guy [Tue, 31 Dec 2002 22:42:45 +0000 (22:42 +0000)]
One more "#ifdef" (well, #ifndef, actually) for _WIN32.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6834
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 22:01:48 +0000 (22:01 +0000)]
#ifdef out all the pipe-opening stuff on Windows.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6833
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:51:10 +0000 (21:51 +0000)]
From Ronald Henderson: make "format_text()", on Windows, escape all
characters that aren't printable ASCII, as GTK+ for Windows thinks
strings are UTF-8 but the strings we give it wouldn't be UTF-8.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6832
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:49:00 +0000 (21:49 +0000)]
Update a comment to indicate why there's a problem with printable-but-
not-ASCII characters in GTK+.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6831
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:37:29 +0000 (21:37 +0000)]
From Ronald Henderson: fix up "snprintf()" and "vsnprintf()" calls in
"epan/proto.c" to properly handle string truncation (by checking both
for -1 and a value larger than the buffer size as an indication of
truncation, as some older versions of those routines return -1, and, if
the string was truncated, putting in a trailing '\0', as "snprintf()" on
some platforms might not put the trailing '\0' in).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6830
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:18:05 +0000 (21:18 +0000)]
Clean up the comments a bit.
Use _WIN32 rather than WIN32 throughout (both of them appear to work - I
don't know whether one is the "right" one to use and, if one is, which
one it is - and they're both used in Ethereal, but let's at least be
consistent within a given file).
Update the capture device open failure message on Windows not to say
Token Ring devices aren't supported - current versions of WinPcap do
support it, and the Ethereal message was updated, but the Tethereal one
wasn't.
Fix up the Tethereal code to match the Ethereal code a bit more, so that
we go to "error" on Windows if the capture device open fails, and so
that the code actually compiles on Windows. Fix up the indentation
while we're at it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6829
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:12:55 +0000 (21:12 +0000)]
Use _WIN32 rather than WIN32 throughout (both of them appear to work - I
don't know whether one is the "right" one to use and, if one is, which
one it is - and they're both used in Ethereal, but let's at least be
consistent within a given file).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6828
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 21:06:48 +0000 (21:06 +0000)]
Clean up the comments a bit.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6827
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 08:08:19 +0000 (08:08 +0000)]
Fix a braino in a last-minute fix I put into the previous checkin.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6826
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 08:05:29 +0000 (08:05 +0000)]
From Devin Heitmueller: support for decrypting DCERPC conversations
using NTLMSSP version 1.
Show stub data as such for all requests and replies where we can't
dissect the stub data as a request or reply for some DCERPC-based
protocol.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6825
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 31 Dec 2002 07:49:14 +0000 (07:49 +0000)]
Make the "rpc.fragment" and "rpc.fragment.error" fields FT_FRAMENUMs, as
they're put into the tree with "proto_tree_add_uint_format()", with the
frame number as the value.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6824
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Tue, 31 Dec 2002 04:24:18 +0000 (04:24 +0000)]
Small fix from Andrew Bartlett to make Is Directory come out right.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6823
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 29 Dec 2002 22:40:10 +0000 (22:40 +0000)]
From rmkml: support for capturing from a pipe in Tethereal.
Fix up the documentation of the "-i" flag in the Ethereal man page to
note only that "netstat -i" and "ifconfig -a" *might* work, to
specifically note that not all UNIXes support the "-a" flag to
"ifconfig", and to note that pipe data must be in *standard* libpcap
format.
Document the support for pipes in the "-i" flag in Tethereal.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6822
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 29 Dec 2002 01:25:01 +0000 (01:25 +0000)]
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6821
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 29 Dec 2002 01:19:08 +0000 (01:19 +0000)]
"&magic" is a "guint32 *", so adding a byte count to it points that
number of *32-bit words* into the magic number, not that number of
*bytes* into the magic number; cast it to "char *" before adding the
byte count.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6820
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 28 Dec 2002 23:15:52 +0000 (23:15 +0000)]
Mention binary developer's packages, as well as "make install-incl", in
the message printed if we can't find net/bpf.h, and line-wrap the
message.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6819
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 27 Dec 2002 22:55:40 +0000 (22:55 +0000)]
From Martin Regner: properly set the offset in the join/prune processing
loops for groups, so that it gets advanced to the beginning of the next
group after a group is finished.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6818
f5534014-38df-0310-8fa8-
9805f1628bb7
oabad [Fri, 27 Dec 2002 18:32:55 +0000 (18:32 +0000)]
Make last modifications work with gtk2.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6817
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Wed, 25 Dec 2002 20:58:06 +0000 (20:58 +0000)]
Minor spelling etc updates.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6816
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 22 Dec 2002 00:40:38 +0000 (00:40 +0000)]
The field 2 bytes into a BPDU is always a version identifier, regardless
of the type of the packet; always fetch it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6815
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 20 Dec 2002 22:30:15 +0000 (22:30 +0000)]
Update some comments.
