16 years agoFrom Albert Chin: get rid of some C++ comments in C89 code.
guy [Mon, 10 Mar 2003 19:58:47 +0000 (19:58 +0000)]
From Albert Chin: get rid of some C++ comments in C89 code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7335 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoObscure more email addresses.
gerald [Mon, 10 Mar 2003 04:29:13 +0000 (04:29 +0000)]
Obscure more email addresses.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7334 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFix some perldoc warnings and obscure email addresses.
gerald [Mon, 10 Mar 2003 04:27:01 +0000 (04:27 +0000)]
Fix some perldoc warnings and obscure email addresses.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7333 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUse SCSI_DEV_BITS for the bits in the peripheral qualifier/peripheral
guy [Mon, 10 Mar 2003 02:18:19 +0000 (02:18 +0000)]
Use SCSI_DEV_BITS for the bits in the peripheral qualifier/peripheral
device type byte used for the device type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7332 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoHave the "Save voice data as..." button in the RTP analysis dialog box
guy [Mon, 10 Mar 2003 02:09:29 +0000 (02:09 +0000)]
Have the "Save voice data as..." button in the RTP analysis dialog box
pop up a file selection box with the save options, rather than a dialog
box with the save options, a file name, and a button to click to get the
file selection box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7331 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoPointer <--> int converions cause warnings on ia64.
jmayer [Mon, 10 Mar 2003 02:06:33 +0000 (02:06 +0000)]
Pointer <--> int converions cause warnings on ia64.
Modified a patch originally contained in the SuSE distro
to do the conversions via glib macros.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7330 f5534014-38df-0310-8fa8-9805f1628bb7

16 years ago- conversation_get_protocol_data -> conversation_get_proto_data
deniel [Sun, 9 Mar 2003 22:00:26 +0000 (22:00 +0000)]
- conversation_get_protocol_data -> conversation_get_proto_data
- miscellaneous typos corrected

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7329 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoRemove used parameter pinfo from dissect_ser
jmayer [Sun, 9 Mar 2003 03:19:03 +0000 (03:19 +0000)]
Remove used parameter pinfo from dissect_ser

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7328 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Markus Friedl: Remove duplicate code in packet-ssh.c.
gerald [Sat, 8 Mar 2003 22:15:41 +0000 (22:15 +0000)]
From Markus Friedl: Remove duplicate code in packet-ssh.c.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7327 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThe SMPP dissector has a too light heuristic and
deniel [Sat, 8 Mar 2003 14:21:15 +0000 (14:21 +0000)]
The SMPP dissector has a too light heuristic and
it wrongly decodes non SMPP packets.
Check that the overall PDU size is not greater
than 64K before accepting to decode the packet.
Check at least valid as of SMPP v3.4 issue 1.2.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7326 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoRuediger Oertel <ro@suse.de>
jmayer [Sat, 8 Mar 2003 11:43:54 +0000 (11:43 +0000)]
Ruediger Oertel <ro@suse.de>
Fix invalid preprocessor token pasting.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7325 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoIf we have <windows.h>, we need to include it to declare OSVERSIONINFO.
guy [Sat, 8 Mar 2003 11:15:49 +0000 (11:15 +0000)]
If we have <windows.h>, we need to include it to declare OSVERSIONINFO.

Fix some typos.

Put the build number after the "szCSDVersion" value; on NT, that makes
it show up as "Windows {NT x.y,2000,XP,etc.} Service Pack N, build N",
and on OT, it might make it show up as "Windows {95,98,Me} X, build N",
where "X" might be "A" or "B" or something such as that.  (We might want
to omit the space before "szCSDVersion" on Windows OT - I think the
"right" name might be something like "Windows 95B", but I'm not sure.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7324 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoWTAP_ENCAP_ENC was, in fact, intended for use for DLT_ENC, so just
guy [Sat, 8 Mar 2003 09:11:53 +0000 (09:11 +0000)]
WTAP_ENCAP_ENC was, in fact, intended for use for DLT_ENC, so just

un-#if 0 out the code to handle the value 109 for DLT_ENC, as I've just
checked in support for DLT_ENC in tcpdump.org libpcap and tcpdump, which
maps DLT_ENC to 109 in the file header.

