git.samba.org - obnox/wireshark/wip.git/log

make-manuf:
Don't print Cavebear skipped - it makes the output unusable.
manuf.tmpl:
Remove entries that overwrite identical or similar results from IEEE
manuf:
Rebuild to reflect the changes in manuf.tmpl and add some new IEEE
entries.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7447 f5534014-38df-0310-8fa8-9805f1628bb7

Missing file from previous commit

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7446 f5534014-38df-0310-8fa8-9805f1628bb7

Rewrite the DCERPC over SMB reassembly completely.

Move the actual reassembly to packet-smb-pipe.c instead of having it inside
the packet-smb.b/Write_andX and ReadAndX dissectors.

Change the dissector to only call dcerpc dissector from the packet where
reassembly was completed instead of always from the first fragment.
Add display fiulter field for the other fragments that display which frame the dcerpc pdu was reassembled in.

This is needed in order to be able to reassemble the type of dcerpc fragments
that are sent between nt4 dc's.
The DCERPC fragment reassembly in the dcerpc layer is still broken though, and
i think it has been broken for quite some time. That will be addressed shortly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7445 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: don't put stuff in the Info column if a subdissector
is called, so that we don't get a mix of M3UA and subdissector stuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7444 f5534014-38df-0310-8fa8-9805f1628bb7

Some packets (the ones I've seen have a datastream type of
"End-of-Connection Acknolwedgment") have none of the connection control
bits set; describe them as "Data, No Ack Required" rather than
"Unknown".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7443 f5534014-38df-0310-8fa8-9805f1628bb7

An SPX packet is not a retransmission of an earlier packet unless the
two packets have the same sequence number; use the sequence number in
the hash key.

The sequence number is not incremented for system packets, and system
packets probably don't get ACKed and thus presumably don't get
retransmitted, so don't do retransmission checks for system packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7442 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7441 f5534014-38df-0310-8fa8-9805f1628bb7

You can't put an FT_FRAMENUM into the tree with a length of -1, so, for
a retransmitted SPX frame, just put the number of the original frame in
as an item not referring to any data (offset and length of 0), and, if
there is any remaining data, put it into the tree as a separate item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7440 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: rather than re-initializing the Info column with each
PDU, just append the message type acronym to the column, so you can see
the message types for all the messages in the frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7439 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss: add support for the Chinese ITU variant of SS7.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7438 f5534014-38df-0310-8fa8-9805f1628bb7

From Anders Broman: decode ISUP element User service info as Q.931
Bearer capability.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7437 f5534014-38df-0310-8fa8-9805f1628bb7

The NT Security Descriptor revision field is only one byte, not two.

Make the dissector decode the first two bytes of the security descriptor as
one byte for the revision and the second byte as nothing/should be zero.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7436 f5534014-38df-0310-8fa8-9805f1628bb7

Some COL_INFO goodies for SpoolssWritePrinter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7435 f5534014-38df-0310-8fa8-9805f1628bb7

From David Frascone: use a string constant rather than a global variable
for the full name of the Diameter protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7434 f5534014-38df-0310-8fa8-9805f1628bb7

Make the individual flag bits in the Connection Control field of the SPX
header be filterable fields.

Don't hand retransmitted SPX frames to subdissectors - just show the
payload as a retransmission of the original frame.

Instead of handing a retransmission indicator to SPX subdissectors, hand
them a structure containing the datastream type (under the assumption
that it's data for the protocol running atop SPX, and that the dissector
for that protocol might use it) and the state of the end-of-message bit
(under the assumption that it's data for the protocol running atop SPX).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7433 f5534014-38df-0310-8fa8-9805f1628bb7

Instead of using passing the SPX hash value to subdissectors, attach to
frames that are retransmissions a data structure containing the frame
number of the original frame, and pass that to subdissectors (or, if not
present, pass NULL).

