19 years agoPut the "-s" option in the SYNOPSIS section.
guy [Wed, 16 Jan 2002 21:06:22 +0000 (21:06 +0000)]
Put the "-s" option in the SYNOPSIS section.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4554 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSCTP support in text2pcap, and fix to usage message for "-u", from
guy [Wed, 16 Jan 2002 21:05:10 +0000 (21:05 +0000)]
SCTP support in text2pcap, and fix to usage message for "-u", from
Michael Tuexen.

Documentation of SCTP support in text2pcap, from me.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4553 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Mark Burton: reinstate data segment digest handling, and stop the
guy [Wed, 16 Jan 2002 20:25:07 +0000 (20:25 +0000)]
From Mark Burton: reinstate data segment digest handling, and stop the
SCSI dissector from treating data digests as payload.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4552 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTethereal needs to allocate space for col_expr[] and col_expr_val[] too.
gram [Tue, 15 Jan 2002 23:11:02 +0000 (23:11 +0000)]
Tethereal needs to allocate space for col_expr[] and col_expr_val[] too.
Capturing with non-verbose output being printed segfaulted w/o this.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4551 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCollapse the two entries for Mark Burton into one.
guy [Tue, 15 Jan 2002 23:07:20 +0000 (23:07 +0000)]
Collapse the two entries for Mark Burton into one.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4550 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake the label for the SCTP checksum type preference item indicate that
guy [Tue, 15 Jan 2002 23:05:36 +0000 (23:05 +0000)]
Make the label for the SCTP checksum type preference item indicate that
it's a checksum type (and remove "SCTP", as that's redundant), and make
the blurb explain it in a bit more detail.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4549 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Michael Tuexen:
guy [Tue, 15 Jan 2002 22:58:06 +0000 (22:58 +0000)]
From Michael Tuexen:

- Support of the crc32c algorithm.
- Selection of the checksum algorithm (none, adler-32, crc32c,
  automatic) in the preferences/protocols menu.
- Display of the IP address in asconf chunks.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4548 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Marc Milgram: fix to allow VMS TCPIPtrace files that don't have
guy [Tue, 15 Jan 2002 20:18:02 +0000 (20:18 +0000)]
From Marc Milgram: fix to allow VMS TCPIPtrace files that don't have
exactly 3 spaces before the word "TCPIPtrace" to be recognized.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4547 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Martti Kuparinen: update the HMIPv6 support to match the latest
guy [Tue, 15 Jan 2002 20:11:10 +0000 (20:11 +0000)]
From Martti Kuparinen: update the HMIPv6 support to match the latest
draft (draft-ietf-mobileip-hmipv6-05.txt).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4546 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoInclude <resolv.h> after "globals.h", as, at least on some platforms,
guy [Tue, 15 Jan 2002 20:09:55 +0000 (20:09 +0000)]
Include <resolv.h> after "globals.h", as, at least on some platforms,
headers included by "globals.h" define MAXNAMELEN, and <resolv.h>
defines it if it's not already defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4545 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCorrectly handle BGP attributes with lists of entries when the attribute
guy [Tue, 15 Jan 2002 10:12:17 +0000 (10:12 +0000)]
Correctly handle BGP attributes with lists of entries when the attribute
has the "extended length" flag set - the starting offset of the list
depends on whether the "extended length" bit was set or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4544 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix some preferences to eliminate the extra copy of the protocol name at
guy [Tue, 15 Jan 2002 10:01:21 +0000 (10:01 +0000)]
Fix some preferences to eliminate the extra copy of the protocol name at
the beginning, and to use underscores rather than periods where the
preference's name really isn't part of a hierarchical namespace.