Give packet-enc.c an RCS ID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7323 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoTreat the Peripheral Qualifier field the same way we treat the
guy [Sat, 8 Mar 2003 08:02:20 +0000 (08:02 +0000)]
Treat the Peripheral Qualifier field the same way we treat the
Peripheral Device Type field, i.e. as a registered field that's a
bitfield with a value_string table.  Give it the correct bitmask.

Fix up some device type names, and add some additional ones from the 25
July 2002 SPC-3 draft.

Correctly adjust the length of the LUN list in the Report LUNs response
(subtract 8 from the payload length before comparing, don't subtract 8
from the resulting length after comparing and adjusting), and rename the
variable to reflect the fact that it's a length in bytes, not a number
of LUNs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7322 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThe time deltas are for AFS, not ONC RPC.
guy [Sat, 8 Mar 2003 07:27:41 +0000 (07:27 +0000)]
The time deltas are for AFS, not ONC RPC.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7321 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoPut the code to get version numbers of various libraries with which
guy [Sat, 8 Mar 2003 07:00:48 +0000 (07:00 +0000)]
Put the code to get version numbers of various libraries with which
Ethereal/Tethereal was linked into a common routine, and use that in
both Ethereal and Tethereal.

Add to that routine code to get OS version information.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7320 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd some missing entries, and put the entries in the same order as the
guy [Sat, 8 Mar 2003 05:37:32 +0000 (05:37 +0000)]
Add some missing entries, and put the entries in the same order as the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7319 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Lars Roland: fix for his entry in the AUTHORS list.
guy [Sat, 8 Mar 2003 05:36:30 +0000 (05:36 +0000)]
From Lars Roland: fix for his entry in the AUTHORS list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7318 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoDocumentation for the MGCP tap,f rom Lars Roland.
guy [Sat, 8 Mar 2003 05:34:51 +0000 (05:34 +0000)]
Documentation for the MGCP tap,f rom Lars Roland.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7317 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdates for 0.9.10.
gerald [Sat, 8 Mar 2003 03:12:32 +0000 (03:12 +0000)]
Updates for 0.9.10.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7315 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoNote that you need <io.h> on Windows if you want to use "open()",
guy [Fri, 7 Mar 2003 21:50:34 +0000 (21:50 +0000)]
Note that you need <io.h> on Windows if you want to use "open()",
"close()", "read()", "write()", etc..

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7314 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd an average packet size, as suggested by Daniel Jackson.
gerald [Fri, 7 Mar 2003 20:27:02 +0000 (20:27 +0000)]
Add an average packet size, as suggested by Daniel Jackson.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7313 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoInclude <io.h>, if present, to get "_open()", "_close()", etc. declared.
guy [Fri, 7 Mar 2003 19:47:07 +0000 (19:47 +0000)]
Include <io.h>, if present, to get "_open()", "_close()", etc. declared.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7312 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoMake the DISSECTOR_SRC macro match the Makefile.am one, with the
guy [Fri, 7 Mar 2003 19:15:48 +0000 (19:15 +0000)]
Make the DISSECTOR_SRC macro match the Makefile.am one, with the
dissectors for the OpenBSD enc(4) encapsulating interface and RFC 3378

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7311 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Markus Friedl:
gerald [Fri, 7 Mar 2003 16:52:46 +0000 (16:52 +0000)]
From Markus Friedl:

  Add support for the OpenBSD enc(4) encapsulating interface.  Add
  support for Ethernet over IP (RFC 3378).

Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7310 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd packet-mgcp.h to the distribution.
gerald [Fri, 7 Mar 2003 04:13:26 +0000 (04:13 +0000)]
Add packet-mgcp.h to the distribution.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7309 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd another sanity check - there shouldn't be more than 47 bytes of
guy [Fri, 7 Mar 2003 03:19:50 +0000 (03:19 +0000)]
Add another sanity check - there shouldn't be more than 47 bytes of
padding before the AAL5 trailer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7308 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoDeclare f_tempname and r_tempname static
jmayer [Fri, 7 Mar 2003 01:18:21 +0000 (01:18 +0000)]
Declare f_tempname and r_tempname static

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7307 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd in some additional Cisco URLs for NetFlow documentation.
guy [Fri, 7 Mar 2003 00:43:30 +0000 (00:43 +0000)]
Add in some additional Cisco URLs for NetFlow documentation.

According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's

Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame.  Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.

Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.

If we don't find the template for a data flowset, just show the data as

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7306 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFAQ was updated
jmayer [Fri, 7 Mar 2003 00:29:05 +0000 (00:29 +0000)]
FAQ was updated

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7305 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoNO_DATA is apparently #defined by some header file when building with
guy [Fri, 7 Mar 2003 00:03:47 +0000 (00:03 +0000)]
NO_DATA is apparently #defined by some header file when building with
MSVC++ on Windows - stick TAP_RTP_ in front of all the error enum
values, to avoid name collisions.

Do *NOT* allocate a zero-length array as an automatic variable,
especially if you're going to assign to the first element of that

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7304 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoGet rid of CRs.
guy [Thu, 6 Mar 2003 23:09:09 +0000 (23:09 +0000)]
Get rid of CRs.

Get rid of comments about the format string to use with guint16 and
guint32 - we're using the right string, which is neither "%lu" (as that
requires a 64-bit argument on platforms with 64-bit longs) nor "%d" (as
that expects a *signed* quantity, not an *unsigned* quantity), but "%u".

Protect the include of <unistd.h> with "#ifdef HAVE_UNISTD_H", as it's
not present on Windows if you're not building with a UNIXalike wrapper

Use "wb", not "w", when creating binary files with "fopen()"; the "b" is
required on Windows.

Use O_BINARY when opening binary files, and #define it as 0 if it's not
defined; O_BINARY is required on Windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7303 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThrow in some additional portability notes about:
guy [Thu, 6 Mar 2003 22:41:39 +0000 (22:41 +0000)]
Throw in some additional portability notes about:

not using "%l[doux]" with guint32;

not including <unistd.h> without #ifdef HAVE_UNISTD_H;

not fopening binary files with "r", "w", etc., and not opening
them with "open()" without using O_BINARY.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7302 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoGet rid of CRs.
guy [Thu, 6 Mar 2003 22:36:43 +0000 (22:36 +0000)]
Get rid of CRs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7301 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoGive a bunch of files RCS IDs.
guy [Thu, 6 Mar 2003 21:57:17 +0000 (21:57 +0000)]
Give a bunch of files RCS IDs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7300 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoMove RTP Analysis to Statistics menu
deniel [Thu, 6 Mar 2003 21:21:43 +0000 (21:21 +0000)]
Move RTP Analysis to Statistics menu
(all taps should be located here especially
 very protocol specific ones)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7299 f5534014-38df-0310-8fa8-9805f1628bb7

16 years ago- Protect tap_rtp.h against multiple inclusions
deniel [Thu, 6 Mar 2003 21:15:59 +0000 (21:15 +0000)]
- Protect tap_rtp.h against multiple inclusions

- Add $Id$ to tap_rtp.[hc]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7298 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Miha Jemec :
sahlberg [Thu, 6 Mar 2003 20:35:12 +0000 (20:35 +0000)]
From Miha Jemec :
Functionality to reassemble a RTP stream and save it as a file.
Support for G.711 coded

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7297 f5534014-38df-0310-8fa8-9805f1628bb7

16 years ago"transid" values are guint32's, and should be printed with "%u" (on
guy [Thu, 6 Mar 2003 19:15:09 +0000 (19:15 +0000)]
"transid" values are guint32's, and should be printed with "%u" (on
most, if not all, platforms on which Ethereal runs, a guint32 is an
"unsigned int", not an "unsigned long", and on platforms where an
"unsigned long" is 64 bits, "%ld" is definitely wrong - and so is

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7296 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoDeclare functions as extern, as some of them are part of the plugin ABI,
guy [Thu, 6 Mar 2003 19:04:28 +0000 (19:04 +0000)]
Declare functions as extern, as some of them are part of the plugin ABI,
and compilation fails on Windows if they're not declared as externs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7295 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Lars Ronald :
sahlberg [Thu, 6 Mar 2003 09:01:47 +0000 (09:01 +0000)]
From Lars Ronald :
MGCP request/response matching and
MGCPSTAT RTT calculation.

