If the reported length passed in to "tvb_set_subset()" is -1, set the
reported length to the reported length of the tvbuff of which the new
tvbuff will be a subset minus the offset in that tvbuff of the subset,
so that "-1" means "what's left of the packet after we chop off the
header". This is necessary in order to ensure that all tvbuffs have a
real reported length value.
Have "dissect_packet()" set the reported length of the top-level tvbuff
to the reported length of the frame, so that we start out with a tvbuff
with a real reported length value.
Have "tvb_offset_exists()" return FALSE if the offset is past the end of
the tvbuff.
If the offset passed to it is postitive, have "compute_offset_length()"
check for that it's not more than one byte past the end of the tvbuff -
if it's just past the end, we don't want the check to fail, as we don't
want attempts to create a subset tvbuff containing zero bytes to fail;
that would be done if a captured packet was all header and no payload,
and we'd want the dissector of the payload, not the dissector of the
header, to throw an exception, as the problem isn't with the protocol
for the header, it's with the protocol for the payload.
Convert the ATM dissector, the SSCOP dissector, the Q.2931 dissector,
and the Q.931 dissector to use tvbuffs.
Make the LAPD dissector set up a tvbuff for the Q.931 dissector (it's
not converted yet).
svn path=/trunk/; revision=2023
|
|
svn path=/trunk/; revision=2003
|
|
packet_info struct.
svn path=/trunk/; revision=2001
|
|
(the ip_tcp_options stuff is still non-tvbuff until I convert ip and tcp).
Add preliminary fix for Linux ISDN ippp devices (similar watch was posted
to ethereal-users, but did not use tvbuffs).
Change packet-raw.c to call capture_ppp()/dissect_ppp() in the case
where the frame starts with FF:03. We had been calling
capture_ip()/dissect_ip() at byte offset 4, but I think this is for
historical reasons of packet-raw.c and packet-ip.c existing before
packet-ppp.c.
svn path=/trunk/; revision=1998
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
|
|
svn path=/trunk/; revision=1987
|
|
Convert ethertype() and dissect_null() to use tvbuff.
svn path=/trunk/; revision=1979
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
Note in AUTHORS file that we use the exception module from kazlib.
svn path=/trunk/; revision=1966
|
|
in tvbuff terminology). This is implemented for TVBUFF_REAL and TVBUFF_SUBSET
so far; support for TVBUFF_COMPOSITE is coming soon.
Throw either ReportedBoundsError or BoundsError.
A ReportedBoundsError is reported as "Malformed Frame" since the protocol
stated that a certain number of bytes should be available but they weren't.
A BoundsError is reported as a "Short Frame" since the snaplen was too short.
Register proto_short (BoundsError) and proto_malformed (ReportedBounds)
so searches can be made on "short" and "malformed".
svn path=/trunk/; revision=1965
|
|
Modify ethernet dissector to catch BoundsError if the attempt to
create next_tvb with the length specified in the ethernet header throws
an exception. In that case, next_tv is created with as many bytes as
are available in the frame.
Both dissect_tr() and dissect_eth() now have TRY blocks, which means
I had to fiddle with 'volatile' and 'static' storage options to get
things right (at least according to gcc).
svn path=/trunk/; revision=1962
|
|
Non-tvbuff dissectors create a tvbuff when calling dissect_llc()
Changed name of current_proto to match string in COL_PROTO ("FDDI" instead of "fddi")
Changed short text to be: [Short Frame: %s] where %s is current_proto.
svn path=/trunk/; revision=1943
|
|
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.
dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.
The FDDI dissector is converted to use tvbuff's.
svn path=/trunk/; revision=1939
|
|
register lists of "heuristic" dissectors, which are handed a
frame that may or may contain a payload for the protocol they
dissect, and that return FALSE if it's not or dissect the packet
and return TRUE if it is;
add a dissector to such a list;
go through such a list, calling each dissector until either a
dissector returns TRUE, in which case the routine returns TRUE,
or it runs out of entries in the list, in which case the routine
returns FALSE.
