14 years agoadd service response time statistics for smb2
sahlberg [Fri, 23 Dec 2005 04:57:06 +0000 (04:57 +0000)]
add service response time statistics for smb2

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16887 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agomake smb2 tappable
sahlberg [Fri, 23 Dec 2005 04:55:25 +0000 (04:55 +0000)]
make smb2 tappable

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16886 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agofrom eric wedel
sahlberg [Fri, 23 Dec 2005 03:43:56 +0000 (03:43 +0000)]
from eric wedel

kpasswd over tcp support

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16885 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agodunt put ACK number in COL_INFO or in the decode pane if the ACK bit is not set
sahlberg [Thu, 22 Dec 2005 23:23:25 +0000 (23:23 +0000)]
dunt put ACK number in COL_INFO or in the decode pane if the ACK bit is not set

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16884 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoadd decoding of RFC3947 which should fix bug 513
sahlberg [Thu, 22 Dec 2005 21:28:51 +0000 (21:28 +0000)]
add decoding of RFC3947   which should fix bug 513

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16883 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Martin Mathieson:
etxrab [Thu, 22 Dec 2005 16:26:26 +0000 (16:26 +0000)]
From Martin Mathieson:
there are only 1000 ms in one second

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16882 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agosome ACEs are not used for authorization and thus do NOT contain an access mask and...
sahlberg [Thu, 22 Dec 2005 08:51:50 +0000 (08:51 +0000)]
some ACEs are not used for authorization and thus do NOT contain an access mask and a SID.

make the dissection of the ACL check the type for each individual ACE and only dissect  as access mask and sid  those ACEs we know how to handle.

this prevents ethereal from dumping on w32 if we encounter any of these "special" ACE entries,   such as the ones used for storing location data for offline files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16881 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFix Bug 642, use col_set_fence() not to owerwrite column info if several Skinny messa...
etxrab [Thu, 22 Dec 2005 07:11:21 +0000 (07:11 +0000)]
Fix Bug 642, use col_set_fence() not to owerwrite column info if several Skinny messages are in one frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16880 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAs reported by Mark Millet <mmillet@cisco.com>
jmayer [Thu, 22 Dec 2005 02:37:22 +0000 (02:37 +0000)]
As reported by Mark Millet <mmillet@cisco.com>

Add message types 13-17 for option 53 decoding.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16879 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoJaap Keuter:
jmayer [Thu, 22 Dec 2005 01:36:42 +0000 (01:36 +0000)]
Jaap Keuter:

While looking into bug 239 I found a type mismatch in proto.c. Even
though tree_is_expanded is defined as a (gboolean *) the memory
allocation is carried out using sizeof (gint *). The attached patch
fixes this.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16877 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoJaap Keuter:
jmayer [Thu, 22 Dec 2005 01:33:56 +0000 (01:33 +0000)]
Jaap Keuter:
        Add the documentation part of the fix for bug 379

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16876 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoJaap Keuter:
jmayer [Thu, 22 Dec 2005 01:26:04 +0000 (01:26 +0000)]
Jaap Keuter:
        Add MS NLB buildin dissector

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16875 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Bill Meier:
gerald [Thu, 22 Dec 2005 01:23:27 +0000 (01:23 +0000)]
From Bill Meier:

After investigating the time-sequence graphs (Stevens and tcptrace) produced
using an FTP capture file supplied by Eduardo Segura
(see http://www.ethereal.com/lists/ethereal-users/200512/msg00153.html )
I've identified several problems in tcp_trace.c.

The problems mostly involve incorrect determination of the lower/upper
sequence number bounds (for the Y axis) in certain cases (e.g. having to do
with 'partial' conversations).

