git.samba.org - obnox/wireshark/wip.git/log

Boolean fields are just like other fields - if you use the field name
without a comparison operator, it tests for the field's presence or
absence, not its value; to test whether a Boolean field is true, you
compare it with a non-zero value, and to test whether it's false, you
compare it with a zero value.

Make the filter expression construction dialog handle that correctly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3068 f5534014-38df-0310-8fa8-9805f1628bb7

The text entry box that a filter construction dialog manipulates is
always attached to the dialog as the E_FILT_FILTER_TE_KEY data, but only
sometimes attached as the E_FILT_TE_KEY data.

Get rid of E_FILT_TE_KEY completely, as it's redundant, and use only
E_FILT_FILTER_TE_KEY; this keeps us from crashing as a result of trying
to manipulate the widget referred to by E_FILT_TE_KEY if E_FILT_TE_KEY
hasn't been set to refer to any widget.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3067 f5534014-38df-0310-8fa8-9805f1628bb7

Etherpeek version 5, 6, and 7 support, from Daniel Thompson.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3066 f5534014-38df-0310-8fa8-9805f1628bb7

NFSv4 updates from Mike Frisch to fix some cosmetic issues when
displaying XDR arrays.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3065 f5534014-38df-0310-8fa8-9805f1628bb7

Initialize hf_ip_checksum_bad to -1 like all other fields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3064 f5534014-38df-0310-8fa8-9805f1628bb7

Change from James E. Flemer to add hidden Boolean fields that are set if
the IP or ICMP checksum is bad.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3063 f5534014-38df-0310-8fa8-9805f1628bb7

Make the "activate" signal on the text entry boxes in the filter editing
dialog activate the entire dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3062 f5534014-38df-0310-8fa8-9805f1628bb7

Catch the "destroy" signal on the filter-expression-construction dialog,
and, when it's being destroyed, disconnect from the "destroy" signal on
the text entry box to which it's attached, so that, when that text entry
box is destroyed, we don't try to get rid of the no-longer-extant
filter-expression-construction dialog.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3061 f5534014-38df-0310-8fa8-9805f1628bb7

Catch the "destroy" signal on the text entry box to which a
filter-expression-construction dialog box is attached; if the text entry
box is destroyed (which typically means the window it's in was
destroyed), get rid of the filter-expression-construction dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3060 f5534014-38df-0310-8fa8-9805f1628bb7

The all-purpose answer to "this widget expands to fill the space
available for it and it looks ugly" is "throw an alignment around it".
(I *still* don't know why it's not required in other dialog boxes, e.g.
the filter-editing dialog box.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3059 f5534014-38df-0310-8fa8-9805f1628bb7

added support for dissecting SRV RRs

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3058 f5534014-38df-0310-8fa8-9805f1628bb7

Make the "activate" signal on the text entry boxes in the filter
expression construction dialog activate the entire dialog box.

Make a desperate but failed attempt to bludgeon GTK+, The Toolkit That
Knows Better Than You Do How Big Buttons Should Be Made, Even If It
Looks Butt-Ugly, And Which Appears To Randomly Decide Whether To Make It
Look Ugly Or Not, into making the "Cancel" button as tall as the inside
of the "Accept" button, not as tall as the "Accept" button plus its
"this is the default button" surround.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3057 f5534014-38df-0310-8fa8-9805f1628bb7

Call the test for a protocol "is present", just like the test for other
fields.

Show a relational operator on a field if the field supports it *or* if
the field can be sliced and the type generated by a range (FT_BYTES)
supports it. (This lets you do a comparison on a protocol, not just on
a range of a protocol - e.g., "arp == 2", not just "arp[0:1] == 2" - but
the alternative would be to show only the "is present" test, as if you
don't offer the other tests, you can't turn on the range text box when
they select a comparison expression if you don't show comparison
expresions...).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3056 f5534014-38df-0310-8fa8-9805f1628bb7

In the DIAMETER dissector, clear the Info column before fetching
anything from the packet, so that if we throw an exception before
setting the Info column, it doesn't have stuff left over from the
previous dissector.