Have lists of heuristic dissectors for TCP and for COTP when used with
the Inactive Subset of CLNP, and add the GIOP and Yahoo Messenger
dissectors to the first list and the Sinec H1 dissector to the second
list.
Make the dissector name argument to "dissector_add()" and
"dissector_delete()" a "const char *" rarther than just a "char *".
Add "heur_dissector_add()", the routine to add a heuristic dissector to
a list of heuristic dissectors, to the set of routines we can export to
plugins through a table on platforms where dynamically-loaded code can't
call stuff in the main program, and initialize the element in the table
in question for "dissector_add()" (which we'd forgotten to do).
svn path=/trunk/; revision=1909
|
|
A/C PPP fields.
Get rid of spurious printf() in packet.c.
svn path=/trunk/; revision=1880
|
|
svn path=/trunk/; revision=1866
|
|
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
svn path=/trunk/; revision=1850
|
|
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
|
|
svn path=/trunk/; revision=1793
|
|
"dissect_init()" and "dissect_cleanup()", in "packet.c", so that we
don't duplicate those routines in Ethereal and Tethereal (and so on),
and don't have to remember to update N different versions of them if we
have to change the way we do one-time initialization and cleanup.
svn path=/trunk/; revision=1790
|
|
pd/offset/fd/tree arguments, looks up the port number in the dissector
table, and:
if it finds it, call the corresponding dissector routine with
the pd/offset/fd/tree arguments, and return TRUE;
if it doesn't find it, return FALSE.
Use that in the TCP and UDP dissectors.
Don't add arbitrary UDP ports for which a dissector is found in the
table as ports that should be dissected as TFTP; this should only be
done if we find a packet going from port XXX to the official TFTP port.
Don't register TFTP in UDP's dissector table, as it has to be handled
specially (i.e., we have to add the source port as a TFTP port, although
we really should register the source port *and* IP address); eventually,
we should move that registration to the TFTP dissector itself, at which
point we can register TFTP normally.
svn path=/trunk/; revision=1785
|
|
all the other public functions in proto.c start with "proto_".
svn path=/trunk/; revision=1783
|
|
field, to allow dissectors to register their dissection routine in a
particular field's hash table with a particular "port" value, and to
make the TCP and UDP dissectors support that for their "port" field and
to look up ports in that hash table.
This replaces the hash table that the UDP dissector was using.
There's still more work needed to make this useful - right now, the hash
tables are attached to the protocol field in the register routines for
the TCP and UDP protocols, which means that the register routines for
protocols that run atop TCP and UDP can't use this unless their register
routines happen to be called after those for TCP and/or UDP, and several
other protocols need to attach hash tables to fields, and there's no
single global field for Ethernet types so we can't even attach a hash
table to such a field to allow protocols to register themselves with a
particular Ethertype - but it's a start.
svn path=/trunk/; revision=1779
|
|
Change GRE dissector to call dissect_ppp() instead of dissect_payload_ppp().
svn path=/trunk/; revision=1753
|
|
the glib equivalents ...
svn path=/trunk/; revision=1750
|
|
Use glib as far as possible. Currently have data structures and routines
defined ... Next will write the routines ...
svn path=/trunk/; revision=1748
|
|
handle data (snoop does this, and it's somewhat convenient if you're
trying to see whether, say, an ACCESS call is acting on the file whose
file handle you got back from a previous MOUNT request).
Boost the maximum number of bytes worth of hex data shown by
"bytes_to_str()" from 10 to 16, so that we can show the file handle 16
bytes per line (as snoop does).
svn path=/trunk/; revision=1744
|
|
proto_tree_add_protocol_format()
proto_tree_add_uint_format()
proto_tree_add_ipxnet_format()
proto_tree_add_ipv4_format()
proto_tree_add_ipv6_format()
proto_tree_add_bytes_format()
proto_tree_add_string_format()
proto_tree_add_ether_format()
proto_tree_add_time_format()
proto_tree_add_double_format()
proto_tree_add_boolean_format()
If using GCC 2.x, we can check the print-format against the variable args
passed in. Regardless of compiler, we can now check at run-time that the
field type passed into the function corresponds to what that function
expects (FT_UINT, FT_BOOLEAN, etc.)