I've reworked the '...get_bounds' code to handle cases such as:

1. out of order data segments (e.g.: the first segment in a captured
conversation has a higher sequence number than a later segment);

2. 'ack' sequence numbers for initial ack segments in a conversation lower
than the sequence numbers of the initial data segments;

3. maximum 'ack + win' sequence number in a conversation greater than the
max data sequence number;

4. Stevens graph: only use data segment sequence numbers when
determining bounds;

5. TCP RST packet without 'ack' flag: do not try to use the 'ack' seq num from
the packet in this case. (This was the specific cause of the originally reported

I've also reworked the tcptrace display code slightly to properly handle
the initial ack packet of a sequence;

As an example of the some of the fixes the Ethereal tcptrace style graph
of the following conversation fragment will now be similar to the graph
produced by Tcptrace.

data:  seq 10000 len 100
data:  seq 10100 len 200
ack:   ack 5000  win 6000
ack:   ack 5400  win 5600

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16874 f5534014-38df-0310-8fa8-9805f1628bb7

14 years ago- Add max frame size
jmayer [Thu, 22 Dec 2005 01:08:07 +0000 (01:08 +0000)]
- Add max frame size
- Add port power forwarding
- Some more field cleanups

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16873 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoPrep for 0.10.14.
gerald [Wed, 21 Dec 2005 16:49:47 +0000 (16:49 +0000)]
Prep for 0.10.14.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16872 f5534014-38df-0310-8fa8-9805f1628bb7

14 years ago- Don't use numbers when there are enum values
jmayer [Wed, 21 Dec 2005 11:21:49 +0000 (11:21 +0000)]
- Don't use numbers when there are enum values
- Better nameing of tfs_ arrays
- Name and dissect "version" field (previously unknown)
- Name and dissect "add tag scheme" (previously unknown)
- Add lots of comments about meanings in the port data
- The first byte in the set command is probably some salt value

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16871 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoProvide not only copyright information, but a GPL blurb, in all the
guy [Wed, 21 Dec 2005 08:59:52 +0000 (08:59 +0000)]
Provide not only copyright information, but a GPL blurb, in all the
version/usage messages.

Put newlines at the end of various version strings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16870 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoadd dissection of two more NTCreateAndX bits :
sahlberg [Wed, 21 Dec 2005 08:48:59 +0000 (08:48 +0000)]
add dissection of two more NTCreateAndX bits :
open by file id
backup intent

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16869 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom jaap Keuter:
etxrab [Tue, 20 Dec 2005 18:38:13 +0000 (18:38 +0000)]
From jaap Keuter:
Taking a random dissector from the list on the Wiki I picked packet-enip.c. Nothing wrong with this one, I still ememified it.

From Bart Braem:
packet-mip.c does not have support for all registration denials by the foreign agent, code 77 was left out. The attached patch fixes that.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16868 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd ASN1 code from some more 3GPP2 dockuments.
etxrab [Tue, 20 Dec 2005 18:26:28 +0000 (18:26 +0000)]
Add ASN1 code from some more 3GPP2 dockuments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16867 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agopacket-rnsap.[hc] were added to Makefile.common but missing from svn
jmayer [Tue, 20 Dec 2005 09:23:42 +0000 (09:23 +0000)]
packet-rnsap.[hc] were added to Makefile.common but missing from svn

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16866 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agopacket-radius.c, packet-xml.c:
jmayer [Tue, 20 Dec 2005 08:35:53 +0000 (08:35 +0000)]
packet-radius.c, packet-xml.c:
        Fix a memory leak found by valgrind:
        Although dir isn't a directory it may still use memory

        Reformat the relevant function in packet-xml.c to be readable on systems
        where a tab is 8 spaces.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16865 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd dissection of RNSAP, not complete yet.
etxrab [Tue, 20 Dec 2005 07:22:33 +0000 (07:22 +0000)]
Add dissection of RNSAP, not complete yet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16864 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoMake sure we don't try to close an already-closed file.
gerald [Tue, 20 Dec 2005 02:50:04 +0000 (02:50 +0000)]
Make sure we don't try to close an already-closed file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16863 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFix some asn1 errors and insert the new code to call TCAP.
etxrab [Mon, 19 Dec 2005 19:39:42 +0000 (19:39 +0000)]
Fix some asn1 errors and insert the new code to call TCAP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16862 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoGet rid of some GCC warnings about unused code.
etxrab [Mon, 19 Dec 2005 19:36:32 +0000 (19:36 +0000)]
Get rid of some GCC warnings about unused code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16861 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd dissection of Error parameters hopfully geting rid of some GCC warnings.
etxrab [Mon, 19 Dec 2005 19:34:52 +0000 (19:34 +0000)]
Add dissection of Error parameters hopfully geting rid of some GCC warnings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16860 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoregister the m3ua dissector by name
lego [Mon, 19 Dec 2005 19:21:32 +0000 (19:21 +0000)]
register the m3ua dissector by name