Tvbuffify the RADIUS dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3055 f5534014-38df-0310-8fa8-9805f1628bb7

Temporarily bring "packet-diameter.h" back from the dead; changing it
and deleting it might've confused the stuff that generates the anonymous
CVS tree, as it didn't propagate the deletion. I'll delete it again
after this checkin shows up in the anonymous CVS tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3054 f5534014-38df-0310-8fa8-9805f1628bb7

correct TSIG decoding (specifically offset/length in dump list).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3053 f5534014-38df-0310-8fa8-9805f1628bb7

On Win32, if Ethereal started as a GUI rather than a console
application, catch what GLib message-logging calls we can, and create a
console and make it the standard input, output, and error if such a call
is made, so those messages show up in a console window. Create the
console for the output of "ethereal -v" as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3052 f5534014-38df-0310-8fa8-9805f1628bb7

Don't do anything with 64-bit integral types if G_HAVE_GINT64 isn't
defined.

Use "gint64" and "guint64", not "long long int", for 64-bit integral
types, so that this code works with compilers (such as Microsoft Visual
C++) that have 64-bit integral types but that don't call them "long
long".

Use "pntohll()" to extract 64-bit integral types from a field.

Put a "break;" into a "default:" clause - MSVC++ doesn't like

switch (XXX) {

...

default:
}

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3051 f5534014-38df-0310-8fa8-9805f1628bb7

As "dissect_diameter()" is now static to "packet-diameter.c", there's no
need to declare it in "packet-diameter.h" - and no need for
"packet-diameter.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3050 f5534014-38df-0310-8fa8-9805f1628bb7

New tvbuffified DIAMETER dissector, from David Frascone.

It doesn't do DIAMETER-over-UDP, so the RADIUS dissector no longer
checks for DIAMETER packets and calls the DIAMETER dissector if it finds
one.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3049 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Alexandre P. Ferreira.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3048 f5534014-38df-0310-8fa8-9805f1628bb7

In the MSVC++ 6.0 C library, "line-buffered" doesn't mean what one might
expect - it means "same as fully-buffered". This means that the "-l"
flag is a no-op on Windows.

Instead of setting line-buffered mode with "setvbuf()", set a flag and,
if that flag is set, flush the standard output after the information for
ever packet is printed; this isn't "line-buffered", either, but, as the
reason for doing line-buffering is to allow the output of Tethereal to
be piped to a program and to have that program see the output for a
packet as soon as the packet is seen and dissected, it should be just as
good as line-buffered.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3047 f5534014-38df-0310-8fa8-9805f1628bb7

3rd time's a charm.
Check against the *correct* buffer size.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3046 f5534014-38df-0310-8fa8-9805f1628bb7

Off-by-a-little-bit in adjusting the offset.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3045 f5534014-38df-0310-8fa8-9805f1628bb7

Don't trust avp_length, which is taken directly from the packet data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3044 f5534014-38df-0310-8fa8-9805f1628bb7

Actually, this works better.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3043 f5534014-38df-0310-8fa8-9805f1628bb7

Use the proper way to denote that a single operation
produces 2 files. (grammar.lemon --> grammar.c grammar.h)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3042 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Alexandre P. Ferreira.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3041 f5534014-38df-0310-8fa8-9805f1628bb7

Don't cast the function argument to "qsort()" to the expected type, make
the function have the expected type.

Make the arguments to comparison functions used by the merge sort be
"const void *", not "void *", just as the arguments to the comparison
functions used by "qsort()" are "const void *".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3040 f5534014-38df-0310-8fa8-9805f1628bb7

More prototype fun - make the Lemon parser allocate and free routines
take fully-prototyped function arguments with types appropriate to
"g_malloc()" and "g_free()", and change the calls to the functions
pointed to by those arguments not pass the extra __FILE__ and __LINE__
arguments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3039 f5534014-38df-0310-8fa8-9805f1628bb7

More paranoia - when compiling with GCC 2.x, do checks of the format
string argument and subsequent arguments to "ErrorMsg()".