For those with MGCP captures, try
-z mgcp,rtd[,filter]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7294 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate and added text to README.tapping based on comments in the
sahlberg [Thu, 6 Mar 2003 07:54:24 +0000 (07:54 +0000)]
Update and added text to README.tapping based on comments in the
contributed RTP tap for voice.

Explained when a tap listener is called and somethings to keep in
mind when adding taps to protocols that may appear multiple times inside the
same packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7293 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Jamie F,
sahlberg [Thu, 6 Mar 2003 07:39:19 +0000 (07:39 +0000)]
From Jamie F,

I forgot to fix the field names when adding the AFS ReplyIn and friends
yesterday, thus causing
-z proto,colinfo,rpc.time,rpc.time  not to work.

They should not have been called rpc.* anyway.

I fixed RequestIn, ReplyIn, TimeFromRequest fields for AFS
request/response matching to have proper names starting with afs.
so we dont collide with the names for the ONC-RPC ones.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7292 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Devin Heitmueller: follow TCP Stream support for showing stream
guy [Thu, 6 Mar 2003 04:23:51 +0000 (04:23 +0000)]
From Devin Heitmueller: follow TCP Stream support for showing stream
data as C byte arrays.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7291 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoMake various variables containing unsigned quantities unsigned.
guy [Wed, 5 Mar 2003 20:25:59 +0000 (20:25 +0000)]
Make various variables containing unsigned quantities unsigned.

Check whether a device identifier in a vital product data page (not a
vital data product page, although I guess most SCSI devices could be
considered data products) is bigger than the page before displaying it.

Don't bother to check whether the full identifier is in the packet - if
it's not, an exception will be thrown and an error indication put into
the protocol tree, which is the correct thing to do.  Do, however, check
whether the identifier length is 0 before putting a protocol tree entry

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7290 f5534014-38df-0310-8fa8-9805f1628bb7

16 years ago"gtk_box_pack_end()" expects a GtkBox, not a GtkContainer, as its first
guy [Wed, 5 Mar 2003 20:12:04 +0000 (20:12 +0000)]
"gtk_box_pack_end()" expects a GtkBox, not a GtkContainer, as its first

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7289 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoRemove 00:40:96 from manuf.tmpl (Aironet, Ciron).
jmayer [Wed, 5 Mar 2003 17:29:33 +0000 (17:29 +0000)]
Remove 00:40:96 from manuf.tmpl (Aironet, Ciron).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7288 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate manuf to current IEEE entries.
jmayer [Wed, 5 Mar 2003 17:27:20 +0000 (17:27 +0000)]
Update manuf to current IEEE entries.
Remove 00:40:96 from manuf.tmpl (Aironet, Ciron).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7287 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoEliminate vertical padding in the IO Stat window.
gerald [Wed, 5 Mar 2003 15:54:31 +0000 (15:54 +0000)]
Eliminate vertical padding in the IO Stat window.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7286 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Craig Rodrigues:
gerald [Wed, 5 Mar 2003 15:33:12 +0000 (15:33 +0000)]
From Craig Rodrigues:

- correct dissection of giop-broken.pcap supplied by Guy Harris
- correct dissection of CodeSet service context, as supplied by Guy Harris
- correct dissection of RTCorbaPriority values, as supplied by me
- general cleanups and removal of unnecessary code

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7285 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate for AFS and related protocols so that time between Request and
sahlberg [Wed, 5 Mar 2003 09:52:22 +0000 (09:52 +0000)]
Update for AFS and related protocols so that time between Request and
Response is calculated in the same way as for oncrpc, dcerpc, smb...