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16859 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAvoid a warning if release_cause == 0
lego [Mon, 19 Dec 2005 19:20:31 +0000 (19:20 +0000)]
Avoid a warning if release_cause == 0

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16858 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd support for Juniper GGSN generated pcap files.
lego [Mon, 19 Dec 2005 19:18:20 +0000 (19:18 +0000)]
Add support for Juniper GGSN generated pcap files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16857 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom John Sullivan:
etxrab [Mon, 19 Dec 2005 06:48:07 +0000 (06:48 +0000)]
From John Sullivan:
Three patches here:


1) The handling of HashSet Answer messages was wrong
2) Add dissection of some more eMule extension packets to do with
   error recovery


New versions of the Azureus BitTorrent client implement a new extension to the protocol, which is effectively a text based encapsulation of the binary BitTorrent protocol, embedded within the BitTorrent protocol. Who knows why they thought that was a good idea, but this patch can pick apart their new headers.


By registering a normal dissector as well as the heuristic one, BitTorrent shows up on the Decode As... list so you can manually override its mistake.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16856 f5534014-38df-0310-8fa8-9805f1628bb7

14 years ago"Fix" for warning: enumeration value 'TS_NOT_SET' not handled in switch
jmayer [Sun, 18 Dec 2005 23:29:37 +0000 (23:29 +0000)]
"Fix" for warning: enumeration value 'TS_NOT_SET' not handled in switch
   Just g_assert until someone who understands the code checks in a real

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16855 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agowarning: no newline at end of file
jmayer [Sun, 18 Dec 2005 23:23:21 +0000 (23:23 +0000)]
warning: no newline at end of file

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16854 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agowarning: C++ style comments are not allowed in ISO C90
jmayer [Sun, 18 Dec 2005 23:22:47 +0000 (23:22 +0000)]
warning: C++ style comments are not allowed in ISO C90

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16853 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agowarning: function declaration isn't a prototype
jmayer [Sun, 18 Dec 2005 23:18:06 +0000 (23:18 +0000)]
warning: function declaration isn't a prototype

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16852 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoUpdate from samba tree revision 12205 to 12325
jmayer [Sun, 18 Dec 2005 22:40:49 +0000 (22:40 +0000)]
Update from samba tree revision 12205 to 12325
============================ Samba log start ============
r12205 | jelmer | 2005-12-13 02:56:04 +0100 (Tue, 13 Dec 2005) | 2 lines

Support 'TFS' command in conformance files

r12206 | jelmer | 2005-12-13 14:14:23 +0100 (Tue, 13 Dec 2005) | 2 lines

Fix some issues in NOEMIT

============================ Samba log end ==============

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16851 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoIndent authors' e-mail addresses with tabs (so the list is properly
guy [Sun, 18 Dec 2005 20:54:47 +0000 (20:54 +0000)]
Indent authors' e-mail addresses with tabs (so the list is properly
aligned in the About box).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16850 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoUse tabs to indent all credits.
guy [Sun, 18 Dec 2005 19:46:38 +0000 (19:46 +0000)]
Use tabs to indent all credits.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16849 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoRe-UTF-8ify.
guy [Sun, 18 Dec 2005 19:41:49 +0000 (19:41 +0000)]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16848 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Michael Rozhavsky:
etxrab [Sun, 18 Dec 2005 19:01:46 +0000 (19:01 +0000)]
From Michael Rozhavsky:
In my previous patch I forgot to add a OOBResync flag to the DBD packet flags field. This patch adds this flag.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16847 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoWork in progress ANSI MAP dissector.
etxrab [Sun, 18 Dec 2005 18:17:29 +0000 (18:17 +0000)]
Work in progress ANSI MAP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16846 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Martin Warnes
etxrab [Sun, 18 Dec 2005 18:15:24 +0000 (18:15 +0000)]
From Martin Warnes
Attached a small patch to top level Makefile.am to include the recently
added diamter data files chargecontrol.xml and TGPPSh.xml