That means we can free the hash values when we're done with the first
pass through the packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7432 f5534014-38df-0310-8fa8-9805f1628bb7

Update for NSIS 2.0

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7431 f5534014-38df-0310-8fa8-9805f1628bb7

Squelch a compiler warning - the problem "should not happen", as a
WriteAndX request should have a full complement of word parameters, but,
just in cast it doesn't....

(Should we somehow arrange to throw an exception if there aren't enough
word or byte parameters in SMBs, i.e. impose a minimum in some cases?)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7430 f5534014-38df-0310-8fa8-9805f1628bb7

From Tom Uijldert: properly decode the packet sequence number in WTP
Negative Ack packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7429 f5534014-38df-0310-8fa8-9805f1628bb7

Update to WriteAndX request decoding so it can handle the pipe bits properly.

If both mode bits MessageStart and WriteRaw are set, then the first two bytes of the byte-field is the total length of the data written to the pipe.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7428 f5534014-38df-0310-8fa8-9805f1628bb7

Added new field reassembled_in to the fragment data structure.

This field gets set to the frame number when this pdu was first completely reassembled.

This is useful since it will allow us to do reassembly properly in say packet-ip.c
instead of printing the full pdu for every fragment and thus making NFSoverUDP rpc-rtt statistics less than useful.

A dissector using fragment_add() can tehn choose to only dissect the reassembled PDU only for the frame where it was first reassembled.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7427 f5534014-38df-0310-8fa8-9805f1628bb7

Fix some spelling/punctuation/capitalization/etc. errors.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7426 f5534014-38df-0310-8fa8-9805f1628bb7

Don't create a protocol tree or do anything to the columns before
calling "tcp_dissect_pdus()", so that if we don't have the final segment
of a multi-segment packet, we don't change the columns or put in an
empty protocol tree item for NDPS.

Rename "ndps.desegment_ndps" to "ndps.desegment_tcp" - the "ndps." is
sufficient to indicate that it's for desegmenting NDPS, but we now have
a flag for desegmenting NDPS-over-SPX, so we should indicate that the
other flag is for desegmenting NDPS-over-TCP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7425 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up the handling of the completion code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7424 f5534014-38df-0310-8fa8-9805f1628bb7

Add "proto_tree_add_none_format()" to the set of functions exported to
plugins.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7423 f5534014-38df-0310-8fa8-9805f1628bb7

make-manuf:
Sometimes printed a \n too much
manuf.tmpl:
Remove most manual Mappings to Cisco because that's what gets used
anyway (all except Racal and Newpoint)
manuf:
Update to represent changes in make-manuf, manuf.tmpl and IEEE

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7422 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting a reply, don't put the frame number of the corresponding
request into the protocol tree if we haven't seen the request.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7421 f5534014-38df-0310-8fa8-9805f1628bb7

"ndps_req_hash_cleanup()" doesn't need to do anything (the data
structure it frees has no pointers to anything), so eliminate it.

The XID argument to "dissect_ndps_request()" isn't used, so eliminate
it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7420 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of unused "ddp_dissector_table" variable.

For replies, correctly put the frame number of the corresponding request
into the protocol tree; don't put it in as if it were the XID. That
means we don't need to pass the XID as an argument to
"dissect_ndps_reply()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7419 f5534014-38df-0310-8fa8-9805f1628bb7

Move the definition of the structure constructed for each SPX
transmission (and shared by all retransmissions), and passed to SPX
subdissectors, to "packet-ipx.h", and use the same structure in the SPX
dissector and the NDPS dissector.

Set up conversations and those structures without checking whether we've
seen the packet before or not; just check whether we find the
conversation before creating a new one, and check whether we find a
structure for the packet before creating a new one. Pass it to the
subdissector regardless of whether we've seen the packet before or not,
and check it in the NDPS dissector regardless of whether we've seen it
before or not.