Use "%u" rather than "%d" to print unsigned quantities.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4543 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWhen checking whether to do DCERPC-over-SMB reassembly on a Read and X
guy [Tue, 15 Jan 2002 09:42:26 +0000 (09:42 +0000)]
When checking whether to do DCERPC-over-SMB reassembly on a Read and X
response, don't assume that we saw the request and therefore that
"si->sip" is non-null - we might well not have seen the request and thus
might not have set "si->sip".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4542 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Ronnie Sahlberg:
girlich [Mon, 14 Jan 2002 13:16:31 +0000 (13:16 +0000)]
From Ronnie Sahlberg:
this fixes the bug that nfs name snooping did not work for nfs v2.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4541 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoNFSv3 fsstat reply label texts explanded. "afiles" and similar names were not
girlich [Mon, 14 Jan 2002 12:22:58 +0000 (12:22 +0000)]
NFSv3 fsstat reply label texts explanded. "afiles" and similar names were not
really that useful.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4540 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGive each LDAP packet its own top-level protocol tree item. (This also
guy [Mon, 14 Jan 2002 03:01:13 +0000 (03:01 +0000)]
Give each LDAP packet its own top-level protocol tree item.  (This also
means if there are no complete LDAP packets in a TCP segment, there is
no LDAP top-level protocol tree item, which is as it should be.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4539 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd support for TCP desegmentation.
guy [Mon, 14 Jan 2002 02:50:28 +0000 (02:50 +0000)]
Add support for TCP desegmentation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4538 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGet the current value of Boolean preferences before adding widgets for
guy [Mon, 14 Jan 2002 01:14:52 +0000 (01:14 +0000)]
Get the current value of Boolean preferences before adding widgets for
them (by putting back a line that got accidentally deleted in a previous

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4537 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a preferences page for the name resolution flags.
guy [Sun, 13 Jan 2002 20:35:12 +0000 (20:35 +0000)]
Add a preferences page for the name resolution flags.

Separate the preferences value for those flags and the name resolution
code's value into separate variables; this means that the resolution
code no longer depends on the preferences code, and may let us
eventually have the current setting and the preference setting differ
(so that a user can temporarily override the preference setting without
causing subsequent saves of the preferences to save the temporary

Add routines to create various types of widgets for preferences, and to
fetch the values for "enumerated" preferences, and use them both in the
code to handle hardwired preference pages and table-driven preference

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4536 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPut the labels of check boxes to the left of the checkboxes,
guy [Sat, 12 Jan 2002 11:09:09 +0000 (11:09 +0000)]
Put the labels of check boxes to the left of the checkboxes,
right-aligned, and give all of them a colon at the end, to match the
style of other preferences.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4535 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGet rid of unused variables.
guy [Sat, 12 Jan 2002 11:02:47 +0000 (11:02 +0000)]
Get rid of unused variables.

Put the labels of check boxes to the left of the checkboxes,
right-aligned, and give all of them a colon at the end, to match the
style of module preferences.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4534 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Ronnie Sahlberg: file handle to file name resolution in NFS and
guy [Sat, 12 Jan 2002 10:24:47 +0000 (10:24 +0000)]
From Ronnie Sahlberg: file handle to file name resolution in NFS and
related protocols.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4533 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWhile you're at it, use the key for the auto scroll option checkbox for
guy [Sat, 12 Jan 2002 09:19:59 +0000 (09:19 +0000)]
While you're at it, use the key for the auto scroll option checkbox for
the pointer to the auto scroll options checkbox....

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4532 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake the key for the capture preference window's pointer to the auto
guy [Sat, 12 Jan 2002 09:13:50 +0000 (09:13 +0000)]
Make the key for the capture preference window's pointer to the auto
scroll option checkbox distinct from the key for the pointer to the
real-time capture option checkbox, so thee auto scroll option checkbox
can be fetched.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4531 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSupport for BSD Compress, MVRCA, and Deflate compression options in
guy [Fri, 11 Jan 2002 21:37:10 +0000 (21:37 +0000)]
Support for BSD Compress, MVRCA, and Deflate compression options in
CCP, from Motonori Shindo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4530 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Guy Harris, after checking his Python code.
gram [Fri, 11 Jan 2002 14:33:04 +0000 (14:33 +0000)]
From Guy Harris, after checking his Python code.

Some compilers don't mind zero-length arrays, but MSVC++ 6.0 does.

"ncp2222.py" was generating a zero-length "ett[]" array.  Make it generate
the "ett[]" array and the call to "proto_register_subtree_array()"
only if the list of items for "ett[]" is non-empty CVS:

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4529 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"void" values cannot be returned, even by a "void" function.
guy [Fri, 11 Jan 2002 11:07:21 +0000 (11:07 +0000)]
"void" values cannot be returned, even by a "void" function.