requests where a reply has been matched will now have a
Reply In:<framenumber>
in the tree pane.
replies where the request has been seen will have
Request In:<framenumber>
Time since request:<seconds>

later tethereal and ethereal rtt stats will be implemented.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7284 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Dinesh Dutt:
guy [Wed, 5 Mar 2003 07:41:24 +0000 (07:41 +0000)]
From Dinesh Dutt:

fix the Fibre Channel reassembly code;

fix handling of addresses in FC frames encapsulated inside
various internal Cisco protocols;

display link state records & descriptors better so as to improve
readability & reduce the need to expand tree to find useful

handle older versions of SW_RSCN;

fix saving of device type from Inquiry command;

add another Ethertype used internally in Cisco switches.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7283 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUse the reported length, not the captured length, as the fragment length
guy [Wed, 5 Mar 2003 07:17:50 +0000 (07:17 +0000)]
Use the reported length, not the captured length, as the fragment length
when doing reassembly.

In some additional places, use "tvb_bytes_exist()" to check whether we
have enough data to do reassembly, rather than checking to see if the
frame is short (it might be short but we might still have enough data to
do reassembly).

In DCE RPC, use the fragment length from the header as the number of
bytes of fragment data.

There's no need to check "pinfo->fragmented" before doing reassembly in
the DCERPC-over-SMB-pipes code - either we have all the data or we

In SNA and WTP reassembly, add a check to make sure we have all the data
to be reassembled.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7282 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoDistinguish between the two directions of X.25 traffic when doing
guy [Wed, 5 Mar 2003 05:20:38 +0000 (05:20 +0000)]
Distinguish between the two directions of X.25 traffic when doing
reassembly - don't reassemble packets from different directions into a
single packet.

We don't need to check whether we have enough data for reassembly -
"fragment_add_seq_next()" does that for us.

If we're doing reassembly, show the user data of packets with the M bit
set as "User data".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7281 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate NEWS and ChangeLog to January 31.
gerald [Wed, 5 Mar 2003 03:51:23 +0000 (03:51 +0000)]
Update NEWS and ChangeLog to January 31.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7280 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoWhen reassembling, test the correct M bit based on whether it's mod-8 or
guy [Wed, 5 Mar 2003 01:12:11 +0000 (01:12 +0000)]
When reassembling, test the correct M bit based on whether it's mod-8 or

Don't reassemble if we don't have all the payload (e.g., if we have a
short frame).

Clean up indentation.

Remove the "_x25" at the end of the preference for reassembling X.25
packets - it already has "x25." at the beginning.

Add a bunch of #defines for various bits to be tested, and use them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7279 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoMake sure we don't obliterate the UNICODE flag ...
sharpe [Tue, 4 Mar 2003 23:09:59 +0000 (23:09 +0000)]
Make sure we don't obliterate the UNICODE flag ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7278 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Todd Sabin: allocate the buffer for the decrypted payload, rather
guy [Tue, 4 Mar 2003 20:52:33 +0000 (20:52 +0000)]
From Todd Sabin: allocate the buffer for the decrypted payload, rather
than using a fixed-size 1500-byte buffer.

Use memory chunks for ntlmssp_info and ntlmssp_packet_info structures,
and free up the chunks when we re-initialize the dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7277 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Laurent Meyer: reassemble fragmented X.25 packets, and fix up a
guy [Tue, 4 Mar 2003 19:50:23 +0000 (19:50 +0000)]
From Laurent Meyer: reassemble fragmented X.25 packets, and fix up a

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7276 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThere might well be more than 40 bytes of padding in an AAL5 frame - it
guy [Tue, 4 Mar 2003 08:20:36 +0000 (08:20 +0000)]
There might well be more than 40 bytes of padding in an AAL5 frame - it
doesn't always appear to be the case that the minimum number of cells is
used for an AAL5 packet.  Instead, do the sanity check on the AAL5
length field - require it to be non-zero and to be less than or equal to
the amount of space left over in the packet after the trailer is removed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7275 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoWhen deciding whether we have enough data in a lower-level packet to
guy [Tue, 4 Mar 2003 06:47:10 +0000 (06:47 +0000)]
When deciding whether we have enough data in a lower-level packet to
attempt reassembly of a higher-level packet that includes the
lower-level packet, use "tvb_bytes_exist()" to check whether all the
data that's to be included in the reassembly is available, rather than
by checking whether the packet is short.