Don't store a "retransmission" flag in the structure - the initial
transmission and the retransmissions all share a single data structure,
but they don't all have the same value for the "retransmission" flag,
and you can tell whether a packet is a retransmission or not by
comparing its frame number with the frame number from the structure; if
they're different, it's a retransmission.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7418 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, add defragmentation
support, fix various bugs, and finish up the NDPS decodes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7417 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, fix the handling
of the completion code, and tweak the description of continuation
fragments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7416 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7415 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment, and flag SPX
retransmissions in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7414 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: update the introductory comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7413 f5534014-38df-0310-8fa8-9805f1628bb7

From Greg Morris: level 2 oplock support, add additional error codes,
fix the "Delete a File or Subdirectory" item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7412 f5534014-38df-0310-8fa8-9805f1628bb7

Update to reflect the fact that you *HAVE* to have a Windows version of
Flex in order to build Ethereal, as the UNIX version generates files
that unconditionally include <unistd.h> and thus don't build on Windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7411 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of the other Flex output files, so that they get rebuilt on
Windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7410 f5534014-38df-0310-8fa8-9805f1628bb7

Choosing the lower-numbered socket in an IPX packet as the first one to
try as a port number doesn't always give the right answer, as you might
have a name query packet from an SMB-over-IPX server, meaning it's from
IPX_SOCKET_NWLINK_SMB_SERVER to IPX_SOCKET_NWLINK_SMB_NAMEQUERY, and,
unfortunately, IPX_SOCKET_NWLINK_SMB_SERVER is less than
IPX_SOCKET_NWLINK_SMB_NAMEQUERY and it'll now be dissected as an SMB
packet rather than an NMPI name query packet.

So if the higher-numbered socket is IPX_SOCKET_NWLINK_SMB_NAMEQUERY, we
just try that, we don't try the other port.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7409 f5534014-38df-0310-8fa8-9805f1628bb7

From emre: add a "Filter out this stream" button to the "Follow TCP
Stream" window, which adds "and !(<filter for the stream>)" to the
display filter in effect before the stream was followed, removing that
stream from the display.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7408 f5534014-38df-0310-8fa8-9805f1628bb7

Add a dissector for the IPX WAN protocol. "IPX WAN 2" is just some
compatible additions to the RFC 1362 IPX WAN protocol, so call it "IPX
WAN", not "IPX WAN 2".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7407 f5534014-38df-0310-8fa8-9805f1628bb7

We use nothing from "nlpid.h", so we don't need to include it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7406 f5534014-38df-0310-8fa8-9805f1628bb7

Separate the scan for the BGP header from the scan through the BGP
packets, and mark any stuff before the first BGP header as continuation
data.

Make the main loop for dissecting the BGP packets similar to the loop in
"tcp_dissect_pdus()" (if "tcp_dissect_pdus()" took a starting offset as
an argument, we could use it), so that it handles a BGP header split
between TCP segments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7405 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up white space.

Don't include "packet-smb-common.h", as there's nothing in it we use.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7404 f5534014-38df-0310-8fa8-9805f1628bb7

Add some additional fields to SMB-over-IPX dissection, as per what
NetMon 2.x does.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7403 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for SMB-over-IPX.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7402 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting specific rights, pass a name string down so the
proto item says "foo specific rights" instead of just "specific
rights".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7401 f5534014-38df-0310-8fa8-9805f1628bb7

From Laurent Rabret: add support for Multi Topology Reachable IPv4
Prefixes and Multi Topology Reachable IPv6 Prefixes from
draft-ietf-isis-wg-multi-topology-06.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7400 f5534014-38df-0310-8fa8-9805f1628bb7

Add an extra argument to get_unicode_string() to optionally
pass back string data.