The "downstream" flag is a Boolean; treat it as such.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4528 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDeclare "capture()" appropriately.
guy [Fri, 11 Jan 2002 11:04:03 +0000 (11:04 +0000)]
Declare "capture()" appropriately.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4527 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPut in a comment giving various Internet Draft names for ICMPv6 stuff we
guy [Fri, 11 Jan 2002 09:19:54 +0000 (09:19 +0000)]
Put in a comment giving various Internet Draft names for ICMPv6 stuff we

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4526 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix some more signed vs. unsigned issues.
guy [Fri, 11 Jan 2002 09:12:26 +0000 (09:12 +0000)]
Fix some more signed vs. unsigned issues.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4525 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdate the man page to reflect user interface changes.
guy [Fri, 11 Jan 2002 09:02:15 +0000 (09:02 +0000)]
Update the man page to reflect user interface changes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4524 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoLabel the window popped up by "Capture->Start" "Capture Options", not
guy [Fri, 11 Jan 2002 08:55:02 +0000 (08:55 +0000)]
Label the window popped up by "Capture->Start" "Capture Options", not
"Capture Preferences", to avoid confusion with the "Capture" item in the
"Preferences" dialog (which sets the initial default values for the
"Capture Options" dialog).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4523 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Jirka Novak:
guy [Fri, 11 Jan 2002 08:21:02 +0000 (08:21 +0000)]
From Jirka Novak:

Support for generating filter expressions based on packet list
    column values
Support for adding filter expressions generated from column or
    protocol tree field values to the current expression rather
    than replacing the current expression

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4522 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave a routine to create a scrolled window, set its vertical scrollbar
guy [Fri, 11 Jan 2002 07:40:32 +0000 (07:40 +0000)]
Have a routine to create a scrolled window, set its vertical scrollbar
preference, and add it to the list of scrolled windows; call that
routine to create scrolled windows, rather than creating it and calling
other routines to do the other two operations.

As "set_scrollbar_placement_all()" and "set_ctree_styles_all()" always
set the styles to match the user's preference, don't have them take an
argument, have them just use the user's preference settings.

Get rid of unnecessary includes of "prefs_dlg.h", replacing them with
includes of "prefs.h" if necessary.  Don't have "prefs_dlg.h" include
"prefs.h" - its sole purpose is to declare routines defined in
"prefs_dlg.c" - and add any additional includes of "prefs.h" this

Get rid of unnecessary includes of "prefs.h" and "gtkglobals.h".

Fix up white space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4521 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave routines to create GtkCTrees, set their line and expander style
guy [Fri, 11 Jan 2002 06:43:18 +0000 (06:43 +0000)]
Have routines to create GtkCTrees, set their line and expander style
based on the user's UI preferences, and add them to a list of GtkCTrees.
Use those routines to create all GtkCTrees.

Have a routine to update the preferences for all of those GtkCTrees.
Call that routine whenever the preferences change.

Label the line and expander style preferences as "Tree line style" and
"Tree expander style", as they no longer apply only to protocol trees.

Move the routines to maintain a list of scrolled windows, and to update
scrollbar placement for scrolled windows, to "ui_util.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4520 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoOh, what the heck, write out FDDI and bit-swapped FDDI as the same type
guy [Fri, 11 Jan 2002 02:51:31 +0000 (02:51 +0000)]
Oh, what the heck, write out FDDI and bit-swapped FDDI as the same type
in Sniffer Classic files; there's nothing we can do about those
platforms that bit-swap FDDI addresses before handing them to DLPI or
whatever, so we'll just let people live with wrong FDDI addresses (or
maybe someday put in code to bit-swap them before writing them out to
the capture file).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4519 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Nagarjuna Venna: only display the reason in BYE RTCP packets if
guy [Thu, 10 Jan 2002 22:21:14 +0000 (22:21 +0000)]
From Nagarjuna Venna: only display the reason in BYE RTCP packets if
it's present.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4518 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Irfan Khan: don't use bitfields.
guy [Thu, 10 Jan 2002 22:07:49 +0000 (22:07 +0000)]
From Irfan Khan: don't use bitfields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4517 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAs per a comment from Ronnie Sahlberg, display TCP sequence numbers in
guy [Thu, 10 Jan 2002 11:27:57 +0000 (11:27 +0000)]
As per a comment from Ronnie Sahlberg, display TCP sequence numbers in
the list of segments in a desegmented PDU as unsigned, rather than