From jaaap Keuter:
I've polished up the README.malloc describing ememified memory management. It's basically the same information, but made a bit more accessable. All this in response to bug 511

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16845 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Greg Morris:
etxrab [Sun, 18 Dec 2005 18:13:05 +0000 (18:13 +0000)]
From Greg Morris:
-  New Dissector Novell Cluster Services

1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16844 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agouse #ifdef SHOW_WELCOME_PAGE for the currently disabled welcome page instead of simpl...
ulfl [Sun, 18 Dec 2005 11:36:06 +0000 (11:36 +0000)]
use #ifdef SHOW_WELCOME_PAGE for the currently disabled welcome page instead of simply #if 0

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16843 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoIf we're going to use a handle for the data handle, we need to get a
guy [Sun, 18 Dec 2005 11:19:25 +0000 (11:19 +0000)]
If we're going to use a handle for the data handle, we need to get a
handle for that dissector.  This fixes bug 637.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16842 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoUpdate tcap.cnf to generate the current packet-tcap.c
guy [Sun, 18 Dec 2005 11:08:38 +0000 (11:08 +0000)]
Update tcap.cnf to generate the current packet-tcap.c

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16841 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoGet rid of an unused variable.
guy [Sun, 18 Dec 2005 10:59:45 +0000 (10:59 +0000)]
Get rid of an unused variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16840 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoSquelch a compiler warning.
guy [Sun, 18 Dec 2005 10:58:47 +0000 (10:58 +0000)]
Squelch a compiler warning.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16839 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoGet rid of an unused variable.
guy [Sun, 18 Dec 2005 10:51:41 +0000 (10:51 +0000)]
Get rid of an unused variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16838 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoGet rid of an unused variable.
guy [Sun, 18 Dec 2005 10:42:29 +0000 (10:42 +0000)]
Get rid of an unused variable.

Fix a typo in svn:keywords.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16837 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoreassembling as enabled by default (the default was changed from disabled to enabled...
ulfl [Sun, 18 Dec 2005 03:42:01 +0000 (03:42 +0000)]
reassembling as enabled by default (the default was changed from disabled to enabled some time ago)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16836 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoremove // comments
lego [Sat, 17 Dec 2005 21:17:58 +0000 (21:17 +0000)]
remove // comments

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16835 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoHave tcap subdissectors registering using functions provided by tcap and tcap manage...
lego [Sat, 17 Dec 2005 16:55:45 +0000 (16:55 +0000)]
Have tcap subdissectors registering using functions provided by tcap and tcap manage ssn registration.

In packet-sccp.c avoid not having a binding.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16834 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoWin32 bugfix: peeking the signal_pipe at capture_loop start seems to be unreliable
ulfl [Sat, 17 Dec 2005 00:19:47 +0000 (00:19 +0000)]
Win32 bugfix: peeking the signal_pipe at capture_loop start seems to be unreliable

Instead, simply keep the signal_pipe setting directly from the command line which is working well

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16833 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoboth eug and edg still mentioned Ethereal 0.10.12
ulfl [Sat, 17 Dec 2005 00:16:37 +0000 (00:16 +0000)]
both eug and edg still mentioned Ethereal 0.10.12

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16832 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoadd work in progress srvsvc.idl.
sahlberg [Fri, 16 Dec 2005 22:06:52 +0000 (22:06 +0000)]
add work in progress srvsvc.idl.