Start adding some COL_INFO tidbits for NETLOGON PDC query and PDC
query response.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7399 f5534014-38df-0310-8fa8-9805f1628bb7

Add an extra argument to get_ms_string() so we can optionally pass
back the value of the string to the caller.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7398 f5534014-38df-0310-8fa8-9805f1628bb7

Add a new README.developer file for wiretap; it's currently just some
stuff I sent out in a mail message to somebody asking how to add support
for a new file format, but hopefully it'll get improved by various
contributors over time (hint hint).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7397 f5534014-38df-0310-8fa8-9805f1628bb7

We don't use snprintf, so we don't need to include snprintf.h.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7396 f5534014-38df-0310-8fa8-9805f1628bb7

"proto_tree_add_text()" takes printf-style arguments; there's no need to
use snprintf to format a string into a buffer and then supply that
string to "proto_tree_add_text()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7395 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for WAN Hello packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7394 f5534014-38df-0310-8fa8-9805f1628bb7

From Eric Perie: update to the name for EAP type 15, and some additional
EAP types.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7393 f5534014-38df-0310-8fa8-9805f1628bb7

From Solomon Peachy: add support for the latest stuff defined in the
draft 7.1 of 802.11g, plus a few response codes defined in 802.11b.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7392 f5534014-38df-0310-8fa8-9805f1628bb7

From Mike Frisch: NFS_ACL support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7391 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for Level 1 Hello packets.

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7390 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7389 f5534014-38df-0310-8fa8-9805f1628bb7

The units, in non-whizzo-gigabit-pod captures, for hdr.timeunit = 2
aren't 1/1193000.0 second; the code used to use 1/1193180.0 second, but
at least one capture appears to have units of somewhere around
1/3579540.0 second.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7388 f5534014-38df-0310-8fa8-9805f1628bb7

Add dissector for NetWare Link Services Protocol.

Socket 0x9001 is for NLSP - it supports LANs as well as WANs, at least
as I read the specification.

Socket 0x9004 is for "IPX WAN 2".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7387 f5534014-38df-0310-8fa8-9805f1628bb7

Don't use hardwired offsets when dissecting the ISIS header - we're
already advancing "offset" through the header, so use it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7386 f5534014-38df-0310-8fa8-9805f1628bb7

Have separate subtree ett_ values for CLVs with LSP entries and for the
LSP entries themselves.

The length and structure of an LSP entry isn't fixed, it depends on the
ID length.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7385 f5534014-38df-0310-8fa8-9805f1628bb7

The "attached_string" doesn't apply to the attachments, so call it
"supported_string", instead, as it is used to indicate whether partition
repair is supported.

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7384 f5534014-38df-0310-8fa8-9805f1628bb7

Do the same for dissect_ndr_char_cvstring.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7383 f5534014-38df-0310-8fa8-9805f1628bb7

From Didier Gautheron: bug fix plus a new command decoded.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7382 f5534014-38df-0310-8fa8-9805f1628bb7

From Hannes Gredler:

- TLV 135 cleanup and support for subTLVs
- a common IP Reach subTLV dissector which dissects
subTLV 1 & 2 [32 & 64 Bit Admin Tags as per
draft-ietf-isis-admin-tags-01.txt]
- rework IPv6-related TLVs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7381 f5534014-38df-0310-8fa8-9805f1628bb7

Ian Schorr discovered that, for gigabit pod captures, if hdr.timeunit is
2 the time stamps are in units of 1/31250000 seconds rather than
nanoseconds - and, by generating Windows Sniffer captures with various
hdr.timeunit values, that for all the non-zero values he tested, the
time stamps for non-gigabit pod captures are in units of 1/1193000
second.