Fix some other displays of unsigned quantities with "%d" while we're at

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4516 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix more unsigned items to be displayed with "%u" rather than "%d", as
guy [Thu, 10 Jan 2002 11:21:21 +0000 (11:21 +0000)]
Fix more unsigned items to be displayed with "%u" rather than "%d", as
per Martti Kuparinen's comments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4515 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSeparate the promiscuous mode, "Update list of packets in real time",
guy [Thu, 10 Jan 2002 11:05:50 +0000 (11:05 +0000)]
Separate the promiscuous mode, "Update list of packets in real time",
and "Automatic scrolling in live capture" options from the preference
settings for them, so that the preference settings affect the initial
values of those options, but changing those values in a capture don't
affect the preferences, and don't automatically get saved when you save
the preferences.

If we're building without libpcap, don't have an "Automatic scrolling in
live capture" option anywhere.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4514 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix some problems with building Ethereal/Tethereal without libpcap.
guy [Thu, 10 Jan 2002 09:51:23 +0000 (09:51 +0000)]
Fix some problems with building Ethereal/Tethereal without libpcap.

Get rid of a #include I'd #if 0'ed out.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4513 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThe filetime is an unsigned quantity, so display it with %u, as per
guy [Thu, 10 Jan 2002 09:49:35 +0000 (09:49 +0000)]
The filetime is an unsigned quantity, so display it with %u, as per
Martti Kuparinen's comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4512 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't break out of a loop from inside TRY clause; set a flag and break
guy [Thu, 10 Jan 2002 08:06:25 +0000 (08:06 +0000)]
Don't break out of a loop from inside TRY clause; set a flag and break
after the ENDTRY.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4511 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a preferences page for capture preferences, so that the user can
guy [Thu, 10 Jan 2002 07:43:39 +0000 (07:43 +0000)]
Add a preferences page for capture preferences, so that the user can
directly edit the capture preferences, rather than only being able to
set them implicitly from the values for the most recent capture.

Add a preferences item for the interface on which to capture.

Get rid of some unused variables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4510 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAllow NCP types to define bitfields. In order to implement
gram [Thu, 10 Jan 2002 04:44:34 +0000 (04:44 +0000)]
Allow NCP types to define bitfields. In order to implement
sub-trees, I added new functions to ptvcursor:


Note that no NCP type that actually uses bitfields has been
checked in yet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4509 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSCSI dissector, and changes to make the iSCSI dissector use it, from
guy [Thu, 10 Jan 2002 01:28:45 +0000 (01:28 +0000)]
SCSI dissector, and changes to make the iSCSI dissector use it, from
Dinesh Dutt.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4508 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoProvide a --disable-usr-local flag to configure so that
gram [Wed, 9 Jan 2002 23:21:55 +0000 (23:21 +0000)]
Provide a --disable-usr-local flag to configure so that
-I/usr/local/include and -L/usr/local/lib aren't automatically added
to the build flags.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4507 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHMIPv6 fix, from Martti Kuparinen.
guy [Wed, 9 Jan 2002 19:13:03 +0000 (19:13 +0000)]
HMIPv6 fix, from Martti Kuparinen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4506 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd DHCPv6 dissector to Windows build.
guy [Wed, 9 Jan 2002 02:55:38 +0000 (02:55 +0000)]
Add DHCPv6 dissector to Windows build.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4505 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDHCPv6 dissector, based on draft-ietf-dhc-dhcpv6-22.txt.
itojun [Wed, 9 Jan 2002 02:51:46 +0000 (02:51 +0000)]
DHCPv6 dissector, based on draft-ietf-dhc-dhcpv6-22.txt.
note that protocol constants are subject to change.
(packet format is also subject to change.  but 22 draft should go
to wg last call very soon, and I really hope it to be the final one...)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4504 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Marc Milgram: all packets in DBS Etherwatch and VMS TCPIPTRACE
guy [Tue, 8 Jan 2002 22:30:29 +0000 (22:30 +0000)]
From Marc Milgram: all packets in DBS Etherwatch and VMS TCPIPTRACE
captures are IP packets, so make the file encapsulation
WTAP_ENCAP_RAW_IP rather than WTAP_ENCAP_PER_PACKET, so you can save
those captures in other formats.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4503 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't process a color filter if there's no filter associated with it.
guy [Tue, 8 Jan 2002 21:35:17 +0000 (21:35 +0000)]
Don't process a color filter if there's no filter associated with it.