This idl file is required by wkssvc.idl since wkssvc references Platform_id

There are still some minor changes required for pidl to prettify the output for both wkssvc and srvsvc before these two dissectors should be used.

note that this idl is significantly different from the samba4 idl since it contains all the additional functions and structures the handwritten dissector has that is lacking from s4 idl.

it is expected that s4 will take up the authorative version of this idl soon so there will only be one master copy of this idl.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16831 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoInclude the latest diameter.xml files
etxrab [Fri, 16 Dec 2005 20:58:50 +0000 (20:58 +0000)]
Include the latest diameter.xml files

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16830 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agomodify the tool tip "Nodes in the diagram are identified with network source and...
etxrab [Fri, 16 Dec 2005 20:54:24 +0000 (20:54 +0000)]
modify the tool tip "Nodes in the diagram are identified with network source and destination address (like SS7 point codes)" remove the section between parenthesis

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16829 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoA patch for packet-ospf.c is attached:
etxrab [Fri, 16 Dec 2005 20:37:45 +0000 (20:37 +0000)]
A patch for packet-ospf.c is attached:
 - Fix the handling of the DN-bit of options field.
 - Add a new function dissect_ospf_bitfield() to dissect a bitfield
   such as options, flags. The following functions are merged by
   using this function.
     - dissect_ospf_lls_extended_options()
     - dissect_ospf_dbd()
     - dissect_ospf_options()
     - dissect_ospf_v3_prefix_options()
 - dissect the flags and prefix-options bitfield.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16828 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAs per Olivier Jacques mail,
etxrab [Fri, 16 Dec 2005 20:36:09 +0000 (20:36 +0000)]
As per Olivier Jacques mail,
"preferences/mtp3 must be changed accordingly (it is explicitly indicated that the "network address format" is ..."
Change the text and som names.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16827 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoIf "CLIENTNAME" is set (which indicates that we're using RDP) use
gerald [Fri, 16 Dec 2005 17:53:44 +0000 (17:53 +0000)]
If "CLIENTNAME" is set (which indicates that we're using RDP) use
"not tcp port 3389" instead of "not ip host $CLIENTNAME", since it
seems to be more reliable.

Make sure we remove dumpcap.obj when we clean.

This also tests the content-type "text/plain; charset=utf-8" for commit
messages.  Maybe Stig B's name will show up correctly now.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16826 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoSome updates
jmayer [Fri, 16 Dec 2005 17:52:05 +0000 (17:52 +0000)]
Some updates

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16825 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoDon't link dumpcap against libethereal etc.
jmayer [Fri, 16 Dec 2005 17:05:37 +0000 (17:05 +0000)]
Don't link dumpcap against libethereal etc.
It might be, that I've removed too many options:

in that case, replace
by some of

and let me know which of the options are needed

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16824 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoJaap Keuter:
jmayer [Fri, 16 Dec 2005 16:40:31 +0000 (16:40 +0000)]
Jaap Keuter:
I'm seeing a variant of the registered Ethernet address for MS NLB
multicast being used.

Changed to remove "multicast" from the name as it isn't a multicast

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16823 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Jaap Keuter:
etxrab [Fri, 16 Dec 2005 16:37:03 +0000 (16:37 +0000)]
From Jaap Keuter:
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.

Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.

-From Kan Sasaki
A patch for packet-ospf.c is attached:
 - Fix the handling of the DN-bit of options field.
 - Add a new function dissect_ospf_bitfield() to dissect a bitfield
   such as options, flags. The following functions are merged by
   using this function.
     - dissect_ospf_lls_extended_options()
     - dissect_ospf_dbd()

     - dissect_ospf_options()
     - dissect_ospf_v3_prefix_options()
 - dissect the flags and prefix-options bitfield.

- lldp Bugfix Bug 596  LLDP TIA Network Policy Decode is not correct

- Camel make it possible to dissect based on OID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16822 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Jaap Keuter:
etxrab [Fri, 16 Dec 2005 16:31:46 +0000 (16:31 +0000)]
From Jaap Keuter:
Bug 373 complains about a field type. Trivial fix attached.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16821 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoDeclare the GTK 2.6 as the official mainline now!!!
ulfl [Fri, 16 Dec 2005 08:20:22 +0000 (08:20 +0000)]
Declare the GTK 2.6 as the official mainline now!!!