Fix up the bugs the checks in question found.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3038 f5534014-38df-0310-8fa8-9805f1628bb7

Change "lemon" *NOT* to cast pointers to "int", as that doesn't work on
LP64 platforms.

Change "lemon" to use function prototypes and the official ANSI C style
of variable-argument-list functions, and to include various system
header files rather than to use non-prototype declaration of various
system functions, to do a lot more type checking.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3037 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of the "CHECK_DISPLAY_AS_DATA()" call and the setting of
"pinfo->current_proto" - this routine is called only through a dissector
table, and the code to call through a dissector table does that stuff
for you.

Clear the Info column before doing anything that could throw an
execption, so that if an exception is thrown the display doesn't show
junk left over from the protocol above us.

Get rid of the GCCism "case N ... M".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3036 f5534014-38df-0310-8fa8-9805f1628bb7

Add MIP extensions. Re-work some of the tvbuff-handling logic.
Update Stefan's e-mail address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3035 f5534014-38df-0310-8fa8-9805f1628bb7

Rename "SP_ERROR" to "SP_ERROR_MSG" to avoid a #define collision with
yet another Windows #define.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3034 f5534014-38df-0310-8fa8-9805f1628bb7

Sigh. Microsoft Visual C++ 6.0 won't convert a "guint64" to a "double"
- it only allows you to convert a *signed* 64-bit integer to a "double".
Cast the result of "pletohll()" to "gint64" before returning it from a
function that returns a "double".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3033 f5534014-38df-0310-8fa8-9805f1628bb7

"Decode As" UI cleanups, and documentation, from David Hampton.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3032 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Yaniv Kaul to show the certificate encoding and type
symbolically.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3031 f5534014-38df-0310-8fa8-9805f1628bb7

In a display filter expression, make a field name refer to any of the
fields with that name.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3030 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Mike Frisch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3029 f5534014-38df-0310-8fa8-9805f1628bb7

You have to define "htolell()" on little-endian platforms, too....

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3028 f5534014-38df-0310-8fa8-9805f1628bb7

Changes from Chris Jepeway to

in some places use "guint64", on plaforms where it's available,
rather than floating point (we don't yet use it universally, as
we'd have to provide code to do 64-bit arithmetic on
platforms/compilers where 64-bit integral types aren't
supported);

use .838096 microseconds rather than 1 microseconds as the time
stamp units for NetXRay 2.x format, as those capture files seem
to use that time stamp (that's the Sniffer "PC" time stamp;
perhaps when Network Associates assimilated Cinco, they changed
the time stamp units).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3027 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Neil Hunter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3026 f5534014-38df-0310-8fa8-9805f1628bb7

Changes to correctly decode BOOTP option 82, from Greg Kilfoyle.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3025 f5534014-38df-0310-8fa8-9805f1628bb7

If there are multiple fields with the same name, list only one of them
in the output of "{ethereal,tethereal} -G", so that it appears only once
in the documentation.

Expand some comments to give more details.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3024 f5534014-38df-0310-8fa8-9805f1628bb7

If you register more than one field with the same name, the dfilter code
can now handle that; this allows us to register both the modulo-8 and
the modulo-128 versions of various X.25 bitfields with "x.25.XXX" names,
which lets us get rid of the "ex.25" protocol stuff completely and use
"x.25" for both modulo-8 and modulo-128 X.25. Do so. (Also, fix up
some cases where we appeared to be using the modulo-8 fields when
dissecting modulo-128 X.25.)