Don't put a color filter into the list of color filters if we can't
allocate the colors for the filter.

Clean up white space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4502 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom M.C. van den Bovenkamp: 00:B0:D0 now belongs to Dell. (The IEEE
guy [Tue, 8 Jan 2002 20:58:14 +0000 (20:58 +0000)]
From M.C. van den Bovenkamp: 00:B0:D0 now belongs to Dell.  (The IEEE
OUI listing from


agrees with that.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4501 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Tom Uijldert: fix to supply a non-null string argument to
guy [Tue, 8 Jan 2002 20:51:16 +0000 (20:51 +0000)]
From Tom Uijldert: fix to supply a non-null string argument to
"proto_tree_add_string_format()", so the item has a value, and so that
Ethereal doesn't just crash.

Get rid of some uses of "tvb_length()" - use "tvb_reported_length()", or
-1, instead (so that we don't quit when we run out of captured data).

Use "g_warning()", as other dissectors do, for reporting problems with
packets.  (They should really put it into the protocol tree, instead,
but that's another matter....)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4500 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "proto_tree_add_item()", not "proto_tree_add_bytes()", to add an
guy [Tue, 8 Jan 2002 20:11:57 +0000 (20:11 +0000)]
Use "proto_tree_add_item()", not "proto_tree_add_bytes()", to add an
item for extra data at the end of the Transaction2 request parameters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4499 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a routine to kill a capture child if it exists, so that if we exit
guy [Tue, 8 Jan 2002 09:32:15 +0000 (09:32 +0000)]
Add a routine to kill a capture child if it exists, so that if we exit
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.

Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.

When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4498 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf a ReportedBoundsError exception occurs, report it as a "malformed
guy [Tue, 8 Jan 2002 07:17:55 +0000 (07:17 +0000)]
If a ReportedBoundsError exception occurs, report it as a "malformed
packet" rather than a "malformed frame" - the packet in question might
be part of a link-layer frame or might span more than one link-layer

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4497 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "%u", not "%d", to print unsigned quantities.
guy [Tue, 8 Jan 2002 07:14:08 +0000 (07:14 +0000)]
Use "%u", not "%d", to print unsigned quantities.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4496 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMatch requests and responses using both the MID and the PID; the SNIA
guy [Tue, 8 Jan 2002 05:52:05 +0000 (05:52 +0000)]
Match requests and responses using both the MID and the PID; the SNIA
CIFS draft spec speaks of both being used:

The multiplex ID (Mid) is used along with the Pid to allow
multiplexing the single client and server connection among the
client's multiple processes, threads, and requests per thread.
Clients may have many outstanding requests (up to the negotiated
number, MaxMpxCount) at one time.  Servers MAY respond to
requests in any order, but a response message MUST always
contain the same Mid and Pid values as the corresponding request
message.  The client MUST NOT have multiple outstanding requests
to a server with the same Mid and Pid.

and I have seen a capture where more than one PID is used on a given
connection and where the same MID is used with two different PIDs.

Get rid of the "mid" field in the "smb_info_t" structure - the MID is
not used outside "dissect_smb()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4495 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoVendor ID lookup fix, from David Frascone.
guy [Mon, 7 Jan 2002 20:05:20 +0000 (20:05 +0000)]
Vendor ID lookup fix, from David Frascone.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4494 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdates from Tim Potter.
guy [Mon, 7 Jan 2002 19:55:48 +0000 (19:55 +0000)]
Updates from Tim Potter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4493 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoClean up white space.
guy [Mon, 7 Jan 2002 01:05:33 +0000 (01:05 +0000)]
Clean up white space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4492 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCatch ReportedBoundsError exceptions when dissecting an RPC-over-TCP
guy [Mon, 7 Jan 2002 00:59:26 +0000 (00:59 +0000)]
Catch ReportedBoundsError exceptions when dissecting an RPC-over-TCP
call/reply, and report the error but don't re-throw the exception; that
way, we can continue to dissect additional RPC messages in the frame or
reassembled chunk of data, even if one of them happens to be too short
for what's in it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4491 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoShuffle a comment, and clean up white space.
guy [Mon, 7 Jan 2002 00:57:46 +0000 (00:57 +0000)]
Shuffle a comment, and clean up white space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4490 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCatch ReportedBoundsError exceptions when dissecting the payload of an
guy [Mon, 7 Jan 2002 00:16:32 +0000 (00:16 +0000)]
Catch ReportedBoundsError exceptions when dissecting the payload of an
NBSS session message, and report the error but don't re-throw the
exception; that way, we can continue to dissect additional NBSS messages
in the frame or reassembled chunk of data, even if one of them happens
to be too short for what's in it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4489 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThere's no need for two separate "Extension Length" fields - you can
guy [Sat, 5 Jan 2002 22:09:17 +0000 (22:09 +0000)]
There's no need for two separate "Extension Length" fields - you can
add a 1-byte item for a FT_UINT16 field.