Note that proto_tree_add_protocol_format() does not require a value field,
since the value of a protocol is always NULL. It's more intuitive w/o the
vestigial argument.
Fixed a proto_tree_add_item_format-related bug in packet-isis-hello.c
Fixed a variable usage bug in packet-v120.c. (ett_* was used instead of hf_*)
Checked in Guy's fix for the function declearation for proto_tree_add_text()
and proto_tree_add_notext().
svn path=/trunk/; revision=1713
|
|
This change allows you to add a new packet-*.c file and not cause a
recompilation of everything that #include's packet.h
Add the plugin_api.[ch] files ot the plugins/Makefile.am packaging list.
Add #define YY_NO_UNPUT 1 to the lex source so that the yyunput symbol
is not defined, squelching a compiler complaint when compiling the generated
C file.
svn path=/trunk/; revision=1637
|
|
Added lots of #ifdef HAVE_*_H wrappers.
Added some #defines in config.h.win32
Check for more headers in configure.in
Added prototype for inet_aton() in inet_v6defs.h.
Changed "BYTE" token (i.e., #define) in ascend-gramamr.y because it
conflicts with a windows definition. Use HEXBYTE instead.
svn path=/trunk/; revision=1448
|
|
frame.
svn path=/trunk/; revision=1389
|
|
"file.c" to "packet.c"; it's not really related to file access (or to
manipulating the packet list as a whole, which much of the stuff in
"file.c" is really for), but is more related to analyzing packets, and
moving it to "packet.c" lets me build an experimental "line-mode" flavor
of Ethereal (based on Gilbert's "tethereal" experiment) - "line-mode"
means "like tcpdump or snoop" - without having to drag in "file.c" and a
pile of GUI stuff.
svn path=/trunk/; revision=1388
|
|
and V.120 decoder.
svn path=/trunk/; revision=1304
|
|
In packet_hex_print(), compute (bstart + blen) only once.
In time_secs_to_str(), return a meaningful string when time == 0, instead
of returing pointer to char buffer with old, inappropriate data in it.
svn path=/trunk/; revision=1297
|
|
the "..." added if a string is too long.
svn path=/trunk/; revision=1177
|
|
requests, as described in RFC 2225; they do *not* have the same format
as regular ARP requests, so dissect them differently.
Inverse ARP is also used on ATM, so add the Inverse ARP request and
reply message types. (It's also used with other protocols, e.g. Frame
Relay.)
Handle zero-length addresses (meaning the address is absent).
They can have up to 6 different address fields, so make "bytes_to_str()"
have six static buffers in which it can return strings.
svn path=/trunk/; revision=1123
|
|
(in the src/dst of the CList). In order to do this, I had to:
1. Add a new function, ether_to_str_punct(const guint8*, char) which
turns a 6-byt ether address into a string, using whatever punctuation
is passed as the char. If a null char is passed, no separator
is put between the hex digits. Unresolved IPX addresses look better
with the ether portion having no punctuation (IMHO)
2. Changed ether_to_str() to call ether_to_str_punct with ':' as the char
argument. That is, code abstraction.
3. MAXNAMELEN was moved from resolv.c to resolv.h so that packet-ipx.c
could see it.
4. A new resolve function, get_ether_name_if_known(), returns the resolved name
of an ether address, or NULL if there is none. This differs
from get_ether_name() by returning NULL rather than a text version
of the ether address.
svn path=/trunk/; revision=1076
|
|
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
svn path=/trunk/; revision=1050
|
|
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
svn path=/trunk/; revision=1043
|