Instead of having a TpS array, just test for the exception value (0 for
non-gigabit pod captures, 2 for gigabit pod captures).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7380 f5534014-38df-0310-8fa8-9805f1628bb7

Use FT_FRAMENUM for the "Duplicate to the ACK in frame" and "This is an
ACK to the segment in frame" fields, so you can use the "Go To
Corresponding Frame" menu item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7379 f5534014-38df-0310-8fa8-9805f1628bb7

From Laurent Rabret: fix bugs in ISIS LSP analyses, addi type block
filters and display the type block byte in a more standard way (bit
fields).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7378 f5534014-38df-0310-8fa8-9805f1628bb7

From Olivier Biot: fix quotation of attibute values for the WAP
Provisioning DTD representation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7377 f5534014-38df-0310-8fa8-9805f1628bb7

From Olivier Biot:

* Fix the Extended Method PDU mapping (move code some lines down)
* Decode more WSP Parameter entries (now WAP Provisioning Push OK)
* First check whether the PDU content for Post, Reply and Push PDUs
can be dissected (dissector_try_X function calls), if not then
display the PDU data as "Data" in the WSP protocol tree.
* Replaced "Unsupported header" by "Undecoded header" for clarity

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7376 f5534014-38df-0310-8fa8-9805f1628bb7

Enhancement to TCP Sequence Analysis

Duplicate ACKs that are detected/suspected are now also flagged
with which frame the original ACK was seen in and the dup ack number.

This is displayed both in the summary pane as well as in the tree pane.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7375 f5534014-38df-0310-8fa8-9805f1628bb7

Use "gboolean" for Boolean variables.

Allocate the per-conversation and per-frame data items from a GMemChunk
(which saves memory and CPU time, *and* lets us free all those items
quickly - as opposed to not freeing them at all, as had been the case).

Don't assume that, just because a conversation for the TCP connection
exists, it necessarily has an AJP13 data chunk attached to it; the
conversation might have, for example, been created by the TCP sequence
number analysis code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7374 f5534014-38df-0310-8fa8-9805f1628bb7

From Graham Bloice: make the RC_VERSION variable in config.nmake
comma-separated, so that the resources will be built correctly and the
version number correctly displayed in the GUI, and make the resources
dependent on "config.nmake" so that they're rebuilt if it's changed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7373 f5534014-38df-0310-8fa8-9805f1628bb7

From Olivier Biot: add WSP protocol dissection for extended method PDUs,
and let the Protocol Options header code page and extended methods calls
refer to hexadecimal representation as used everywhere else in the WSP
dissection code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7372 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed a small bug in tcp sequence number analysis.

FIN flag would previously only add one to the sequence number if the
FIN packet was empty, i.e. did not carry any payload data.

This caused ethereal to incorrectly flag the ACK to such packets
(FIN+payload data) to be incorrectly flagged as
ACK to previously lost segment.

Change the algorithm to always add 1 to the segment length, and thus the sequence number for all packets with teh FIN bit set.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7371 f5534014-38df-0310-8fa8-9805f1628bb7

Put in a comment about the "to what code does the configuration file
directory belong" issue.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7370 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7369 f5534014-38df-0310-8fa8-9805f1628bb7

Use "datafiledir" rather than "DATAFILE_DIR" as the name of the variable
in the configure script for the all-variables-expanded version of the
data file directory.

Don't AC_SUBST "DATAFILE_DIR", as it's not used.

Define DATAFILE_DIR in config.h as the all-variables-expanded version of
$datadir/ethereal, as that's where the global configuration files such
as manuf and the Diameter files are actually installed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7368 f5534014-38df-0310-8fa8-9805f1628bb7

DATAFILE_DIR in the top-level config.h isn't used; don't bother defining
it. (Nothing other than "get_datafile_dir()" should use it - anything
that needs to know whether the configuration files are located should
use "get_datafile_dir()".)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7367 f5534014-38df-0310-8fa8-9805f1628bb7

There's no need to define "etherealconfdir" - we can just use
"pkgdatadir".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7366 f5534014-38df-0310-8fa8-9805f1628bb7

From Brad Hards: ACAP support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7365 f5534014-38df-0310-8fa8-9805f1628bb7

Non-void functions must always return a value; the SID snooping tap
listener isn't a GUI tap, so it should always return 0.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7364 f5534014-38df-0310-8fa8-9805f1628bb7

Update FAQ to 2003-03-20

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7363 f5534014-38df-0310-8fa8-9805f1628bb7

Added SMB option : sid_name_snooping.

