git.samba.org - obnox/wireshark/wip.git/log

- add INFO column stuff using fence.
- change my e-mail address

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7500 f5534014-38df-0310-8fa8-9805f1628bb7

Run strings through "format_text()" before putting them into items in
the protocol tree.

Give SMUX filterable fields for the version and PDU type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7499 f5534014-38df-0310-8fa8-9805f1628bb7

The first element in a fragment list isn't a fragment, it's a special
entry for the reassembled packet; don't look at it when checking to see
if we've already seen a fragment (its "frame" field isn't initialized,
so we shouldn't check it in any case).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7498 f5534014-38df-0310-8fa8-9805f1628bb7

Squelch a compiler warning.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7497 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7496 f5534014-38df-0310-8fa8-9805f1628bb7

From Thierry Andry: more filterable fields in SNMP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7495 f5534014-38df-0310-8fa8-9805f1628bb7

Show metrics in ARP and RTP as ticks and seconds.

An RTP information type of 0 is an update.

The compatibility flags are a bunch of flag bits; show them as such.

Fix some bitfield strings.

Sequence numbers in RTP are 4 bytes, not 2 bytes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7494 f5534014-38df-0310-8fa8-9805f1628bb7

Add some comments about the 0x10 bit in the Flags field of an NTcreate&X.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7493 f5534014-38df-0310-8fa8-9805f1628bb7

0x06 appears to be an opcode for VRTP redirects.

SRTP requests don't look the way the stuff I found appears to say they
look.

Fix some incorrect uses of "tvb_get_ntohl()" to fetch 16-bit values to
use "tvb_get_ntohs()" instead.

Fix some strings for flag bits.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7492 f5534014-38df-0310-8fa8-9805f1628bb7

Dissect non-sequenced RTP and ARP, and dissect more of sequenced RTP.

Add Vines Echo.

Add some additional class values.

Use the length field in the Vines IP header to set the length of the
packet.

Adjust the byte order of all multi-byte integer fields in the IPC and
SPP headers.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7491 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a problem where the RPC tap would not be called
if the PDU was short.

This was most noticeable in NFS Read Replies not generating tap events and
thus NFS RTT statistics did not count the Read procedure.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7490 f5534014-38df-0310-8fa8-9805f1628bb7

Update the ip fragment reassembly so that the subdissector is only
called from the frame where the ip packet was reassembled instead of from each fragment.

For fragments, put [Reassembled in #xx] in the summary pane so it is easy
to see which fragments are successfully reassembled and which are not.

For fragments, add a "This fragment is reassembled in:xx" to the tree
pane so and make it FT_FRAMENUM so it is easy to jump top the reassembled ip packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7489 f5534014-38df-0310-8fa8-9805f1628bb7

From Stephen Shelley: in the NSIS installer build, use the NET_SNMP_DIR
definition in config.nmake, rather than force the builder to update the
NSIS config file by hand.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7488 f5534014-38df-0310-8fa8-9805f1628bb7

From Stephen Shelley: remove a TODO comment that describes stuff that's
been done.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7487 f5534014-38df-0310-8fa8-9805f1628bb7

In Vines ARP Assignment Response packets, put the address being assigned
in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7486 f5534014-38df-0310-8fa8-9805f1628bb7

Handle non-SNAP LLC Vines packets as such when capturing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7485 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for Vines ICP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7484 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for VINES SRTP (and a stub dissector for RTP).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7483 f5534014-38df-0310-8fa8-9805f1628bb7

Add VINES ARP support.

Shuffle the routines for subprotocols of VINES ARP into numerical order
by protocol number.

The 32-bit net/16-bit subnet fields in the VINES IP header structure
doesn't work, as the net has to be aligned on a 32-bit boundary; replace
it with a 6-byte address field.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7482 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for Vines IPC.

Dissect the transport control field differently for broadcast packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7481 f5534014-38df-0310-8fa8-9805f1628bb7

Add a heuristic dissector table to Vines SPP, use it for dissecting SPP
data packets, and register the SMB dissector with it.

Dissect the Control field of SPP packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7480 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for VINES-over-802.2 LLC.

Show the meaning of most of the bits in the transport control field.

Show lengths, windows, sequence numbers, and the like in decimal (that's
how Sniffer Pro shows them).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7479 f5534014-38df-0310-8fa8-9805f1628bb7

Add a small extra check in fragment_add() to make it idempotent.

This solves a problem introduced by the recent rewrite of dcerpc-over-smb
reassembly which caused the last fragment for each dcerpc pdu to be duplicated and flagged as overlapping fragment.

