git.samba.org - obnox/wireshark/wip.git/log

Change match_selected() to produce a display filter using the selected
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).

tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1070 f5534014-38df-0310-8fa8-9805f1628bb7

Added Uwe's update to RPC.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1069 f5534014-38df-0310-8fa8-9805f1628bb7

Beginnings of Q.2931 support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1068 f5534014-38df-0310-8fa8-9805f1628bb7

There are no protocols under Q.931, so mark everything up to the end of
the frame as being Q.931 stuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1067 f5534014-38df-0310-8fa8-9805f1628bb7

Fix a typo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1066 f5534014-38df-0310-8fa8-9805f1628bb7

The only thing we shouldn't do if the "tree" argument is NULL is put
stuff into the tree - we should call the child dissectors in any case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1065 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for SSCOP protocol; dissect signalling AAL packets using it.
It's in a file of its own, as I think there may be, or may have been
proposed, non-ATM uses of it as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1064 f5534014-38df-0310-8fa8-9805f1628bb7

Add comments showing IFT names for the IFT-to-Wiretap encapsulation array.

If a interface type is not recognized, set error to WTAP_ERR_UNSUPPORTED
instead of WTAP_BAD_RECORD.

Continue to check for X.25, FDDI, and loopback traces via the interface
name instead of the newly-discovered if_type field in the packet header.
Once Olivier confirms that his traces still work by checking only if_type,
I'll change the code. But he's on vacation right now. ATM, Ethernet, and
Token-Ring are discovered via the if_type field.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1063 f5534014-38df-0310-8fa8-9805f1628bb7

Be sure to use offset everywhere. The correct values for eth.src, eth.dst, and
eth.length were being pulled put into the proto_tree (logical and GUI),
but the fields were highlighted in the hex dump w/o adding offset.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1062 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up some ANSI C nits pointed out by "gcc -pedantic".

Also, explicitly compare the result of "memcmp()" against 0 - the
appearance of a comparison operator in the expression makes it clearer
what test is being done.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1061 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up some ANSI C nits pointed out by "gcc -pedantic".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1060 f5534014-38df-0310-8fa8-9805f1628bb7

Zero-length arrays are a GCC extension, and some compilers don't support
them - don't "#if 0" out the initializers for "hf[]", "#if 0" out the
entire declaration of "hf[]" and the call that uses "hf[]".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1059 f5534014-38df-0310-8fa8-9805f1628bb7

(AppTrafType & ATT_HLTYPE) is the type of high-level traffic, and
AppHLType is the subtype of that type; set them appropriately (as best
we can, given that we can only *guess* what kind of traffic it is) for
"iptrace" captures in Wiretap. (Alas, more work is needed to
distinguish Ethernet from Token-Ring LANE traffic....)

Handle VPI = 0, VCI = 5 as the Signalling AAL in "iptrace" captures.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1058 f5534014-38df-0310-8fa8-9805f1628bb7

Check in my work so far on enabling the ATM iptrace capability. Not
all packets are recognized yet, but ILMI and Classical IP (LLCMX) are.
The ATM iptrace facility uses the ngsniffer_atm_phdr pseudo header so that
ethereal doesn't have to worry about yet another psuedo header.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1057 f5534014-38df-0310-8fa8-9805f1628bb7

Don't define the variables passed to "dissect_snmp_pdu()" if we don't
have an SNMP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1056 f5534014-38df-0310-8fa8-9805f1628bb7

Added decode of the Election Criteria and a few other bits of
info.

Still need someone to look at the times I have in there ... Guy?

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1055 f5534014-38df-0310-8fa8-9805f1628bb7

ILMI is just SNMP-over-ATM AAL5; if the SNMP dissector is available,
dissect ILMI packets with the SNMP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1054 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed the checking of the return value from file_gets() (fgets()).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1053 f5534014-38df-0310-8fa8-9805f1628bb7

Craig Rodrigues' fixes to let it compile on AIX using IBM's compiler
(remove commas following the last member of an enum, make all bit fields
"guint32" - GCC lets you get away with that, but at least some other
compilers don't).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1052 f5534014-38df-0310-8fa8-9805f1628bb7

Add packet-bgp.h to the list of deliverables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1051 f5534014-38df-0310-8fa8-9805f1628bb7

Provide a general mechanism by which dissectors can register "init"
routines, which are called before a dissection pass is made over all the
packets in a capture - the "init" routine would clear out any state
information that needs to be initialized before such a dissection pass.