Make the "fs" and "flags" fields in type 6 records unsigned, as they are
in other per-frame records - they're probably the same set of flag bits.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6814
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 20 Dec 2002 21:59:33 +0000 (21:59 +0000)]
Add an item for Wellfleet HDLC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6813
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 20 Dec 2002 21:58:46 +0000 (21:58 +0000)]
Make "infer_pkt_encap()" take a pointer and length as arguments.
Update some comments.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6812
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 20 Dec 2002 21:23:02 +0000 (21:23 +0000)]
Supply more information about "WAN/Synchronous" captures.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6811
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Fri, 20 Dec 2002 07:56:07 +0000 (07:56 +0000)]
Add support for Wellfleet HDLC. It now can see inside the packets and handles
the capture I was sent as a bunch of TCP segments containing LPD stuff.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6810
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Fri, 20 Dec 2002 05:40:52 +0000 (05:40 +0000)]
This adds the beginning of support for Wellfleet HDLC to ngsniffer.c as
well as Cisco HDLC support. It compiles OK, but I do not claim that it is
not borken.
I will have to add a small dissector that eats the first two bytes and then
calls the Ethernet dissector as well, to complete the work.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6809
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 20 Dec 2002 01:48:57 +0000 (01:48 +0000)]
Support putting preferences into arbitrary places in a tree, which is
used to construct the "Edit->Preferences" dialog box; this includes the
ability to register a "subtree" for preferences. Instead of
special-casing protocol preferences, have a subtree "Protocols" for
protocol preferences.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6808
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 19 Dec 2002 11:22:38 +0000 (11:22 +0000)]
Update reassemble.c/show_item and all callers to use FT_FRAMENUM for the list of packets corresponding to a reassembled pdu
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6807
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 19 Dec 2002 10:31:38 +0000 (10:31 +0000)]
Update packet-smb.c to use the new FT_FRAMENUM type
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6806
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 19 Dec 2002 05:28:40 +0000 (05:28 +0000)]
Document FT_FRAMENUM.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6805
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 19 Dec 2002 05:26:42 +0000 (05:26 +0000)]
Document "Tools->Go To Corresponding Frame".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6804
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 19 Dec 2002 03:56:04 +0000 (03:56 +0000)]
Rename "Go To Specified Frame" to "Go To Corresponding Frame" (I'm not
sure there *is* a good name for it).
Put it in the "Tools" menu as well (although I'm not sure what top-level
menu it belongs in, or if it should get a new one).
Make those items sensitive only if there's an FT_FRAMENUM item selected
in the protocol tree pane.
Clean up some menu paths in "set_menu_sensitivity()" (not that it
matters, as only the last component, and the first component if it's a
menu factory name, are used).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6803
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 19 Dec 2002 02:58:53 +0000 (02:58 +0000)]
Add a new field type FT_FRAMENUM; an FT_FRAMENUM is a 32-bit unsigned
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6802
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 18 Dec 2002 23:54:01 +0000 (23:54 +0000)]
Just use "packet_list_set_selected_row()" to select a given row in the
packet list (doing so makes the row visible as well).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6801
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 18 Dec 2002 23:08:20 +0000 (23:08 +0000)]
Don't assume that the time stamp of the last frame is the largest time
stamp in the packet; bugs in the OS kernel or the WinPcap driver, or
just forcibly setting the system time backwards, can cause time stamps
in packet traces not to monotonously increase. That can cause infinite
loops when picking the scale for the graph.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6800
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 18 Dec 2002 21:59:46 +0000 (21:59 +0000)]
Microsoft doesn't, as far as I know, have a product "Visual C"; they may
have had one ages ago, but they call their C/C++ compiler "Visual C++".