This

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7478 f5534014-38df-0310-8fa8-9805f1628bb7

Regularize the Protocol column setting and protocol names, and put the
SPP packet type in the Info column rather than the Protocol column.

Give the Vines protocol number field a value_string table.

Nobody asks for the Vines IP dissector by name, so it doesn't have to be
registered by name.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7477 f5534014-38df-0310-8fa8-9805f1628bb7

Update a URL, and note that the Open Group publications are now
available for free download.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7476 f5534014-38df-0310-8fa8-9805f1628bb7

Use "tvb_ensure_length_remaining()" when checking how much data there is
in the packet when doing reassembly checks, as is done in other places
where we do TCP segment reassembly.

The return value of "tvb_reported_length_remaining()" can be negative -
it's a "gint"; assign it to a "gint", so that if we go past the end of
the packet in the main loop, we break out of that loop (and do so
elsewhere, just for cleanliness' sake).

Get rid the check in the loop to make sure we make no more than 20
iterations - all the routines that parse packets should either advance
the offset by at least one byte or return a "desegmentation required"
indication; the former means we make progress and eventually exit the
loop, the latter means we immediately exit the loop.

Use "int" variables, not "guint" variables, for packet offsets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7475 f5534014-38df-0310-8fa8-9805f1628bb7

Support SMB as one of the protocols that can run over OSI COTP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7474 f5534014-38df-0310-8fa8-9805f1628bb7

When processing the device identification page of vital product data,
check, for each item, when it's past the end of the page before putting
it into the protocol tree, and advance the offset through the page as we
do so.

If the identifier codeset is ASCII, display the item as text rather than
as binary data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7473 f5534014-38df-0310-8fa8-9805f1628bb7

From Olivier Biot: add more (WB)XML DTDs from WINA.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7472 f5534014-38df-0310-8fa8-9805f1628bb7

Update packet-ip.c to print the identification number in decimal as well as hexadecimal to make it easier to crossreference packets between output from other sniffers that display it in DEC instead of HEX.

Since this value has no human readable meaning it should be displayed in HEX only but make ethereal also display the "wrong" base to enhance human compatibility.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7471 f5534014-38df-0310-8fa8-9805f1628bb7

Register RPC as dissector for both TCP and UDP port 111 which is used by ONC-RPC/PORTMAPPER

The reason for doing this is to allow a user to pick RPC as a protocol offered
by DecodeAs...

Why:
If ethereal has tcp-reseembly enabled, the heuristic dissector for rpc will not even attempt to find RPC packets.
If no PORTMAPPER/GETPORT are available either in the capture there is
currently no way for ethereal to know/learn that the conversation is ONC-RPC.
This at least will allow users to manually tell ethereal that such a conversation is ONC-RPC.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7470 f5534014-38df-0310-8fa8-9805f1628bb7

From Lars Roland:

Add Response-Time statistics for each known mgcp message-type.

Fix a few bugs and remove trailing whitespace.

Use "gdouble" for printing time-values and calculating the
average. It is easier to use and shouldn't overflow on big
trace files like "guint32".

Move some functions for time statistics into the new file
timestats.c in the main directory. This code may be useful in
the rpc and smb rtt-taps as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7469 f5534014-38df-0310-8fa8-9805f1628bb7

From Stephen Shelley: full payload dissection of compliance levels 0, 1
and 2 function codes for Modbus/TCP, plus some bug fixes.

Use value_string tables to map function codes and exception codes to
strings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7468 f5534014-38df-0310-8fa8-9805f1628bb7

Pull the stuff done in "dissect_packet()" to initialize a column_info
structure into its own routine; rename "col_init()" to "col_setup()",
and call the new routine "col_init()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7467 f5534014-38df-0310-8fa8-9805f1628bb7

Add the notion of a "fence" to columns. A dissector can set the fence
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7466 f5534014-38df-0310-8fa8-9805f1628bb7

Don't format a string into a buffer with "snprintf()" and then use
"col_add_str()" to put it in the Info column, do the formatting with
"col_add_fstr()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7465 f5534014-38df-0310-8fa8-9805f1628bb7

Have separate fields for the COTP and CLTP PDU types.

Don't use "proto_tree_add_uint_format()" for the source and destination
reference fields, use "proto_tree_add_uint()". Rename the field to make
that work.