Add some checks of that sort that were missing.

Use the reported length of the packet when doing reassembly.

Make the "iphdrlen" field of a "packet_info" structure be the length of
the IP header in bytes, not in 4-byte words.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7274 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoPretty up the handling of SACK. Have tested now, looks OK.
sharpe [Tue, 4 Mar 2003 04:36:44 +0000 (04:36 +0000)]
Pretty up the handling of SACK. Have tested now, looks OK.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7273 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoPlace configuration files (manuf and diameter) in
gerald [Tue, 4 Mar 2003 04:11:44 +0000 (04:11 +0000)]
Place configuration files (manuf and diameter) in
$(prefix)/share/ethereal, as suggested by Jakob Schlyter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7272 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoBump the version to 0.9.10.
gerald [Tue, 4 Mar 2003 03:56:33 +0000 (03:56 +0000)]
Bump the version to 0.9.10.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7271 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Matthew Smart:
guy [Tue, 4 Mar 2003 03:37:12 +0000 (03:37 +0000)]
From Matthew Smart:

        1. Make NetFlow UDP port user configurable

        2. Cache v9 templates

        3. Decode v9 data

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7270 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAttempt to better handle bogus AAL5 lengths (by assuming that the packet
guy [Tue, 4 Mar 2003 03:08:42 +0000 (03:08 +0000)]
Attempt to better handle bogus AAL5 lengths (by assuming that the packet
doesn't have padding and the AAL5 trailer).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7269 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoA captured length bigger than the actual length makes no sense; clip the
guy [Tue, 4 Mar 2003 02:38:02 +0000 (02:38 +0000)]
A captured length bigger than the actual length makes no sense; clip the
captured length so it's <= the actual length.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7268 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoHandle the direction bit in SDLC and PPP Sniffer files.
guy [Tue, 4 Mar 2003 02:04:00 +0000 (02:04 +0000)]
Handle the direction bit in SDLC and PPP Sniffer files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7267 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdded tap functionality to UDP
sahlberg [Mon, 3 Mar 2003 23:46:50 +0000 (23:46 +0000)]
Added tap functionality to UDP

Added top talkers calculation for UDP socketpairs

try -z io,users,udpip

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7266 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoHandle packet direction information for SDLC Sniffer captures.
guy [Mon, 3 Mar 2003 23:29:59 +0000 (23:29 +0000)]
Handle packet direction information for SDLC Sniffer captures.

Add a bunch of capture types discovered by stuffing them into Windows
Sniffer captures and seeing what a Sniffer thought they were.  Add
support for writing at least some of them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7265 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate for tethereal -z io,users, top talkers :
sahlberg [Mon, 3 Mar 2003 23:20:59 +0000 (23:20 +0000)]
Update for tethereal -z io,users, top talkers :
"tcpip" added.

-z io,users,tcpip will create a top talkers list of individual tcpip connections

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7264 f5534014-38df-0310-8fa8-9805f1628bb7

16 years ago- fix FAQ display (faq_help[] was not initialised before strcat
deniel [Mon, 3 Mar 2003 21:59:42 +0000 (21:59 +0000)]
- fix FAQ display (faq_help[] was not initialised before strcat
  so random characters at first line display if not worst,
  finally remove this strcat stuff and directly call insert_text
  with each faq_part)

- add missing FAQ redraw in help_redraw

- put FAQ after Capture Filters to restore original order
  (i.e. Display near Capture Filters)