(as per mailing list discussions and mainly as the Gimp windows port also uses this version)

fix the NSIS install settings for GTK 2.6 of GTK-Wimp

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16820 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agosome minor fixes: logging and comments fixed
ulfl [Fri, 16 Dec 2005 07:43:24 +0000 (07:43 +0000)]
some minor fixes: logging and comments fixed

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16819 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Michael Rozhavsky:
etxrab [Fri, 16 Dec 2005 07:37:28 +0000 (07:37 +0000)]
From Michael Rozhavsky:

This patch adds support for draft-nguyen-ospf-lls-05.txt, draft-nguyen-ospf-oob-resync-05.txt and draft-nguyen-ospf-restart-05.txt. These are an alternative way to do OSPF graceful restart.

These drafts are implemented by cisco and several other vendors that want to interoperate with cisco. My patch adds a dissectors for LLS TLVs.

I had to modify the existing ospf dissector as it assumed that all the data after IP header is OSPF packet. This is not true anymore and probably was not true before as well.

Also please find attached an example of OSPF packets with LLS data blocks.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16818 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Jacques, Olivier (OCBU-Test Infra)
etxrab [Fri, 16 Dec 2005 07:20:13 +0000 (07:20 +0000)]
From Jacques, Olivier (OCBU-Test Infra)

> here is a small patch for the flow graph feature. It allows
> to have SS7 nodes (network indicator/point codes) to be
> recognized as nodes in the graphs.
> The patch consists in using "pinfo->net_src" or
> "pinfo->net_dst" instead of "pinfo->src" or "pinfo->dst".
> I did some tests with other IP protocols and behavior was
> still the same as before. But I do not guaranty that it
> doesn't have some bad side effects for some protocols.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16817 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Grame Lunt:
etxrab [Fri, 16 Dec 2005 07:18:52 +0000 (07:18 +0000)]
From Grame Lunt:
The new oid_resolv.c OID handling is more strict on what an OID is. It now requires the OID string representation to be a sequence of dotted integers - particularly when looking up an associated name.

The X.411 and DISP dissectors have [ab]used the OID handling to support the dissection of x.411 standard-extensions (which are indicated by a single
integer) and where the OID is sufficient by itself (disp). Have a look at x411.cnf and disp.cnf

Attached is a small patch to restore the previous functionality in the new handling. If this is something you don't wish to continue to support in the OID handling, then I'll look at alternate mechanisms.


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16816 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoGet rid of duplicted dissector tables for MTP3 Service indicator and SCCP ssn:s
etxrab [Fri, 16 Dec 2005 07:05:50 +0000 (07:05 +0000)]
Get rid of duplicted dissector tables for MTP3 Service indicator and SCCP ssn:s

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16815 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Graeme Lunt:
etxrab [Fri, 16 Dec 2005 06:47:22 +0000 (06:47 +0000)]
From Graeme Lunt:
* DOP - This has now been successfully tested and so is now enabled by default and workaround code removed.
Also now uses the correct EXPORTs from the other modules/dissectors.

* X509SAT - Most of the selected attributes are now supported in addition to the DirectoryString syntax attributes. This includes restoring the correct DirectoryString syntax and also providing the basic syntaxes (e.g. OBJECT IDENTIFIER, PrintableString). The latter requires a sed line in the Makefile which I assume should be OK? Not all the SAT can be defined in x509sat - so some have been included in x509if and x509af - though x509sat.cnf contains the master list and references the other dissectors where appropriate.

(I still prefer a syntax registration approach but I don't think that is going to be agreed in the short term.)

* X509IF - a mechanism to register some formating, based upon the hf_index, that is used in the cnf file.

* A couple of fixes identified by Stig.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16814 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Stig B
sahlberg [Fri, 16 Dec 2005 00:32:12 +0000 (00:32 +0000)]
From Stig B
Patch for COTP reassembly.