Use the right name, so as not to confuse people into thinking that the
instructions are only for "Visual C" and can't be used for Visual C++
(yes, this really did appear to happen).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6799
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Wed, 18 Dec 2002 17:44:54 +0000 (17:44 +0000)]
Fix a typo (cyrpt-md5.obj -> crypt-md5.obj).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6798
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 18 Dec 2002 06:44:50 +0000 (06:44 +0000)]
Correctly compute the minutes portion of the elapsed time.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6797
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 17 Dec 2002 22:49:33 +0000 (22:49 +0000)]
Clean up the code a bit:
don't initialize variables that are set elsewhere before they're
used;
don't call "tvb_get_ptr()" to set a variable if you're not going
to use that variable;
make the two character-processing loops have the same structure;
put the result of the XORing into an unsigned character, so it
can be handed to "isprint()" without running the risk of bogus
behavior if the 8th bit is set.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6796
f5534014-38df-0310-8fa8-
9805f1628bb7
oabad [Tue, 17 Dec 2002 22:14:54 +0000 (22:14 +0000)]
Replace #include "md5.h" with "crypt-md5.h".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6795
f5534014-38df-0310-8fa8-
9805f1628bb7
oabad [Tue, 17 Dec 2002 21:53:57 +0000 (21:53 +0000)]
- some radcom files seem to have a different magic key than the one we
use : 42:f9:02:34:12:66:22:88 instead of 42:d2:00:34:12:66:22:88
We should accept both (perhaps bytes 2 and 3 are a version number ?)
- the code which looks for the "capture start time" is wrong.
Apparently, we should look for the string "Active Time" in the file.
The "frame_date" structure which contains the capture start time is
found 32 bytes before this string.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6794
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Tue, 17 Dec 2002 16:06:54 +0000 (16:06 +0000)]
Rename md5.[ch] to crypt-md5.[ch] to conform with our naming conventions.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6793
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Tue, 17 Dec 2002 11:49:32 +0000 (11:49 +0000)]
From Jason House, support for TAPping from TCP protocol
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6792
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 17 Dec 2002 08:48:38 +0000 (08:48 +0000)]
If NBF reassembly isn't enabled, hand Data First Middle frames to
subdissectors, so that we try to dissect the first frame of a
multi-frame message as, for example, SMB, as that's the frame that
contains the SMB header. (That also means we try to dissect middle
frames, but that probably won't work unless one happens to begin with
0xff S M B.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6791
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Tue, 17 Dec 2002 04:05:25 +0000 (04:05 +0000)]
From James Harris: Decrypt RADIUS user passwords.
The MD5 is copyrighted by L. Peter Deutsch, and released under the same
license as zlib. It is GPL-compatible, and should NOT have the GPL
applied to it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6790
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 16 Dec 2002 21:18:37 +0000 (21:18 +0000)]
From Andreas Trauer: dissect the L2TP AVPs Initial Received LCP CONFREQ,
Last Received LCP CONFREQ, Last Sent LCP CONFREQ, and correct some AVP
names.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6789
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 16 Dec 2002 07:11:24 +0000 (07:11 +0000)]
Cosmetic fix for io_stat. make sure that the graph always starts with a line at zero level even if there is no data seen at the beginning of the window.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6788
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 16 Dec 2002 07:02:05 +0000 (07:02 +0000)]
Prettify RPC_PROGRAMS table when reading new capture or when closing and opening it again.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6787
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Mon, 16 Dec 2002 06:44:45 +0000 (06:44 +0000)]
From Ronald Henderson: support for colored graphs in io_stat also for the Gtk1 version.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6786
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 14 Dec 2002 23:44:48 +0000 (23:44 +0000)]
When processing a connection-oriented DCERPC PDU, don't set the columns
until we know that we have the entire PDU - we might not have all of it,
as some of it might be in, for example, a later TCP segment.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6785
f5534014-38df-0310-8fa8-
9805f1628bb7
tpot [Fri, 13 Dec 2002 06:07:04 +0000 (06:07 +0000)]
More conversions to NDR routines. This commit does most of the printerdata
routines except for the enumprinterdata values. Note the display of
strings inside the protocol tree is broken due to lack of a unicode
string frametype.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6784
f5534014-38df-0310-8fa8-
9805f1628bb7
tpot [Fri, 13 Dec 2002 04:58:56 +0000 (04:58 +0000)]
Guy has pointed out that this dissection looks wrong. In the ethereal
output for a USER_LEVEL_1 it looks like the info level and container
pointer are transposed. I'm not even sure this structure is a
container
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6783
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Thu, 12 Dec 2002 22:09:19 +0000 (22:09 +0000)]
Remove an errant space from the name "TippingPoint Technologies, Inc."