Don't create a separate tvbuff for the extensions, just use the tvbuff
handed to us and start dissecting at the beginning of the extensions.

Use the reported length, not the captured length, to indicate how much
to dissect, so that if the frame was cut short by the snapshot length,
we throw a "Short Frame" exception.

Use "proto_tree_add_item()", not "proto_tree_add_bytes()", to add an
item for the data in an unknown extension.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4488 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a typo.
guy [Sat, 5 Jan 2002 21:49:36 +0000 (21:49 +0000)]
Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4487 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Ronnie Sahlberg: use size from encapsulation instead of how many
guy [Sat, 5 Jan 2002 20:08:47 +0000 (20:08 +0000)]
From Ronnie Sahlberg: use size from encapsulation instead of how many
bytes were dissected since there can be padding bytes after the ndmp pdu
and to the end of what size said it would be, and some other cleanups.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4486 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdditional sanity checks, from Ronnie Sahlberg.
guy [Sat, 5 Jan 2002 20:05:53 +0000 (20:05 +0000)]
Additional sanity checks, from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4485 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoLong NCP traces can easily have many packets whose "uniqueness"
gram [Sat, 5 Jan 2002 04:12:17 +0000 (04:12 +0000)]
Long NCP traces can easily have many packets whose "uniqueness"
variables wrap-around. Since the request/reply packets are related via
a hash based on these uniqueness variables, long NCP traces can
have mis-matches reqeust/reply records.

Thus, only do the hash-lookup for the reply packet during the first
sequential scan of the trace file. Once the pertinent info is found,
store it in the packet's private data area.

Since the memory allocated for the hash and for the structures that make
up the keys are no longer needed after the first sequential run through
the trace file, arrange to free that memory after the first sequential
run. Similar to the register_init_routine() that allows dissectors
to register callbacks for calling *before* a capture file is loaded,
set up a register_postseq_cleanup_routine() function that allows
dissectors to register callbacks for calling *after* the first
sequential run-through of the trace file is made. This is not
a *final* cleanup callback, since Ethereal will still have that trace file
open for random-access reading.

I didn't have tethereal call postseq_cleanup_all_protocols() since
tethereal doesn't keep the trace file open for random-access reading.
I could easily be swayed to make tethereal call that function, however.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4484 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFurther updates from Ronnie Sahlberg.
guy [Fri, 4 Jan 2002 23:53:40 +0000 (23:53 +0000)]
Further updates from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4483 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf the "parent directory" of what would be the personal configuration
guy [Fri, 4 Jan 2002 21:50:26 +0000 (21:50 +0000)]
If the "parent directory" of what would be the personal configuration
file directory is just a drive letter (e.g., if the directory is
"c:\Ethereal"), don't "stat()" it to see if it exists (as that'll fail,
falsely leading us to believe it needs to be created; the attempt to do
so will fail), just assume it exists.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4482 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Hamish Moffatt:
guy [Fri, 4 Jan 2002 21:20:20 +0000 (21:20 +0000)]
From Hamish Moffatt:

Additional Windows Makefile dependencies, so more stuff gets
built as needed.