There does not seem to be any reasonable or cleaner way to fix COTP
reassembly than adding the frame.[ch] patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16813 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agofrom Jaap K
sahlberg [Thu, 15 Dec 2005 23:17:01 +0000 (23:17 +0000)]
from Jaap K

fix for bug 306

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16812 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoupdate to modbus/tcp
sahlberg [Thu, 15 Dec 2005 22:54:33 +0000 (22:54 +0000)]
update to modbus/tcp

Make the dissector new-style and add simple (better than nothing) heuristics so that it can reject some packets that are obviously not modbus.

change the constants to upper case

 the horrors:
replace two instances where tvb_memcpy()  were used to read straight into a structure to instead read the structure field by field using tvb_get_...()
This may allow the modbus dissector to actually work.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16811 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFix themeing for GTK+ 2.8. This hasn't been tested under 2.6 or 2.4.
gerald [Thu, 15 Dec 2005 19:12:51 +0000 (19:12 +0000)]
Fix themeing for GTK+ 2.8.  This hasn't been tested under 2.6 or 2.4.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16810 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoMake sure we install the libpng and cairo DLLs if needed.
gerald [Thu, 15 Dec 2005 03:36:17 +0000 (03:36 +0000)]
Make sure we install the libpng and cairo DLLs if needed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16809 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoUse the reported length, not the length, to figure out how much to
guy [Thu, 15 Dec 2005 02:44:26 +0000 (02:44 +0000)]
Use the reported length, not the length, to figure out how much to
dissect (so that we report a packet cut short by the snapshot length).

Get rid of an unused variable..

As we restore "pinfo->fragmented" from "save_fragmented" regardless of
whether we're defragmenting or not, we have to save its previous value
in "save_fragmented" regardless of whether we're defragmenting or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16808 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoremove the setting of no longer required command line options:
ulfl [Thu, 15 Dec 2005 00:48:59 +0000 (00:48 +0000)]
remove the setting of no longer required command line options:

-H (Hide capture info dialog)
-m (font to use)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16807 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoremove a missplaced comment
ulfl [Thu, 15 Dec 2005 00:46:23 +0000 (00:46 +0000)]
remove a missplaced comment

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16806 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agouse capture_opts_trim_iface() instead of duplicated code
ulfl [Thu, 15 Dec 2005 00:45:29 +0000 (00:45 +0000)]
use capture_opts_trim_iface() instead of duplicated code

various minor code cleanup

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16805 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFix Bug 628 Bugzilla 2.18.3
etxrab [Wed, 14 Dec 2005 21:46:56 +0000 (21:46 +0000)]
Fix Bug 628  Bugzilla 2.18.3
CAMEL - Connect decoding error
- Calledparty number included first two octets

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16804 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd possibility to try to dissect IP over TIPC.
etxrab [Wed, 14 Dec 2005 21:40:04 +0000 (21:40 +0000)]
Add possibility to try to dissect IP over TIPC.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16803 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd support for GLib/GTK+ 2.8. Point to the latest tag.
gerald [Wed, 14 Dec 2005 21:19:39 +0000 (21:19 +0000)]
Add support for GLib/GTK+ 2.8.  Point to the latest tag.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16802 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Jaap Keuter:
etxrab [Wed, 14 Dec 2005 21:14:57 +0000 (21:14 +0000)]
From Jaap Keuter:
> Two patch files are attached adding UDP-Lite dissection to the UDP
> dissector. Wiki page is available at the normal location, including
> sample captures courtesy of Gerrit Renker of the University of
> Aberdeen Electronics Research Group. The patch has been tested with
> both the sample captures and Fuzz test.

And add Marc Petit-Huguenin to AUTHORS

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16801 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoAdd makefiles
etxrab [Wed, 14 Dec 2005 21:04:42 +0000 (21:04 +0000)]
Add makefiles

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16800 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Grame Lunt:
etxrab [Wed, 14 Dec 2005 21:02:56 +0000 (21:02 +0000)]
From Grame Lunt:
Attached is a patch that updates -

* DOP - This has now been successfully tested and so is now enabled by default and workaround code removed.
Also now uses the correct EXPORTs from the other modules/dissectors.

* X509SAT - Most of the selected attributes are now supported in addition to the DirectoryString syntax attributes. This includes restoring the correct DirectoryString syntax and also providing the basic syntaxes (e.g. OBJECT IDENTIFIER, PrintableString). The latter requires a sed line in the Makefile which I assume should be OK? Not all the SAT can be defined in x509sat - so some have been included in x509if and x509af - though x509sat.cnf contains the master list and references the other dissectors where appropriate.

(I still prefer a syntax registration approach but I don't think that is going to be agreed in the short term.)