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6782
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 12 Dec 2002 08:05:31 +0000 (08:05 +0000)]
When dissecting a buffer, use the tvbuff for the buffer, as the offset
we're using is relative to the beginning of that tvbuff, not relative to
the beginning of the containing tvbuff; that also lets us use -1 when in
"proto_tree_add_text()" calls when we mean "to the end of the buffer.
Fix the comment for one field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6781
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 11 Dec 2002 22:45:24 +0000 (22:45 +0000)]
Add support for the new DLT_ value of 127, for the AVS WLAN header.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6780
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 11 Dec 2002 19:59:08 +0000 (19:59 +0000)]
From Andreas Trauer: dissect the L2TP AVPs Initial Received LCP CONFREQ,
Last Received LCP CONFREQ, Last Sent LCP CONFREQ, and correct some AVP
names.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6779
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 11 Dec 2002 19:50:24 +0000 (19:50 +0000)]
From Devin Heitmueller:
Minor change to the connection oriented DCE/RPC function calls.
Now the offset is provided in the call, instead of having a
hard-coded value in each function. Also makes the calling
convention consistent with the datagram equivalents for the
functions.
Didn't do it for dissect_dcerpc_cn_auth() yet, as that is a
special case (and I am in the process of restructuring it to
make verifier decryption work properly).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6778
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 11 Dec 2002 19:31:02 +0000 (19:31 +0000)]
From Devin Heitmueller: make the RC4 support stateful.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6777
f5534014-38df-0310-8fa8-
9805f1628bb7
tuexen [Tue, 10 Dec 2002 21:41:23 +0000 (21:41 +0000)]
- get rid of registering as SUA light upper layer (support for SUA light
will be dropped), RANAP will be an upper layer of SUA.
- register as upper layer of SCCP with the ITU assigned subsystem number
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6776
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 10 Dec 2002 19:05:29 +0000 (19:05 +0000)]
From Michal Melerowicz: fix the display of IMSI for operators having a
mobile network code greater than 9.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6775
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 10 Dec 2002 07:39:48 +0000 (07:39 +0000)]
Fix the formal argument list to "bytestring_to_str()" to match the
changes to the actual argument lists in the calls (putting the byte
string length after the byte string pointer).
Make the byte string length actually be the length, not the length - 1.
Use a #define for the longest byte string it can handle, and put in a
"g_assert()" to check the sanity of that length.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6774
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 10 Dec 2002 02:49:31 +0000 (02:49 +0000)]
Move the handling of the Network_Header for full FC frames into the FC
dissector, and have the LLC dissector register itself as the dissector
for IP-over-FC frames, as the payload is just an LLC 802.2 header plus
payload for the protocol specified by that header.
In the dissector for IP-over-FC as a Wiretap link-layer type, have its
top-level item be a protocol item rather than a text item, and don't
register it as the dissector for IP-over-FC frames from the FC dissector
- it assumes what it's handed includes the Network_Header, but for full
FC frames, the FC dissector has already consumed the Network_Header.
Move the definitions of the value_string tables out of the header file;
most of them are used only in one file, so define them in that file, and
for "fc_fc4_val", define it in "packet-fc.c", make it not static, and
declare it in "packet-fc.h".
Use FALSE, rather than 0, as the last argument to
"proto_tree_add_item()" calls that add a big-endian value.
Fix one "proto_tree_add_uint()" call that was supposed to be a
"proto_tree_add_item()" call.
Use "%u", not "%d", to display unsigned values.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6773
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 10 Dec 2002 01:17:21 +0000 (01:17 +0000)]
Add a new type of column for the circuit ID (Frame Relay DLCI, ISDN
channel number, X.25 logical channel number).
Clean up white space and the like, and get rid of unnecessary arguments
to "col_set_port()".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6772
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 10 Dec 2002 00:12:59 +0000 (00:12 +0000)]
From Alfred Koebler: add support for a column for the interface and
direction in Firewall-1 monitor files.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6771
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 9 Dec 2002 21:34:58 +0000 (21:34 +0000)]
Work around annoying Apple C compiler/linker bug.
"ether_to_str_punct()" no longer deals only with Ethernet-style
addresses, as it now takes a length argument, rename it
"bytestring_to_str()" - and make it static, as it's not used outside
"to_str.c".