- udpate overview according to manual page

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7263 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agopacket-rmp.c: Jochen Friedrich
jmayer [Mon, 3 Mar 2003 14:08:39 +0000 (14:08 +0000)]
packet-rmp.c: Jochen Friedrich
  Machine type in rmp seems to be an ASCII string
  rmp seems to mean "Remote Maintenance Protocol"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7262 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoPut ps.c back in DISTCLEANFILES.
gerald [Mon, 3 Mar 2003 03:54:39 +0000 (03:54 +0000)]
Put ps.c back in DISTCLEANFILES.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7261 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd SACK leftedge and rightedge filtering ... Added them as decimal
sharpe [Mon, 3 Mar 2003 03:16:36 +0000 (03:16 +0000)]
Add SACK leftedge and rightedge filtering ... Added them as decimal
values which seemed appropriate, but had the split them into two items
in the option tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7260 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAs suggested by Guy, rather than add_uint_hidden, and then add_text,
sharpe [Mon, 3 Mar 2003 02:59:23 +0000 (02:59 +0000)]
As suggested by Guy, rather than add_uint_hidden, and then add_text,
do an add_uint_format(...). It was all too easy.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7259 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThe frame number passed to "goto_frame()" wasn't necessarily explicitly
guy [Sun, 2 Mar 2003 22:37:03 +0000 (22:37 +0000)]
The frame number passed to "goto_frame()" wasn't necessarily explicitly
specified by the user, so if the frame with that frame number isn't
being displayed, just refer to it as "That frame", not "The frame with
that frame number".  (That's even OK if they *did* specify it.)

(If there's no such frame, that "shouldn't happen" in cases where it was
implicitly specified, e.g. by getting it from a list of fragments, or a
"{request,reply} is in frame XXX" field, or clicking on a point in a TCP

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7258 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoGet rid of unneeded includes of "../ui_util.h".
guy [Sun, 2 Mar 2003 22:31:25 +0000 (22:31 +0000)]
Get rid of unneeded includes of "../ui_util.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7257 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUse "goto_frame()" to go to a given frame number, not
guy [Sun, 2 Mar 2003 22:25:49 +0000 (22:25 +0000)]
Use "goto_frame()" to go to a given frame number, not
"packet_list_set_selected_row()" - frame N isn't necessarily being
displayed as row N-1.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7256 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoDisable simultaneous building of static and shared binaries
jmayer [Sun, 2 Mar 2003 22:11:26 +0000 (22:11 +0000)]
Disable simultaneous building of static and shared binaries

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7255 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoHave "goto_frame()" put up error dialog boxes itself, rather than having
guy [Sun, 2 Mar 2003 22:07:25 +0000 (22:07 +0000)]
Have "goto_frame()" put up error dialog boxes itself, rather than having
its callers put up the same error dialog boxes.  Have it just return a
success vs. failure Boolean.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7254 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Jochen Friedrich: add support for:
guy [Sun, 2 Mar 2003 21:52:21 +0000 (21:52 +0000)]
From Jochen Friedrich: add support for:

HP extended 802.2 LLC

HP-UX remote management over HP extended 802.2 LLC

SNMP over HP extended 802.2 LLC.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7253 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFrom Jochen Friedrich: fix length checking, and improve XID type 3
guy [Sun, 2 Mar 2003 21:49:26 +0000 (21:49 +0000)]
From Jochen Friedrich: fix length checking, and improve XID type 3
dissection (fixes plus additions).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7252 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoUpdate manuf
jmayer [Sun, 2 Mar 2003 20:46:42 +0000 (20:46 +0000)]
Update manuf

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7251 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoRemove wip comments
jmayer [Sun, 2 Mar 2003 19:21:31 +0000 (19:21 +0000)]
Remove wip comments