* X509IF - a mechanism to register some formating, based upon the hf_index, that is used in the cnf file.

* A couple of fixes identified by Stig.

Note the patc for dop did not apply don't regenerate dissectors yet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16799 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Graeme Lunt:
etxrab [Wed, 14 Dec 2005 20:45:15 +0000 (20:45 +0000)]
From Graeme Lunt:
Here is a patch for packet-ber.c that only includes the upgraded dissect_unknown_ber()

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16798 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoFrom Marc Petit-Huguenin
etxrab [Wed, 14 Dec 2005 20:43:39 +0000 (20:43 +0000)]
From Marc Petit-Huguenin

This is a patch that add support for the latest drafts[1] in the STUN dissectors. I choose to add TURN directly in the STUN dissector instead of creating a new dissector because of the decision at the latest IETF meeting[2] to redefine TURN as an use case of STUN.

[1] ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-behave-rfc3489bis-02.txt
[2] http://www3.ietf.org/proceedings/05nov/minutes/behave.txt

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16797 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoUse src and dst instead of net_src.
etxrab [Wed, 14 Dec 2005 20:01:21 +0000 (20:01 +0000)]
Use src and dst instead of net_src.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16796 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoClose the dictionary files after reading from them.
lego [Wed, 14 Dec 2005 09:50:11 +0000 (09:50 +0000)]
Close the dictionary files after reading from them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16795 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoupdate Ethereal command line options -D and -i
ulfl [Wed, 14 Dec 2005 09:43:16 +0000 (09:43 +0000)]
update Ethereal command line options -D and -i

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16794 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agodocument latest command line changes:
ulfl [Wed, 14 Dec 2005 09:16:30 +0000 (09:16 +0000)]
document latest command line changes:

new: -D to list interfaces
changed: -i will also accept indices (rather than complete names only)

text copied from the tethereal.pod file

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16793 f5534014-38df-0310-8fa8-9805f1628bb7

14 years ago"a & b == c" is, in C, parsed as "a & (b == c)" - and if b and c are the
guy [Wed, 14 Dec 2005 07:33:07 +0000 (07:33 +0000)]
"a & b == c" is, in C, parsed as "a & (b == c)" - and if b and c are the
same, and have only one bit set, "(a & b) == c", which is what is
intended, is the same as "a & b".

In addition, we don't want to do desegmentation if "isup_apm_desegment"
isn't set, so that test should be ANDed with the other two tests.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16792 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoConstify a bunch of arguments and variables, to squelch compiler
guy [Wed, 14 Dec 2005 07:29:38 +0000 (07:29 +0000)]
Constify a bunch of arguments and variables, to squelch compiler

Include "wiretap/libpcap.h" in "capture_loop.h", to get its declarations
of data structures for headers in libpcap files.  This lets us remove
the includes of "wiretap/libpcap.h from files including

Make "log_func_ignore()" in "tethereal.c" static, and declare some of
its arguments unused.  Also get rid of an unused variable.

Include <pcap.h> before including "wiretap/wtap-capture.h", to declare
"struct pcap_pkthdr".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16791 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agohmmm, the include sequence might be important too ...
ulfl [Wed, 14 Dec 2005 01:45:09 +0000 (01:45 +0000)]
hmmm, the include sequence might be important too ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16790 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoadd missing include
ulfl [Wed, 14 Dec 2005 00:10:23 +0000 (00:10 +0000)]
add missing include

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16789 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoadd a new directory 'test', currently containing an alpha test (using some simple...
ulfl [Tue, 13 Dec 2005 23:15:20 +0000 (23:15 +0000)]
add a new directory 'test', currently containing an alpha test (using some simple bash scripts) of the ethereal/tethereal command line parameters. See the file README.test for details.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16788 f5534014-38df-0310-8fa8-9805f1628bb7

14 years agoHUGE STEP (hopefully toward the right direction):
ulfl [Tue, 13 Dec 2005 22:48:58 +0000 (22:48 +0000)]
HUGE STEP (hopefully toward the right direction):
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.

concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.

remove redundant code from dumpcap.c

this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16787 f5534014-38df-0310-8fa8-9805f1628bb7