Get rid of unused "fc_to_str_buf()" routine.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6770
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Mon, 9 Dec 2002 03:09:35 +0000 (03:09 +0000)]
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6769
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 8 Dec 2002 22:53:00 +0000 (22:53 +0000)]
Clean up a bit, and put "extern" back.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6768
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 8 Dec 2002 22:35:30 +0000 (22:35 +0000)]
Add a capture routine for IP-over-FC, and call it from the capture code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6767
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 8 Dec 2002 22:22:03 +0000 (22:22 +0000)]
On UNIX, search for plugins only in the directory in which plugins will
be installed - don't explicitly search
"/usr/lib/ethereal/plugins/{version}" or
"/usr/local/lib/ethereal/plugins/{version}", so that if there's more
than one version of Ethereal installed, we don't end up picking up
plugins from the wrong version.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6766
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 8 Dec 2002 22:01:20 +0000 (22:01 +0000)]
Do LLC handoff from the IP-over-FC dissector the way it's done for other
protocols using 802.2 LLC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6765
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 8 Dec 2002 21:56:06 +0000 (21:56 +0000)]
Get rid of comment from sample dissector.
Get rid of some probably-unnecessary #includes.
Register the IP-over-FC dissector as the dissector to call for
IP-over-FC captures.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6764
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 03:59:03 +0000 (03:59 +0000)]
Add packet-ipfc.c to Makefile.nmake.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6762
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 03:38:19 +0000 (03:38 +0000)]
Add packet-ipfc.c and packet-fcbls.h to Makefile.am.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6761
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 02:52:57 +0000 (02:52 +0000)]
Move the advisory notice to the top.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6760
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 02:35:52 +0000 (02:35 +0000)]
Update Dinesh's entry to include FC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6759
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 02:34:41 +0000 (02:34 +0000)]
Add Fibre Channel entries.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6758
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sun, 8 Dec 2002 02:32:36 +0000 (02:32 +0000)]
From Dinesh Dutt: Add Fibre Channel support, including FCIP, Basic FC
header, Extended Link Service, Interswitch Link Service, FCP, and IPFC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6757
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sat, 7 Dec 2002 23:14:09 +0000 (23:14 +0000)]
Bah. I somehow lost the ChangeLog entries from Nov 1 to today. Recreate
them.
Add RCS IDs to ChangeLog and NEWS.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6756
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sat, 7 Dec 2002 21:43:27 +0000 (21:43 +0000)]
Add make-tapreg-dotc to the distribution.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6755
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sat, 7 Dec 2002 21:18:57 +0000 (21:18 +0000)]
Tidy up for the 0.9.8 release
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6754
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sat, 7 Dec 2002 21:10:22 +0000 (21:10 +0000)]
Add (and remove upon uninstallation) SNMP MIBs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6753
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Sat, 7 Dec 2002 03:45:34 +0000 (03:45 +0000)]
Don't pass a null string pointer to proto_tree_add_text().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6752
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Fri, 6 Dec 2002 21:01:37 +0000 (21:01 +0000)]
When we have tretransmissions of TCP for a RPC/(NFS) session we
often get TCP to collapse multiple RPC PDUs into a MSS TCP segment.
This changes the RPC dissector so that it will put one entry on COL_INFO
for each PDU in the segment, (as the SMB dissector does for multiple AndX calls in one SMB PDU)
and just one entry for the first/last RPC PDU.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6751
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 5 Dec 2002 22:33:11 +0000 (22:33 +0000)]
Sigh. We really *do* have to check whether a capture is a snoop or
Surveyor capture, as there's one link-layer type that UNICOS/mp snoop
treats one way and Shomiti Surveyor treats another way. The only way to
check that is to look at the first record to see how much padding it
has.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6750
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 5 Dec 2002 22:31:13 +0000 (22:31 +0000)]
From Fritz Budiyanto: add a missing g_ntohs() for flow_label in the
gtpv0 decoder.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6749
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 5 Dec 2002 22:19:24 +0000 (22:19 +0000)]
Fix two compiler warnings
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6748
f5534014-38df-0310-8fa8-
9805f1628bb7
sahlberg [Thu, 5 Dec 2002 22:15:54 +0000 (22:15 +0000)]
Fix for DCERPC detection when carried ontop of SMB.
If we do not see the TreeConnect call when a TID is connected, we did not
know it was a IPC share.
If we do not know what kind of share it is we assume it being a normal one
and thus read/write data to that share is normal file i/o.