Additional stuff cleaned up by "make clean" (well, "nmake -f
makefile.nmake clean", anyway)

Make PDB_FILE be "vc*.pdb", so it referes to the PDB files
either for VC++ 5.0 or VC++ 6.0.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4481 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWTP reassembly, from Tom Uijldert.
guy [Fri, 4 Jan 2002 20:20:08 +0000 (20:20 +0000)]
WTP reassembly, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4480 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMost of NDMP, from Ronnie Sahlberg.
guy [Fri, 4 Jan 2002 19:55:03 +0000 (19:55 +0000)]
Most of NDMP, from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4479 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix up white space.
guy [Fri, 4 Jan 2002 08:57:09 +0000 (08:57 +0000)]
Fix up white space.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4478 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"proto_tree_is_visible" no longer exists as a global variable, so remove
guy [Fri, 4 Jan 2002 08:56:11 +0000 (08:56 +0000)]
"proto_tree_is_visible" no longer exists as a global variable, so remove
its declaration.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4477 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTCP desegmentation support in SSL, from Scott Renfro.
guy [Fri, 4 Jan 2002 07:01:54 +0000 (07:01 +0000)]
TCP desegmentation support in SSL, from Scott Renfro.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4476 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Hamish Moffatt:
guy [Fri, 4 Jan 2002 06:57:10 +0000 (06:57 +0000)]
From Hamish Moffatt:

Add some missing files in the "clean" targets.

Use pod2html rather than man2html to build HTML man pages.

Fix ethereal.nsi.in for recent versions of NSIS, and fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4475 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThrow a BoundsError if a length parameter in a tvbuff-accessor is < -1.
gram [Fri, 4 Jan 2002 06:45:14 +0000 (06:45 +0000)]
Throw a BoundsError if a length parameter in a tvbuff-accessor is < -1.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4474 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAs per Michael Tuexen's suggestion, set the libpcap open timeout to 1
guy [Fri, 4 Jan 2002 06:27:42 +0000 (06:27 +0000)]
As per Michael Tuexen's suggestion, set the libpcap open timeout to 1
second rather than 1/4 second on MacOS X, to workaround what appears to
be a MacOS BPF bug.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4473 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn "change_time_formats()" we can now check at the beginning whether
guy [Thu, 3 Jan 2002 22:27:44 +0000 (22:27 +0000)]
In "change_time_formats()" we can now check at the beginning whether
there are any columns whose time formats will change, and just return if
there aren't.

We also, however, need to set the "writable" flag on the columns before
doing that check, as "check_col()" checks whether the column in question
is writable; in this context, all columns are writable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4472 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake the "go" member of the "loop_data" structure in Ethereal a
guy [Thu, 3 Jan 2002 22:03:24 +0000 (22:03 +0000)]
Make the "go" member of the "loop_data" structure in Ethereal a
"gboolean", as it's a Boolean value, and move it to the beginning of the
structure in Tethereal, as it is in Ethereal.

From Graeme Hewson:

Check for "pcap_dispatch()" returning -1, meaning an error
occurred; if it does, stop capturing, and report the error.

If we get a signal in tethereal, stop the capture with a
"longjmp()", rather than by clearning the "go" flag;
"pcap_dispatch()", on many platforms, keeps reading rather than
returning a captured packet count of 0 if the system call to
read packets returns -1 with an errno of EINTR, so the
"pcap_dispatch()" won't be broken out of if the signal handler