This feature, when enabled through Edit/preferences/protocols/smb,
will look at certain SMB and CIFS related protocols to discover the
mapping between SIDs and their Names.

For those SIDs whose name has been snooped/discovered ethereal will
also add "(<name>)" to the end of the SID when printed in the tree pane
through the function dissect_nt_sid().

Currently the feature is not too exciting since the only thing that packet-smb-sidsnooping.c will look at to build this mapping table is
replies to the LSA/QueryInfoPolicy infolevel 3 packets and thus
discover mappings between a Domain SID and a Domain Name.
In the near future this future will be enhanced to also look at more interesting calls such as LSA/LookupSIDs2 and similar.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7362 f5534014-38df-0310-8fa8-9805f1628bb7

AIX's BPF, and thus its tcpdump, appears to use 24 as the link-layer
type for loopback devices; map it to DLT_NULL when reading libpcap files
with a major version of 2 and a minor version of 2, and when capturing
from an "loN" device on AIX.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7361 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up the parsing of browser rest messages.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7360 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for decoding Intel ANS probes. Thanks go to Intel for providing
protocol information.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7359 f5534014-38df-0310-8fa8-9805f1628bb7

From Jeff Morriss fix:

- endianism issues in most multi-octet parameters
- the size of pointers to variable and optional parameters in the LUDT
and LUDTS messages (ITU only)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7358 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for the missing ResetBrowserState announcement in
packet-smb-browse.c

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7357 f5534014-38df-0310-8fa8-9805f1628bb7

change dissect_ndr_wchar_cvstring so that it uses the hf_index the dissector has passed to it and not the generic dcerpc_character_buffer.

we need this to be able to filter for various dcerpc related strings such as lsa.domain

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7356 f5534014-38df-0310-8fa8-9805f1628bb7

Turn SIDs into FT_STRING fields so that we can filter for them using
display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7355 f5534014-38df-0310-8fa8-9805f1628bb7

Rename hf_smb_sid to the more appropriate hf_smb_search_id
since we will need hf_smb_sid for the SID string later

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7354 f5534014-38df-0310-8fa8-9805f1628bb7

From Devin Heitmueller: for packets with an unknown family ID, display
the family ID in hex in the summary line.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7353 f5534014-38df-0310-8fa8-9805f1628bb7

Make sure that we display all the file attributes ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7352 f5534014-38df-0310-8fa8-9805f1628bb7

From Tomas Kukosa - allow a preference name to begin with the string
that's the name of the module, as long as the prefix doesn't end with
"." or "_" (so you can register "tc.tcp.port" or "tc.tcp_port", but not
"tc.tc.port" or "tc.tc_port").

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7351 f5534014-38df-0310-8fa8-9805f1628bb7

When fixing up old preferences, check the module for the current
preference by comparing "module->name" against the module, not by
checking the first part of the preference name - the preference name
might not contain the correct module name, as we've mapped some modules.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7350 f5534014-38df-0310-8fa8-9805f1628bb7

From Todd Montgomery: Bring PGM up to date with RFC 3208:

        - checksum checks for all packets (like UDP, IP, TCP, etc.)
                - this includes adding an option to turn off checking
                  it in the preferences menu (like TCP does).
        - POLL packets
        - POLR packets
        - added PGM options:
                - OPT_FRAGMENT
                - OPT_REDIRECT
                - OPT_NAK_BO_IVL
                - OPT_NAK_BO_RNG
        - fixed a minor offset error in SPMs

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7349 f5534014-38df-0310-8fa8-9805f1628bb7

From Lars Roland: printf fix.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7348 f5534014-38df-0310-8fa8-9805f1628bb7