gram [Fri, 19 Nov 1999 22:32:00 +0000 (22:32 +0000)]
Change match_selected() to produce a display filter using the selected
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1070
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 19 Nov 1999 13:09:56 +0000 (13:09 +0000)]
Added Uwe's update to RPC.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1069
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 19 Nov 1999 09:55:38 +0000 (09:55 +0000)]
Beginnings of Q.2931 support.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1068
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 19 Nov 1999 09:46:51 +0000 (09:46 +0000)]
There are no protocols under Q.931, so mark everything up to the end of
the frame as being Q.931 stuff.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1067
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 19 Nov 1999 09:11:44 +0000 (09:11 +0000)]
Fix a typo.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1066
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 19 Nov 1999 09:10:22 +0000 (09:10 +0000)]
The only thing we shouldn't do if the "tree" argument is NULL is put
stuff into the tree - we should call the child dissectors in any case.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1065
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 19 Nov 1999 07:28:16 +0000 (07:28 +0000)]
Add support for SSCOP protocol; dissect signalling AAL packets using it.
It's in a file of its own, as I think there may be, or may have been
proposed, non-ATM uses of it as well.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1064
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 19 Nov 1999 05:48:21 +0000 (05:48 +0000)]
Add comments showing IFT names for the IFT-to-Wiretap encapsulation array.
If a interface type is not recognized, set error to WTAP_ERR_UNSUPPORTED
instead of WTAP_BAD_RECORD.
Continue to check for X.25, FDDI, and loopback traces via the interface
name instead of the newly-discovered if_type field in the packet header.
Once Olivier confirms that his traces still work by checking only if_type,
I'll change the code. But he's on vacation right now. ATM, Ethernet, and
Token-Ring are discovered via the if_type field.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1063
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 19 Nov 1999 05:12:50 +0000 (05:12 +0000)]
Be sure to use offset everywhere. The correct values for eth.src, eth.dst, and
eth.length were being pulled put into the proto_tree (logical and GUI),
but the fields were highlighted in the hex dump w/o adding offset.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1062
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 21:48:53 +0000 (21:48 +0000)]
Clean up some ANSI C nits pointed out by "gcc -pedantic".
Also, explicitly compare the result of "memcmp()" against 0 - the
appearance of a comparison operator in the expression makes it clearer
what test is being done.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1061
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 21:04:54 +0000 (21:04 +0000)]
Clean up some ANSI C nits pointed out by "gcc -pedantic".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1060
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 19:59:11 +0000 (19:59 +0000)]
Zero-length arrays are a GCC extension, and some compilers don't support
them - don't "#if 0" out the initializers for "hf[]", "#if 0" out the
entire declaration of "hf[]" and the call that uses "hf[]".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1059
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 09:39:12 +0000 (09:39 +0000)]
(AppTrafType & ATT_HLTYPE) is the type of high-level traffic, and
AppHLType is the subtype of that type; set them appropriately (as best
we can, given that we can only *guess* what kind of traffic it is) for
"iptrace" captures in Wiretap. (Alas, more work is needed to
distinguish Ethernet from Token-Ring LANE traffic....)
Handle VPI = 0, VCI = 5 as the Signalling AAL in "iptrace" captures.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1058
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 18 Nov 1999 08:50:37 +0000 (08:50 +0000)]
Check in my work so far on enabling the ATM iptrace capability. Not
all packets are recognized yet, but ILMI and Classical IP (LLCMX) are.
The ATM iptrace facility uses the ngsniffer_atm_phdr pseudo header so that
ethereal doesn't have to worry about yet another psuedo header.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1057
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 08:28:30 +0000 (08:28 +0000)]
Don't define the variables passed to "dissect_snmp_pdu()" if we don't
have an SNMP dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1056
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Thu, 18 Nov 1999 07:32:46 +0000 (07:32 +0000)]
Added decode of the Election Criteria and a few other bits of
info.
Still need someone to look at the times I have in there ... Guy?
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1055
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 07:29:55 +0000 (07:29 +0000)]
ILMI is just SNMP-over-ATM AAL5; if the SNMP dissector is available,
dissect ILMI packets with the SNMP dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1054
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 18 Nov 1999 07:04:29 +0000 (07:04 +0000)]
Fixed the checking of the return value from file_gets() (fgets()).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1053
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 18 Nov 1999 01:45:05 +0000 (01:45 +0000)]
Craig Rodrigues' fixes to let it compile on AIX using IBM's compiler
(remove commas following the last member of an enum, make all bit fields
"guint32" - GCC lets you get away with that, but at least some other
compilers don't).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1052
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 17 Nov 1999 23:31:22 +0000 (23:31 +0000)]
Add packet-bgp.h to the list of deliverables.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1051
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 21:58:33 +0000 (21:58 +0000)]
Provide a general mechanism by which dissectors can register "init"
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.
Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.
Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1050
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 19:07:10 +0000 (19:07 +0000)]
Typo fixes, and fix to bug wherein when Ethereal sees a Network-LSA it
does not stop dissecting the LSA until it hits the end of the packet,
from Heikki Vatiainen.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1049
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 07:50:33 +0000 (07:50 +0000)]
Add some comment based on some spelunking done in some capture files,
and on a comment that "libpcap"/BPF on AIX appears to return 6 as the
network type for an Ethernet device - the BSD IFT_ETHER is 6.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1048
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 06:52:19 +0000 (06:52 +0000)]
Print unsigned quantities with "%u", not "%d".
Use "plurality()" to pluralize byte counts.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1047
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 02:17:29 +0000 (02:17 +0000)]
Heikki Vatiainen's SAP (Session Announcement Protocol) dissector.
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1046
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 17 Nov 1999 01:35:57 +0000 (01:35 +0000)]
Typo fix, from Heikki Vatiainen.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1045
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Tue, 16 Nov 1999 17:03:36 +0000 (17:03 +0000)]
We should be checking the value of loc_of_slash instead of index. It
might be NULL from strchr().
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1044
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 16 Nov 1999 11:44:20 +0000 (11:44 +0000)]
Replace the ETT_ "enum" members, declared in "packet.h", with
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:
obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;
would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1043
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 16 Nov 1999 08:00:20 +0000 (08:00 +0000)]
"gtk_object_get_data()" returns a pointer, so its return value shouldn't
be cast to a "gint" if that "gint" value is then going to be assigned to
a pointer.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1042
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Tue, 16 Nov 1999 07:58:12 +0000 (07:58 +0000)]
I hope no one just committed something on this.
There was a core dump because of a coding oversight. Should be fixed
now Gilbert.
Should now handle names of form \<somepipe>
Will screw up if there is no leading slash, but in a non-fatal way, I
think.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1041
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Tue, 16 Nov 1999 06:59:17 +0000 (06:59 +0000)]
Remove an "#if 0"-ed out chunk of code that was supposed to cause the
hex window to scroll so that the data in the currently-selected field is
visible, but merely revealed core-dumping bugs in GTK+.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1040
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 15 Nov 1999 22:52:03 +0000 (22:52 +0000)]
Don't store both "start" and "length" in each GUI proto_tree item. Just
store the field_info pointer, from which we can get both "start" and
"length" (and "hfinfo" and "value", which I'm working towards, so that
match_selected, or a new function, and create a display filter based on
the field's name, instead of byte offset ).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1039
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Mon, 15 Nov 1999 21:33:57 +0000 (21:33 +0000)]
added sap types, netbios name types, ipx socket names
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1038
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Mon, 15 Nov 1999 17:16:51 +0000 (17:16 +0000)]
Got rid of dissect_rpc_string routine, renamed dissect_rpc_string_item to
dissect_rpc_string. Replaced only instance of this routine being called.
Added display filtering to rpc dissector. Replaced most instances of
proto_tree_add_text with proto_tree_add_item.
Added program version and procedure to the program tree in addition to it
being in the RPC tree.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1037
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Mon, 15 Nov 1999 14:57:38 +0000 (14:57 +0000)]
start of display filters and fix for toupper prototype
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1036
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Mon, 15 Nov 1999 14:32:16 +0000 (14:32 +0000)]
Fixed rpc dissector to upcase program name.
Fixed nfs and nlm to use a lowercase protocol name so filtering will work.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1035
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Mon, 15 Nov 1999 14:17:20 +0000 (14:17 +0000)]
Uwe Girlich's patches for nfs,mount,portmap and addition of nlm.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1034
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 15 Nov 1999 07:25:31 +0000 (07:25 +0000)]
We have to include <sys/types.h> before including <netinet/in.h> on some
platforms, e.g. FreeBSD.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1033
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Mon, 15 Nov 1999 06:32:38 +0000 (06:32 +0000)]
Add "class" that understands IPv4 addresses and subnet masks.
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.
CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:
ip.addr == 192.168.1.0/24
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1032
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 14 Nov 1999 21:16:58 +0000 (21:16 +0000)]
For ONC RPC, when constructing conversations, use a null address as the
destination address for calls and the source address of the reply - we
should't require the server address to be the same for a call and reply,
as they may not be on a multi-homed server (clients presumably check the
XID only, or perhaps the XID and the port whence the reply came,
although with TI-RPC I don't think they can check the port without
checking the address as well).
This requires that the conversation code not assume that the source and
destination addresses for a given packet in a conversation have the same
type, so, when comparing addresses for equality, it must explicitly
check the address types.
In said code, also check the port numbers before we check the addresses
- testing ports is cheaper, as they're just integers, and there's
probably a decent chance that you won't see two conversations between
different pairs of hosts and the *same* pair of ports in a capture file,
so the cheaper port tests are probably decently likely to fail first.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1031
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 14 Nov 1999 20:44:52 +0000 (20:44 +0000)]
Move the test to see if something looks like an ONC RPC request or reply
into "dissect_rpc()" itself; it returns TRUE if it is, FALSE if it
isn't.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1030
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 14 Nov 1999 19:56:32 +0000 (19:56 +0000)]
Set "conversation_keys" to NULL after destroying the list of
conversation keys.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1029
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 14 Nov 1999 10:48:17 +0000 (10:48 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1028
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 14 Nov 1999 10:32:26 +0000 (10:32 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1027
f5534014-38df-0310-8fa8-
9805f1628bb7
deniel [Sun, 14 Nov 1999 10:16:25 +0000 (10:16 +0000)]
Add display filters.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1026
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Sun, 14 Nov 1999 06:54:42 +0000 (06:54 +0000)]
OK,
much more complete decoding of browse messages.
They are now shown in the parent tree as well.
I still have problems with:
1. Times
2. Election criteral
I also haven't been able to see a BecomeBackup request, nor a
GetBackupListResp with more than one browser ... Should run a Windows NT
server or another Samba on my network.
I am also not sure of there are any more message types. Damn! Old, and
wrong MS documents!
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1025
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Sun, 14 Nov 1999 02:42:03 +0000 (02:42 +0000)]
Fixed some more small problems and added support for decoding
MS Windows Browser messages. Can decode host announcements now.
Still need to decode more. Also need to break the new code out.
I also have the Browse tree at the wrong location. Can I get at the
parent of the tree somewhere, or do I have to pass it in as a variable?
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1024
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 13 Nov 1999 10:13:24 +0000 (10:13 +0000)]
Dissect a whole pile of Q.931 information elements.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1023
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Sat, 13 Nov 1999 04:06:10 +0000 (04:06 +0000)]
Add ETT_Q931_IE
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1022
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 13 Nov 1999 02:07:59 +0000 (02:07 +0000)]
A few cause codes more (cue Ennio Morricone).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1021
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 13 Nov 1999 01:32:31 +0000 (01:32 +0000)]
Add initial support for decoding information elements.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1020
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 12 Nov 1999 22:43:32 +0000 (22:43 +0000)]
Add support for HINFO records.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1019
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Fri, 12 Nov 1999 15:12:23 +0000 (15:12 +0000)]
enhancements to ypserv dissector
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1018
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Thu, 11 Nov 1999 23:13:43 +0000 (23:13 +0000)]
added minimalist MAPI dissector - only determines request/reply
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1017
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Thu, 11 Nov 1999 21:22:00 +0000 (21:22 +0000)]
Added mount dissector.
Added stat dissector.
Enhancements to portmap dissector.
Added rpc_prog_name function to packet-rpc to retrieve the name of an
rpc program. This should likely eventually be modified to use the
/etc/rpc or rpc.bynumber NIS maps in addition to the programs that
are registered within ethereal.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1016
f5534014-38df-0310-8fa8-
9805f1628bb7
itojun [Thu, 11 Nov 1999 21:08:52 +0000 (21:08 +0000)]
bgp improvements.
- a few more tree types
- RFC1771 NLRI printed on advertisements
- AS_PATH parsing
- lots of small cleanup on printing "byte" vs "bytes"
From: Greg Hankins <gregh@cc.gatech.edu>
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1015
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 11 Nov 1999 20:44:14 +0000 (20:44 +0000)]
The conversation comparison code should, if *any* of the tests that
check whether the two packets are going in the same direction in the
same conversation fails, check whether the two packets are going in
opposite directions in the same conversation.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1014
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Thu, 11 Nov 1999 20:18:46 +0000 (20:18 +0000)]
Additions to bootparams, portmap, and ypserv dissectors
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1013
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 11 Nov 1999 19:19:17 +0000 (19:19 +0000)]
Remove potential for a bad toshiba trace file to overflow a fixed char[]
buffer in sscanf call.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1012
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Thu, 11 Nov 1999 16:20:25 +0000 (16:20 +0000)]
Expanded bootparams dissector to handle decoding getfile calls and replies.