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7250 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoSplit FAQ into shorter lines before including it into the gtk help dialog.
jmayer [Sun, 2 Mar 2003 17:42:37 +0000 (17:42 +0000)]
Split FAQ into shorter lines before including it into the gtk help dialog.
Ignore tmp files generated by make-faq.
Update FAQ.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7249 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoChange some plugin window geometry aspects.
deniel [Sun, 2 Mar 2003 17:14:08 +0000 (17:14 +0000)]
Change some plugin window geometry aspects.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7248 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoEven though we don't yet dissect Intel ANS (NIC teaming) or Microsoft
gerald [Sun, 2 Mar 2003 15:50:55 +0000 (15:50 +0000)]
Even though we don't yet dissect Intel ANS (NIC teaming) or Microsoft
Network Load Balancing probes, we can at least recognize them as such.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7247 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd type of filter in capture/display filter windows.
deniel [Sun, 2 Mar 2003 13:46:01 +0000 (13:46 +0000)]
Add type of filter in capture/display filter windows.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7246 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoReplace gdk_string_width and gdk_string_height with
oabad [Sat, 1 Mar 2003 17:39:53 +0000 (17:39 +0000)]
Replace gdk_string_width and gdk_string_height with
pango_layout_get_pixel_size in gtk2 code.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7245 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoFix possible null pointer deference (conversation_data).
deniel [Sat, 1 Mar 2003 14:12:38 +0000 (14:12 +0000)]
Fix possible null pointer deference (conversation_data).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7244 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdd an "Apply" button to "Decode As" window.
deniel [Sat, 1 Mar 2003 13:08:59 +0000 (13:08 +0000)]
Add an "Apply" button to "Decode As" window.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7243 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoThe correct way to go to a frame with a given number is to use
guy [Sat, 1 Mar 2003 10:18:54 +0000 (10:18 +0000)]
The correct way to go to a frame with a given number is to use
"goto_frame()", not to assume that all frames are being displayed and to
go to the row whose number is the frame number - 1.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7242 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoX.29 call user data in CALL REQUEST packets starts with an SPI and 3
guy [Sat, 1 Mar 2003 10:02:35 +0000 (10:02 +0000)]
X.29 call user data in CALL REQUEST packets starts with an SPI and 3
bytes of other information, currently not used; that data is not to be
dissected as X.29 packet data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7241 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoA "hdr.xxb[20]" value of 2 in a version 2 capture appears to mean that
guy [Sat, 1 Mar 2003 09:42:44 +0000 (09:42 +0000)]
A "hdr.xxb[20]" value of 2 in a version 2 capture appears to mean that
it's a gigabit Ethernet capture, possibly, with special hardware, and
that time stamps have 1000 times the resolution that they have in other
captures (perhaps due to the special hardware having a higher-resolution

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7240 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoCompletely initialize all the address fields in a packet_info structure,
guy [Sat, 1 Mar 2003 09:38:41 +0000 (09:38 +0000)]
Completely initialize all the address fields in a packet_info structure,
setting the length to 0 and the data pointer to a null pointer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7239 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoMake the dissector static - it's not called from outside packet-bofl.c
guy [Sat, 1 Mar 2003 09:37:38 +0000 (09:37 +0000)]
Make the dissector static - it's not called from outside packet-bofl.c

Let the tvbuff mechanism check the length of the packet - don't check it

Put each field into the protocol tree and the Info column separately, so
that we at least get a partial dissection - I've seen some packets that
look like breath-of-life packets but that have only the PDU field.

Show the PDU field with all 8 hex digits, and show the sequence number
as an unsigned quantity, in the Info column.

Show the padding size based on the actual length of the frame, not on
the amount of the frame that was captured.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7238 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoHandle the flag bits in SRVLOC V1 as registered fields, just as we do in
guy [Sat, 1 Mar 2003 09:03:42 +0000 (09:03 +0000)]
Handle the flag bits in SRVLOC V1 as registered fields, just as we do in

Get rid of trailing dots in the names of SRVLOC V2 flag bit fields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7237 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAllow filtering on the window scale value ...
sharpe [Sat, 1 Mar 2003 08:57:36 +0000 (08:57 +0000)]
Allow filtering on the window scale value ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7236 f5534014-38df-0310-8fa8-9805f1628bb7

16 years agoAdding more options support
sharpe [Sat, 1 Mar 2003 08:51:12 +0000 (08:51 +0000)]
Adding more options support

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@7235 f5534014-38df-0310-8fa8-9805f1628bb7