Shuffle some stuff around to clean it up.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7464 f5534014-38df-0310-8fa8-9805f1628bb7

From Laurent Meyer: add filterable fields to COTP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7463 f5534014-38df-0310-8fa8-9805f1628bb7

Put in a comment noting that the reassembly code assumes subdissectors
are idempotent, which isn't necessarily the case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7462 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting a SYSTEM_TIME, include the milliseconds in the top-level
summary item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7461 f5534014-38df-0310-8fa8-9805f1628bb7

Don't put "[DCE/RPC fragment]" into the Info column if the packet isn't
fragmented.

"PFC_NOT_FRAGMENTED()" is checked early in "dissect_dcerpc_cn_stub()";
there's no need to check it again in either of the code paths after
that, as we know it's true in the first code path and false in the second.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7460 f5534014-38df-0310-8fa8-9805f1628bb7

From Didier Gautheron: more getserverinfo decoding.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7459 f5534014-38df-0310-8fa8-9805f1628bb7

From Devin Heitmueller: dissect the "List" subtype in the Server Stored
List (SSI) family.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7458 f5534014-38df-0310-8fa8-9805f1628bb7

Keep the two sides of a pipe separate when doing DCERPC-over-a-pipe
reassembly. (Perhaps we *shouldn't* see reassembly in progress in both
directions, if the protocol is purely request/response, but that doesn't
mean you won't see it in a capture, due to bugs or dropped packets
or....)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7457 f5534014-38df-0310-8fa8-9805f1628bb7

From Anders Broman: dissect user-to-user IEs in ISUP messages as Q.931
UU IE's.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7456 f5534014-38df-0310-8fa8-9805f1628bb7

Add a new routine "dissect_file_data_maybe_dcerpc()" to handle file
read/write data that might, or might not, be DCE RPC information on a
pipe, and use that routine rather than duplicating similar code in
multiple places.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7455 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up some comments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7454 f5534014-38df-0310-8fa8-9805f1628bb7

Reassembly of DCE/RPC fragments for Request packets was slightly broken.

Fixed this and rewrote the fragment reassembly routine to make it
cleaner and hopefully easier to read.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7453 f5534014-38df-0310-8fa8-9805f1628bb7

The two extra bytes in the write_andx request is only present if both
the MEssageStart and the Raw bits are set.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7452 f5534014-38df-0310-8fa8-9805f1628bb7

Don't show a string for datastream types other than the ones known to
SPX.

For the datastream types known to SPX, display it in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7451 f5534014-38df-0310-8fa8-9805f1628bb7

Use symbolic names for the various write mode bits.

To test whether a single bit is set, just do "if (mode&bit)", not
"if ((mode&bit)==bit)".

In the places where read and write data is processed, have both a
comment indicating that it's file data and that you can transport DCERPC
over SMB just with reads and writes, to indicate why we may call the
DCERPC-over-a-pipe dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7450 f5534014-38df-0310-8fa8-9805f1628bb7

"dcerpc_fragment_table" is used only in packet-smb-pipe.c, except for
the call to initialize it; move the call to initialize it to the
registration routine for the dissector that uses it, move the definition
of ""dcerpc_fragment_table" to packet-smb-pipe.c, make it static, and
remove the declaration of it from smb.h.

Add some casts to squelch compiler complaints.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7449 f5534014-38df-0310-8fa8-9805f1628bb7

Update FAQ to April 10th

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7448 f5534014-38df-0310-8fa8-9805f1628bb7

make-manuf:
Don't print Cavebear skipped - it makes the output unusable.
manuf.tmpl:
Remove entries that overwrite identical or similar results from IEEE
manuf:
Rebuild to reflect the changes in manuf.tmpl and add some new IEEE
entries.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7447 f5534014-38df-0310-8fa8-9805f1628bb7

Missing file from previous commit

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7446 f5534014-38df-0310-8fa8-9805f1628bb7

Rewrite the DCERPC over SMB reassembly completely.

Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.

Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.

This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7445 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: don't put stuff in the Info column if a subdissector
is called, so that we don't get a mix of M3UA and subdissector stuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7444 f5534014-38df-0310-8fa8-9805f1628bb7

Some packets (the ones I've seen have a datastream type of
"End-of-Connection Acknolwedgment") have none of the connection control
bits set; describe them as "Data, No Ack Required" rather than
"Unknown".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7443 f5534014-38df-0310-8fa8-9805f1628bb7

An SPX packet is not a retransmission of an earlier packet unless the
two packets have the same sequence number; use the sequence number in
the hash key.