Fix a typo in an error message.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4471 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSPOOLSS RPC dissector, from Tim Potter. This includes adding additional
guy [Thu, 3 Jan 2002 20:42:41 +0000 (20:42 +0000)]
SPOOLSS RPC dissector, from Tim Potter.  This includes adding additional
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4470 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPPP multiplexing support, from Jayaram V.R.
guy [Thu, 3 Jan 2002 20:30:33 +0000 (20:30 +0000)]
PPP multiplexing support, from Jayaram V.R.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4469 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Albert Chin: simplify some autoconf code - AC_CHECK_FUNC can, by
guy [Thu, 3 Jan 2002 20:09:55 +0000 (20:09 +0000)]
From Albert Chin: simplify some autoconf code - AC_CHECK_FUNC can, by
itself, be made to run some code only if the function isn't found,
there's no need to check the result yourself.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4468 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Albert Chin: eliminate a GCCism.
guy [Thu, 3 Jan 2002 20:01:07 +0000 (20:01 +0000)]
From Albert Chin: eliminate a GCCism.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4467 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoNow that there's a protocol ID for "raw", use it when creating the
guy [Thu, 3 Jan 2002 02:10:01 +0000 (02:10 +0000)]
Now that there's a protocol ID for "raw", use it when creating the
dissector handle for the "raw" protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4466 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRegister a protocol for "Raw packet data". This makes it filterable,
gram [Wed, 2 Jan 2002 20:33:46 +0000 (20:33 +0000)]
Register a protocol for "Raw packet data". This makes it filterable,
but the real point is to make it look better in a Protocol-Hierarchy
Statistics summary; without the header_field_info for "Raw packet data",
there was no name to display in the statistics GUI. (Yes, I could have
re-designed ph_stats_node_t to accomodate an string if there was not
a registered hfinfo for a protocol, but then the side-effect of being
able to filter for the "raw" protocol made me choose this route).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4465 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoA proper fix for pulling the header_field_info* from a stat_node.
gram [Wed, 2 Jan 2002 20:23:46 +0000 (20:23 +0000)]
A proper fix for pulling the header_field_info* from a stat_node.
Gerald's fix wasn't the real problem; the original code was wrong in
treating a GNode containing a ph_stats_node_t as a GNode that is part
of a proto_tree; it worked because of the coincidental layout of the
two structs.

Now the code has been fixed, and some macros have been added for
accessing the GNodes and some variables renamed so that the code
is clearer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4464 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a pointer error in find_stat_node.
gerald [Mon, 31 Dec 2001 20:40:34 +0000 (20:40 +0000)]
Fix a pointer error in find_stat_node.

Define a default width and maximum height for the stats dialog.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4463 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd preferences to save the main window size and position. If enabled,
gerald [Mon, 31 Dec 2001 04:41:50 +0000 (04:41 +0000)]
Add preferences to save the main window size and position.  If enabled,
the geometry is saved at exit.  Should we save the main window pane
sizes as well?

Move the DEF_WIDTH and DEF_HEIGHT #defines from gtk/main.h to prefs.h.
Remove the reference to DEF_WIDTH from proto_hier_stats_dlg.c.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4462 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDissection of ypbind calls, from Ronnie Sahlberg.
guy [Sat, 29 Dec 2001 22:23:07 +0000 (22:23 +0000)]
Dissection of ypbind calls, from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4461 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake "dscp_vals[]" a "const" array again.
guy [Sat, 29 Dec 2001 22:01:11 +0000 (22:01 +0000)]
Make "dscp_vals[]" a "const" array again.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4460 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoChanges to RSVP:
ashokn [Sat, 29 Dec 2001 00:43:55 +0000 (00:43 +0000)]
Changes to RSVP:

- Cleaned up TSpec and Flowspec support to handle multiple parameters
- Added support for Compression Hint (RFC3006)
- Added support for DCLASS (RFC2996)
- Corrected some bugs in support for Null Service (RFC2997)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4459 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCorrectly handle the nanoseconds fields in strings representing absolute
guy [Fri, 28 Dec 2001 21:30:34 +0000 (21:30 +0000)]
Correctly handle the nanoseconds fields in strings representing absolute
and relative times - "0.4" is 400,000,000 nanoseconds, not 4

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4458 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFrom Ronnie Sahlberg: add time between request and reply as a field to
guy [Fri, 28 Dec 2001 20:18:45 +0000 (20:18 +0000)]
From Ronnie Sahlberg: add time between request and reply as a field to
ONC RPC replies.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4457 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRFC 2132 says
guy [Thu, 27 Dec 2001 23:53:10 +0000 (23:53 +0000)]
RFC 2132 says

   The end option marks the end of valid information in the vendor
   field.  Subsequent octets should be filled with pad options.

rather than "must be filled with pad options", so just treat stuff after
the end option as padding by marking it all as padding, rather than
treating stuff after the end option as additional options, so that if
it's not all pad options (bytes containing 0), we don't treat that as an

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4456 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoOn the first pass through the BOOTP options, check whether data exists
guy [Thu, 27 Dec 2001 22:49:02 +0000 (22:49 +0000)]
On the first pass through the BOOTP options, check whether data exists
before fetching it, so if an option is malformed, we don't throw an
exception before the second pass through the option, which is the pass
where they're dissected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4455 f5534014-38df-0310-8fa8-9805f1628bb7