This, in turn, allows us to register the X.25 dissector, as there's now
only one protocol with which it's associated, and make it static and
have it called only through a handle, and to, when registering it with
the "llc.dsap" dissector table, associate it with "proto_x25".

That, in turn, allows us to get rid of the "CHECK_DISPLAY_AS_DATA()"
calls, and the code to set "pinfo->current_proto", in the X.25
dissector.

The code for the display filter expression dialog would, if there are
two fields with the same name registered under a protocol, list both of
them; have it list only one of them - the fields should have the same
type, the same radix, and the same value_string/true_false_string table
if any (if they don't, they're really not the same field...).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3023 f5534014-38df-0310-8fa8-9805f1628bb7

Display Ethernet protocol types in hex, not decimal (that's how they're
generally shown), and display port numbers and IP protocol numbers as
unsigned.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3022 f5534014-38df-0310-8fa8-9805f1628bb7

"Off-hoke"? What had I been smoking when I typed that?

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3021 f5534014-38df-0310-8fa8-9805f1628bb7

Inactivate the "Decode As" menu item if the "Decode As" dialog box
wouldn't actually offer any options to the user.

Make a bunch of routines static that aren't used outside
"decode_as_dlg.c".

Remove the declaration of the nonexistent "decode_as_register_tcpudp()"
routine.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3020 f5534014-38df-0310-8fa8-9805f1628bb7

In an "Update list of packets in real time" capture, pass the number of
dropped packets from the child to the parent.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3019 f5534014-38df-0310-8fa8-9805f1628bb7

Change the protocol between the parent and child processes in an "Update
list of packets in real time" capture so that "!" always indicates an
error, with the "!" preceded by a count of characters in the error
message and followed by the text of the error, and so that those error
messages can be sent after the capture has started.

Use that to report capture errors, and errors writing to the capture
file, while the capture is under way.

Use #defines for the message type characters in that protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3018 f5534014-38df-0310-8fa8-9805f1628bb7

Report failures of "pcap_stats()", as tcpdump does.

Print the "Capturing on <interface>" message, the running count of
packets captured, and error messages to the standard error in Tethereal,
so that you can pipe the output of a live capture that's printing
packets to a program or script without that script having to worry about
parsing stuff other than dissected packet summaries or details (tcpdump
does the same).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3017 f5534014-38df-0310-8fa8-9805f1628bb7

In Ethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.

In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3016 f5534014-38df-0310-8fa8-9805f1628bb7

Make boolean equality/inequality tests smarter; they don't test
for exact value matches, but just that the two values are either zero
or non-zero.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3015 f5534014-38df-0310-8fa8-9805f1628bb7

Add rule for dftest.exe

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3014 f5534014-38df-0310-8fa8-9805f1628bb7

Remove unused variable and add copyright and RCS ID.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3013 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Alexandre P. Ferreira.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3012 f5534014-38df-0310-8fa8-9805f1628bb7

Check for errors when writing a capture file.

Report errors when writing or closing a capture file.

Clean up some I/O error messages.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3011 f5534014-38df-0310-8fa8-9805f1628bb7

Further NFSV4 updates from Mike Frisch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3010 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting an indirect call reply, if either there's an old-style
or new-style dissector for the reply, we can dissect the reply; there
doesn't have to be a new-style dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3009 f5534014-38df-0310-8fa8-9805f1628bb7

For indirect RPC calls, remember the call information, and add a
dissector for indirect replies that looks up the call. Use them in the
portmapper/RPCBIND dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3008 f5534014-38df-0310-8fa8-9805f1628bb7

Make a "dissect_rpc_indir_call()" routine to dissect arguments to a
specified program/version/procedure, and a "rpc_proc_name()" routine to
return the name of a specified program/version/procedure, and make the
callit dissector use those, rather than doing the work itself.