The sequence number is not incremented for system packets, and system
packets probably don't get ACKed and thus presumably don't get
retransmitted, so don't do retransmission checks for system packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7442 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7441 f5534014-38df-0310-8fa8-9805f1628bb7

You can't put an FT_FRAMENUM into the tree with a length of -1, so, for
a retransmitted SPX frame, just put the number of the original frame in
as an item not referring to any data (offset and length of 0), and, if
there is any remaining data, put it into the tree as a separate item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7440 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: rather than re-initializing the Info column with each
PDU, just append the message type acronym to the column, so you can see
the message types for all the messages in the frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7439 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: add support for the Chinese ITU variant of SS7.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7438 f5534014-38df-0310-8fa8-9805f1628bb7

From Anders Broman: decode ISUP element User service info as Q.931
Bearer capability.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7437 f5534014-38df-0310-8fa8-9805f1628bb7

The NT Security Descriptor revision field is only one byte, not two.

Make the dissector decode the first two bytes of the security descriptor as
one byte for the revision and the second byte as nothing/should be zero.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7436 f5534014-38df-0310-8fa8-9805f1628bb7

Some COL_INFO goodies for SpoolssWritePrinter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7435 f5534014-38df-0310-8fa8-9805f1628bb7

From David Frascone: use a string constant rather than a global variable
for the full name of the Diameter protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7434 f5534014-38df-0310-8fa8-9805f1628bb7

Make the individual flag bits in the Connection Control field of the SPX
header be filterable fields.

Don't hand retransmitted SPX frames to subdissectors - just show the
payload as a retransmission of the original frame.

Instead of handing a retransmission indicator to SPX subdissectors, hand
them a structure containing the datastream type (under the assumption
that it's data for the protocol running atop SPX, and that the dissector
for that protocol might use it) and the state of the end-of-message bit
(under the assumption that it's data for the protocol running atop SPX).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7433 f5534014-38df-0310-8fa8-9805f1628bb7

Instead of using passing the SPX hash value to subdissectors, attach to
frames that are retransmissions a data structure containing the frame
number of the original frame, and pass that to subdissectors (or, if not
present, pass NULL).

That means we can free the hash values when we're done with the first
pass through the packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7432 f5534014-38df-0310-8fa8-9805f1628bb7

Update for NSIS 2.0

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7431 f5534014-38df-0310-8fa8-9805f1628bb7

Squelch a compiler warning - the problem "should not happen", as a
WriteAndX request should have a full complement of word parameters, but,
just in cast it doesn't....

(Should we somehow arrange to throw an exception if there aren't enough
word or byte parameters in SMBs, i.e. impose a minimum in some cases?)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7430 f5534014-38df-0310-8fa8-9805f1628bb7

From Tom Uijldert: properly decode the packet sequence number in WTP
Negative Ack packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7429 f5534014-38df-0310-8fa8-9805f1628bb7

Update to WriteAndX request decoding so it can handle the pipe bits properly.

If both mode bits MessageStart and WriteRaw are set, then the first two bytes of the byte-field is the total length of the data written to the pipe.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7428 f5534014-38df-0310-8fa8-9805f1628bb7

Added new field reassembled_in to the fragment data structure.

This field gets set to the frame number when this pdu was first completely reassembled.

This is useful since it will allow us to do reassembly properly in say packet-ip.c
instead of printing the full pdu for every fragment and thus making NFSoverUDP rpc-rtt statistics less than useful.

A dissector using fragment_add() can tehn choose to only dissect the reassembled PDU only for the frame where it was first reassembled.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7427 f5534014-38df-0310-8fa8-9805f1628bb7

Fix some spelling/punctuation/capitalization/etc. errors.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7426 f5534014-38df-0310-8fa8-9805f1628bb7

Don't create a protocol tree or do anything to the columns before
calling "tcp_dissect_pdus()", so that if we don't have the final segment
of a multi-segment packet, we don't change the columns or put in an
empty protocol tree item for NDPS.

Rename "ndps.desegment_ndps" to "ndps.desegment_tcp" - the "ndps." is
sufficient to indicate that it's for desegmenting NDPS, but we now have
a flag for desegmenting NDPS-over-SPX, so we should indicate that the
other flag is for desegmenting NDPS-over-TCP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7425 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up the handling of the completion code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7424 f5534014-38df-0310-8fa8-9805f1628bb7

Add "proto_tree_add_none_format()" to the set of functions exported to
plugins.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7423 f5534014-38df-0310-8fa8-9805f1628bb7

make-manuf:
Sometimes printed a \n too much
manuf.tmpl:
Remove most manual Mappings to Cisco because that's what gets used
anyway (all except Racal and Newpoint)
manuf:
Update to represent changes in make-manuf, manuf.tmpl and IEEE

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7422 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting a reply, don't put the frame number of the corresponding
request into the protocol tree if we haven't seen the request.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7421 f5534014-38df-0310-8fa8-9805f1628bb7

"ndps_req_hash_cleanup()" doesn't need to do anything (the data
structure it frees has no pointers to anything), so eliminate it.