Added proto_registrar_get_name routine to proto.c to retrieve the name
of particular proto_tree field.
Added dissect_rpc_string_item to packet-rpc.c. This routine does the same
thing as dissect_rpc_string, except it takes a hfindex of a
proto_tree item instead of a name. It uses the p_r_get_name call
to get the name, and adds the actual string content as a hidden
field (so that the subtree highlights the entire data area - length,
data, and padding). There is only one call to dissect_rpc_string, so
I believe that this routine should replace it.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1011
f5534014-38df-0310-8fa8-
9805f1628bb7
sharpe [Thu, 11 Nov 1999 13:56:58 +0000 (13:56 +0000)]
Some general fixups and some fixes for protocol decode problems
exposed by Win2000 interacting with a Samba server ...
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1010
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 11 Nov 1999 10:17:29 +0000 (10:17 +0000)]
Support all lengths of call reference value (1 to 15 octets).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1009
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 11 Nov 1999 08:45:34 +0000 (08:45 +0000)]
Change my e-mail address to the forwarding address my *alma mater*
provides. "Every problem in computer science can be solved by adding a
layer of indirection."
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1008
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 11 Nov 1999 08:35:11 +0000 (08:35 +0000)]
Add #defines for bits in the LAPD address field and for the LAPD SAPI
values.
Dissect the LAPD payload, if present.
Add the beginnings of a Q.931 dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1007
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 11 Nov 1999 08:04:06 +0000 (08:04 +0000)]
"XDLC_CONTROL_LEN()" actually returned the length of the entire xDLC
header, under the assumption that the address field was two octets.
It should return the length of the *control* field, and leave it up to
its caller to add in the length of the address field. (The address
field appears to be one byte in SNA, not two bytes.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1006
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 11 Nov 1999 06:29:59 +0000 (06:29 +0000)]
Remove unnecessary file_seek per packet, speeding up loading of a
gzipped toshiba file.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1005
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Thu, 11 Nov 1999 05:36:16 +0000 (05:36 +0000)]
Add LAPD support.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1004
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 22:43:53 +0000 (22:43 +0000)]
expanded portmap dissector to process some of the procedure calls
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1003
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 21:05:11 +0000 (21:05 +0000)]
Changed protocol names to all lowercase. It looks weird in listing though.
I'm presuming packet-rpc.c will be fixed soon.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1002
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 10 Nov 1999 19:58:54 +0000 (19:58 +0000)]
More small memleak fixes.
colors.c wasn't freeing path in one place
main.c wasn't freeing rc_file
the frame_buffer fix in wtap.c didn't clear everything.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1001
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 10 Nov 1999 19:47:57 +0000 (19:47 +0000)]
Fixed small memory leak in wiretap (frame_buffer wasn't being freed),
and aligned g_malloc calls with g_free calls (i.e, we no longer mix-and-match
C-library malloc with GLIB g_free, and vice-versa).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1000
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Wed, 10 Nov 1999 18:32:55 +0000 (18:32 +0000)]
Added dissect_imap() prototype to get rid of compilation warning
in packet-tcp.c
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@999
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 17:23:55 +0000 (17:23 +0000)]
Added stubs for various RPC routines:
portmap
ypserv
ypxfr
ypserv
bootparams
Stubs currently just map procedure numbers to names. I'll add some more
decoding of the actual procedure call/reply contents eventually.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@998
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 15:10:33 +0000 (15:10 +0000)]
added ypxfr program to rpc
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@997
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 14:54:37 +0000 (14:54 +0000)]
fix ypbinb/ypbind typo
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@996
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Wed, 10 Nov 1999 14:44:58 +0000 (14:44 +0000)]
Added imap dissector, pretty much a simple translation of the pop
dissector.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@995
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 10 Nov 1999 07:01:53 +0000 (07:01 +0000)]
Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@994
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 10 Nov 1999 06:01:21 +0000 (06:01 +0000)]
Fix up the MX record handling.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@993
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Wed, 10 Nov 1999 05:42:06 +0000 (05:42 +0000)]
Give all the fields in the VLAN header different names (fixing a
presumed cut-and-pasteo).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@992
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 8 Nov 1999 09:16:52 +0000 (09:16 +0000)]
The equivalent, for NBNS, of Brian J. Murrell's DNS patch to put
information about the queries and answers into the COL_INFO column in
the summary pane.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@991
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 8 Nov 1999 01:13:24 +0000 (01:13 +0000)]
Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@990
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Mon, 8 Nov 1999 01:03:40 +0000 (01:03 +0000)]
Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@989
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sun, 7 Nov 1999 21:00:40 +0000 (21:00 +0000)]
Brian J. Murrell's patch to put information about the queries and
answers into the COL_INFO column in the summary pane.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@988
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 10:31:47 +0000 (10:31 +0000)]
Add in a gross heuristic that attempts to detect files with the version
of the "libpcap" patch that changes the per-packet header but not the
magic number - it seems to work on at least one capture file I tried it
on.