Un-export various routines and declarations that can again be private to
the RPC dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3007 f5534014-38df-0310-8fa8-9805f1628bb7

Add "TFTP_" before the packet type names, to avoid compiler warnings on
Windows where ERROR is #defined by some header file that gets included
by "packet-tftp.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3006 f5534014-38df-0310-8fa8-9805f1628bb7

Change to include Service ID field in dissection of Service Info
component of WCCP 2 messages even if the service type is
WCCP2_SERVICE_DYNAMIC, from Simharajan Srishylam.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3005 f5534014-38df-0310-8fa8-9805f1628bb7

On at least one capture, the PIM checksum appears to be correct, so
add code to check it - I've no idea what's going on with the other
captures where it's not correct, but those captures have a different
(and apparently incorrect) checksum for packets with the *exact same
contents* (other than the checksum) as the PIM packet in the capture
where the checksum is correct, so perhaps those packets actually had bad
checksums.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3004 f5534014-38df-0310-8fa8-9805f1628bb7

Don't fetch any of the fields past the BPDU type if the BPDU type isn't
0; topology change notification frames don't *have* anything past the
BPDU type to fetch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3003 f5534014-38df-0310-8fa8-9805f1628bb7

Pull a lot of common code for handling 802.3 frames (i.e., frames with a
length field rather than an Ethernet type field) into a
"dissect_802_3()" routine.

In that routine, catch exceptions thrown by the IPX or LLC dissector or
dissectors under them, so that the trailer information is added to the
tree even if an exception is thrown (similar to what "ethertype()"
does).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3002 f5534014-38df-0310-8fa8-9805f1628bb7

In "call_dissector()", if the protocol for the dissector referred to by
the handle has been disabled, return after calling "dissect_data()",
rather than driving on and calling the dissector anyway.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3001 f5534014-38df-0310-8fa8-9805f1628bb7

Set the Protocol column, and clear the Info column, before we start
fetching anything from the packet, so that if an exception is thrown
those columns don't show something from the previous protocol.

Don't fetch the protocol identifier or protocol version identifier
before you use them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3000 f5534014-38df-0310-8fa8-9805f1628bb7

If we failed to open a capture file specified by the "-r" flag, don't
attempt to free the read filter if we don't have a read filter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2999 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Mike Frisch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2998 f5534014-38df-0310-8fa8-9805f1628bb7

Add in the various payload type definitions from RFC 1890.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2997 f5534014-38df-0310-8fa8-9805f1628bb7

The "short name" and "filter name" were reversed; put them in the right
order.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2996 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for dissecting V3 CALLIT and V4 BCAST/INDIRECT calls.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2995 f5534014-38df-0310-8fa8-9805f1628bb7

Tvbuffify the portmap/rpcbind dissector, and implement part of CALLIT
dissection (dissection of V2 CALLIT calls; no V3/V4 stuff or reply
handling yet).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2994 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up some MSVC complaints about (narrowing) type conversions by
widening formal arguments or narrowing variables passed as actual
arguments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2993 f5534014-38df-0310-8fa8-9805f1628bb7

Maximum frame size values in the second byte of the routing control
information aren't shifted right 4 bytes when put into the protocol
tree; shift left by 4 bytes the values in the value_string table for
them.

A value of 7 means 65535 bytes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2992 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "-f" flag to the "rm", so that "make clean" won't get an error
(and cause a higher-level "make clean" to stop) if any of the files to
be removed aren't there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2991 f5534014-38df-0310-8fa8-9805f1628bb7

Pass the correct tvbuff from the Vines Fragmentation Protocol dissector
to the Vines IP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2990 f5534014-38df-0310-8fa8-9805f1628bb7

L3PIDs are Ethertypes; display them as such.

Use "decode_boolean_bitfield()" to dissect flag bits.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2989 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for replies to NLMv3 SHARE and UNSHARE requests and to the
remaining NLMv4 requests.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2988 f5534014-38df-0310-8fa8-9805f1628bb7

Tvbuffify the RSVP dissector.