Update the dissector so that IF it sees a Transaction SMB carrying PIPE (dcerpc)
then we assume that all other read/write to that TID is also DCERPC.
I.e. we assume the entire TID is IPC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6747
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 5 Dec 2002 18:26:10 +0000 (18:26 +0000)]
It seems pretty clear that a PDU_AUTH3 really is an AUTH3 PDU, and we
know what it is (a PDU for the third stage in a 3-way authentication
handshake, as is done with NTLMSSP authentication, for example) - get
rid of the question mark after "AUTH3".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6746
f5534014-38df-0310-8fa8-
9805f1628bb7
tuexen [Thu, 5 Dec 2002 10:19:13 +0000 (10:19 +0000)]
Fixed a bug regarding the handling of correlation ids.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6745
f5534014-38df-0310-8fa8-
9805f1628bb7
tuexen [Wed, 4 Dec 2002 17:07:26 +0000 (17:07 +0000)]
Added support for the Implementers Guide.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6744
f5534014-38df-0310-8fa8-
9805f1628bb7
tpot [Wed, 4 Dec 2002 06:05:42 +0000 (06:05 +0000)]
Some constant for getprinter level 7 decoding.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6743
f5534014-38df-0310-8fa8-
9805f1628bb7
tpot [Wed, 4 Dec 2002 05:41:47 +0000 (05:41 +0000)]
Decode getprinter level 7.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6742
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Wed, 4 Dec 2002 04:26:14 +0000 (04:26 +0000)]
Bump the version to 0.9.8. Update NEWS and ChangeLog to October 24.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6741
f5534014-38df-0310-8fa8-
9805f1628bb7
gerald [Tue, 3 Dec 2002 15:21:28 +0000 (15:21 +0000)]
Include <string.h> so that memcpy() is properly declared.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6740
f5534014-38df-0310-8fa8-
9805f1628bb7
tuexen [Tue, 3 Dec 2002 09:31:48 +0000 (09:31 +0000)]
- added RFC 3331 indication to the protocol column entry.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6739
f5534014-38df-0310-8fa8-
9805f1628bb7
tuexen [Tue, 3 Dec 2002 09:29:11 +0000 (09:29 +0000)]
- Updated to RFC 3331 version.
- Improved handling of padding bytes.
- Some cleanup of the code.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6738
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 3 Dec 2002 08:36:48 +0000 (08:36 +0000)]
I've seen a capture with a TDS packet type of 18 at the beginning of the
session; treat all packet type values >= 1 and <= 18 as valid packet
types.
Do standard TCP desegmentation of Netlib buffers, and do reassembly of
TDS messages fragmented over multiple Netlib buffers, rather than doing
the "remember what was in the last TCP segment" stuff; I've seen nothing
to indicate that a TDS message would continue past the last byte of a
"last buffer in request or response" Netlib buffer, and the "remember
what was in the last TCP segment" stuff was complicated and buggy,
perhaps irreparably so ("buggy" as in "crashes").
Make the top-level protocol item for a TDS message be an item for
"proto_tds", and put both the Netlib header and TDS stuff under that
item - that's what Microsoft Network Monitor does.
Get rid of the unused Netlib heuristic subdissector list.
Don't make a new data source for NTLMSSP data in a TDS message - the
data is just a slice of the message, it's not transformed from ASCII hex
to binary, or reassembled, or anything such as that.
Tokens are tokens, not PDUs.
Make the heuristics a bit stronger, to reject packets that are clearly
not TDS packets. Once the heuristics match, make a non-heuristic
dissector the dissector for the conversation.
Quit dissecting the TCP segment (or reassembled data) if we have a
Netlib buffer with a length < 8, as it's not large enough to even have a
Netlib header.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6737
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 3 Dec 2002 08:24:58 +0000 (08:24 +0000)]
Make the fragment item table static and const.
Call the pieces of a multi-frame NetBIOS message fragments, not
segments.
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6736
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 3 Dec 2002 02:38:39 +0000 (02:38 +0000)]
Show all 6 digits of precision in the time stamp column when displaying
absolute time stamps (we were already doing that for relative and delta
time stamps).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6735
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 3 Dec 2002 02:07:07 +0000 (02:07 +0000)]
Cast const pointer arguments to "g_free()" and "g_hash_table_foreach()"
to "gpointer", so that we only get warnings when we turn on the extra
GCC warning checks.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@6734
f5534014-38df-0310-8fa8-
9805f1628bb7