Give the modified "libpcap" format a WTAP_FILE type of its own (so that,
in the future, we could support writing captures out in that format,
possibly).
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@987
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 08:42:01 +0000 (08:42 +0000)]
Add support for capture files written by programs linked with Alexey
Kuznetsov's modified "libpcap" *as long as you have the ss990915 or
later patch*; the 990417 patch, alas, changes the per-packet header but
*doesn't* change the magic number, so you can't just look at the magic
number to see that it's Not Standard Libpcap. (Even more unfortunately,
Red Hat appears to have picked up *that* patch for Red Hat 6.1; I've
filed bug 6773 with Bugzilla on their site - hopefully, if I'm not
misremembering the RH 6.1 code I've seen, and they really *did* pick up
the older patch, they'll fix it ASAP to use the new magic number, and
will make updates available.)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@986
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 06:54:24 +0000 (06:54 +0000)]
Pop up a message box if a search for a frame fails.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@985
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 06:42:41 +0000 (06:42 +0000)]
Clean up some stuff I failed to cleanup before the initial checkin.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@984
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 06:38:53 +0000 (06:38 +0000)]
Add a "Find Frame" menu item under "Display"; it lets you use a display
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@983
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 06:28:07 +0000 (06:28 +0000)]
Add a "Find Frame" menu item under "Display"; it lets you use a display
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@982
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 03:08:34 +0000 (03:08 +0000)]
Updates to the ICQ decoder, from Kojak.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@981
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Sat, 6 Nov 1999 02:05:32 +0000 (02:05 +0000)]
Get rid of an unused #define.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@980
f5534014-38df-0310-8fa8-
9805f1628bb7
itojun [Sat, 6 Nov 1999 01:28:50 +0000 (01:28 +0000)]
more updates to bgp dissector.
- separate tree for each message
- added some comments
- merged my code for OPEN message, mainly just terminology updates
- searched all RFCs and defined known attributes
from: Greg Hankins <gregh@cc.gatech.edu>
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@979
f5534014-38df-0310-8fa8-
9805f1628bb7
nneul [Fri, 5 Nov 1999 18:50:52 +0000 (18:50 +0000)]
fixed processing of tci and encapsulated proto
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@978
f5534014-38df-0310-8fa8-
9805f1628bb7
gram [Fri, 5 Nov 1999 15:55:09 +0000 (15:55 +0000)]
Fix LPD dissector problem for bug reported by
Fabrizio Ammollo <f.ammollo@reitek.com>
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@977
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Fri, 5 Nov 1999 07:16:23 +0000 (07:16 +0000)]
Updates to the ONC RPC and NFS code, from Uwe Girlich.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@976
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 4 Nov 1999 21:18:50 +0000 (21:18 +0000)]
Note that "ethereal -v" should give the GTK+ and "libpcap" version
numbers.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@975
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 4 Nov 1999 21:04:35 +0000 (21:04 +0000)]
For the "-v" flag, dump the "libpcap" version number, if we were built
with "libpcap".
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@974
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 4 Nov 1999 19:14:53 +0000 (19:14 +0000)]
Expand the description of the steps to take when reporting a bug.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@973
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 4 Nov 1999 08:21:04 +0000 (08:21 +0000)]
Decode the hardware and protocol types.
Define the hardware type, protocol type, and opcode values fields as
enums.
Dissect the addresses the same way the ARP dissector does, so that we
don't completely give up if the hardware addresses aren't 6-byte
Ethernet/Token Ring addresses or the protocol addresses aren't 4-byte
Appletalk IDs.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@972
f5534014-38df-0310-8fa8-
9805f1628bb7
guy [Thu, 4 Nov 1999 08:15:38 +0000 (08:15 +0000)]
Define the hardware type, protocol type, and opcode values fields as
enums.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@971
f5534014-38df-0310-8fa8-
9805f1628bb7