The XID argument to "dissect_ndps_request()" isn't used, so eliminate
it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7420 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of unused "ddp_dissector_table" variable.

For replies, correctly put the frame number of the corresponding request
into the protocol tree; don't put it in as if it were the XID. That
means we don't need to pass the XID as an argument to
"dissect_ndps_reply()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7419 f5534014-38df-0310-8fa8-9805f1628bb7

Move the definition of the structure constructed for each SPX
transmission (and shared by all retransmissions), and passed to SPX
subdissectors, to "packet-ipx.h", and use the same structure in the SPX
dissector and the NDPS dissector.

Set up conversations and those structures without checking whether we've
seen the packet before or not; just check whether we find the
conversation before creating a new one, and check whether we find a
structure for the packet before creating a new one. Pass it to the
subdissector regardless of whether we've seen the packet before or not,
and check it in the NDPS dissector regardless of whether we've seen it
before or not.

Don't store a "retransmission" flag in the structure - the initial
transmission and the retransmissions all share a single data structure,
but they don't all have the same value for the "retransmission" flag,
and you can tell whether a packet is a retransmission or not by
comparing its frame number with the frame number from the structure; if
they're different, it's a retransmission.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7418 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, add defragmentation
support, fix various bugs, and finish up the NDPS decodes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7417 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, fix the handling
of the completion code, and tweak the description of continuation
fragments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7416 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7415 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, and flag SPX
retransmissions in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7414 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7413 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: level 2 oplock support, add additional error codes,
fix the "Delete a File or Subdirectory" item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7412 f5534014-38df-0310-8fa8-9805f1628bb7

Update to reflect the fact that you *HAVE* to have a Windows version of
Flex in order to build Ethereal, as the UNIX version generates files
that unconditionally include <unistd.h> and thus don't build on Windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7411 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of the other Flex output files, so that they get rebuilt on
Windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7410 f5534014-38df-0310-8fa8-9805f1628bb7

Choosing the lower-numbered socket in an IPX packet as the first one to
try as a port number doesn't always give the right answer, as you might
have a name query packet from an SMB-over-IPX server, meaning it's from
IPX_SOCKET_NWLINK_SMB_SERVER to IPX_SOCKET_NWLINK_SMB_NAMEQUERY, and,
unfortunately, IPX_SOCKET_NWLINK_SMB_SERVER is less than
IPX_SOCKET_NWLINK_SMB_NAMEQUERY and it'll now be dissected as an SMB
packet rather than an NMPI name query packet.

So if the higher-numbered socket is IPX_SOCKET_NWLINK_SMB_NAMEQUERY, we
just try that, we don't try the other port.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7409 f5534014-38df-0310-8fa8-9805f1628bb7

From emre: add a "Filter out this stream" button to the "Follow TCP
Stream" window, which adds "and !(<filter for the stream>)" to the
display filter in effect before the stream was followed, removing that
stream from the display.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7408 f5534014-38df-0310-8fa8-9805f1628bb7

Add a dissector for the IPX WAN protocol. "IPX WAN 2" is just some
compatible additions to the RFC 1362 IPX WAN protocol, so call it "IPX
WAN", not "IPX WAN 2".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7407 f5534014-38df-0310-8fa8-9805f1628bb7

We use nothing from "nlpid.h", so we don't need to include it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7406 f5534014-38df-0310-8fa8-9805f1628bb7

Separate the scan for the BGP header from the scan through the BGP
packets, and mark any stuff before the first BGP header as continuation
data.

Make the main loop for dissecting the BGP packets similar to the loop in
"tcp_dissect_pdus()" (if "tcp_dissect_pdus()" took a starting offset as
an argument, we could use it), so that it handles a BGP header split
between TCP segments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7405 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up white space.

Don't include "packet-smb-common.h", as there's nothing in it we use.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7404 f5534014-38df-0310-8fa8-9805f1628bb7

Add some additional fields to SMB-over-IPX dissection, as per what
NetMon 2.x does.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7403 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for SMB-over-IPX.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7402 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting specific rights, pass a name string down so the
proto item says "foo specific rights" instead of just "specific
rights".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7401 f5534014-38df-0310-8fa8-9805f1628bb7