Display the message checksum, and check it if possible.

Fix some IPv6 entries to be 16 bytes long, not 4 bytes long.

Make the routine to fetch an IEEE floating point number and turn it into
a "long" take a tvbuff pointer and offset rather than a pointer to data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2987 f5534014-38df-0310-8fa8-9805f1628bb7

As pointed out by Aaron C. Springer (and according to RFC 1827), it's
"Encapsulating Security Payload," and not "Encapsulated Security Payload."

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2986 f5534014-38df-0310-8fa8-9805f1628bb7

Tvbuffify the Oracle TNS dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2985 f5534014-38df-0310-8fa8-9805f1628bb7

Use "pinfo", not "pi", to get packet info.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2984 f5534014-38df-0310-8fa8-9805f1628bb7

Tvbuffify the IRC dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2983 f5534014-38df-0310-8fa8-9805f1628bb7

Use "dfilter_apply_edt()" rather than "dfilter_apply()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2982 f5534014-38df-0310-8fa8-9805f1628bb7

Increment the line number for every line seen.

Fix the handling of one error case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2981 f5534014-38df-0310-8fa8-9805f1628bb7

Allow filter names and expressions of arbitrary length, and, in the
filter files, escape quotes and backslashes so that quotes and
backslashes in filter names work.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2980 f5534014-38df-0310-8fa8-9805f1628bb7

Add Makefile.nmake files for new subdirs.
Add them to EXTRA_DIST in corresponding Makefile.am's so that they
get packaged with the distribution.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2979 f5534014-38df-0310-8fa8-9805f1628bb7

Catch any exception thrown by accessing the tvbuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2978 f5534014-38df-0310-8fa8-9805f1628bb7

Fix the previous checkin to correctly handle presence tests on
protocols.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2977 f5534014-38df-0310-8fa8-9805f1628bb7

For protocols, call the test for the field being present "has this
protocol" rather than "is present".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2976 f5534014-38df-0310-8fa8-9805f1628bb7

Use the pretty name for the type, not the internal name, in the help
dialog for display filter fields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2975 f5534014-38df-0310-8fa8-9805f1628bb7

Use the ftype routines to determine what tests can be done on a field,
and whether you can slice a field.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2974 f5534014-38df-0310-8fa8-9805f1628bb7

FT_PROTOCOL is like FT_NONE; you can only test for the field's presence
(XXX or absence - we should offer that choice in the dialog).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2973 f5534014-38df-0310-8fa8-9805f1628bb7

Make some pointers "guchar" pointers, so that characters extracted from
strings are unsigned, so that we can hand them to "isXXX()" macros
without GCC warning us that an array subscript is "char" (as in "if this
is a character with the 8th bit set, you may not get the answer you
think you should from 'isXXX()'").

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2972 f5534014-38df-0310-8fa8-9805f1628bb7

Declare "proto_tree_set_protocol_tvb()" at the top, along with the other
"proto_tree_set_XXX_tvb()" routines.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2971 f5534014-38df-0310-8fa8-9805f1628bb7

Rename the "optarg()" and "opterr()" functions to "get_optarg()" and
"get_opterr()" so they don't collide with "getopt()"s "optarg" and
"opterr" globals (Solaris 2.6's <stdio.h> declares both "optarg" and
"opterr", causing "lemon.c" not to compile).

Define "safe_isXXX()" macros to call "isXXX()" after casting the
argument to "unsigned char" to handle characters with the 8th bit set.
Make some "int" variables used only to hold characters "char" instead.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2970 f5534014-38df-0310-8fa8-9805f1628bb7

Always show the scrollbar in the tree view panel, so that the scrollbar
doesn't appearn and disappear depending on the size of the proto tree
in relation to the view window. I didn't like the horizontal jumps that
the proto tree had to do when the scrollbar either disappeared or
appeared.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2969 f5534014-38df-0310-8fa8-9805f1628bb7