Make the NCP, SMB, AFS, and ONC RPC dissectors register their "init"
routines with that mechanism, have the code that reads in a capture file
call the routine that calls all registered "init" routines rather than
calling a wired-in set of "init" routines, and also have the code that
runs a filtering or colorizing pass over all the packets call that
routine, as a filtering or colorizing pass is a dissection pass.

Have the ONC RPC "init" routine zero out the table of RPC calls, so that
it completely erases any state from the previous dissection pass (so
that, for example, if you run a filtering pass, it doesn't mark any
non-duplicate packets as duplicates because it remembers them from the
previous pass).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1050 f5534014-38df-0310-8fa8-9805f1628bb7

Typo fixes, and fix to bug wherein when Ethereal sees a Network-LSA it
does not stop dissecting the LSA until it hits the end of the packet,
from Heikki Vatiainen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1049 f5534014-38df-0310-8fa8-9805f1628bb7

Add some comment based on some spelunking done in some capture files,
and on a comment that "libpcap"/BPF on AIX appears to return 6 as the
network type for an Ethernet device - the BSD IFT_ETHER is 6.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1048 f5534014-38df-0310-8fa8-9805f1628bb7

Print unsigned quantities with "%u", not "%d".

Use "plurality()" to pluralize byte counts.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1047 f5534014-38df-0310-8fa8-9805f1628bb7

Heikki Vatiainen's SAP (Session Announcement Protocol) dissector.

Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1046 f5534014-38df-0310-8fa8-9805f1628bb7

Typo fix, from Heikki Vatiainen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1045 f5534014-38df-0310-8fa8-9805f1628bb7

We should be checking the value of loc_of_slash instead of index. It
might be NULL from strchr().

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1044 f5534014-38df-0310-8fa8-9805f1628bb7

Replace the ETT_ "enum" members, declared in "packet.h", with
dynamically-assigned "ett_" integer values, assigned by
"proto_register_subtree_array()"; this:

obviates the need to update "packet.h" whenever you add a new
subtree type - you only have to add a call to
"proto_register_subtree_array()" to a "register" routine and an
array of pointers to "ett_", if they're not already there, and
add a pointer to the new "ett_" variable to the array, if they
are there;

would allow run-time-loaded dissectors to allocate subtree types
when they're loaded.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1043 f5534014-38df-0310-8fa8-9805f1628bb7

"gtk_object_get_data()" returns a pointer, so its return value shouldn't
be cast to a "gint" if that "gint" value is then going to be assigned to
a pointer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1042 f5534014-38df-0310-8fa8-9805f1628bb7

I hope no one just committed something on this.

There was a core dump because of a coding oversight. Should be fixed
now Gilbert.

Should now handle names of form \<somepipe>

Will screw up if there is no leading slash, but in a non-fatal way, I
think.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1041 f5534014-38df-0310-8fa8-9805f1628bb7

Remove an "#if 0"-ed out chunk of code that was supposed to cause the
hex window to scroll so that the data in the currently-selected field is
visible, but merely revealed core-dumping bugs in GTK+.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1040 f5534014-38df-0310-8fa8-9805f1628bb7

Don't store both "start" and "length" in each GUI proto_tree item. Just
store the field_info pointer, from which we can get both "start" and
"length" (and "hfinfo" and "value", which I'm working towards, so that
match_selected, or a new function, and create a display filter based on
the field's name, instead of byte offset ).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1039 f5534014-38df-0310-8fa8-9805f1628bb7

added sap types, netbios name types, ipx socket names

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1038 f5534014-38df-0310-8fa8-9805f1628bb7

Got rid of dissect_rpc_string routine, renamed dissect_rpc_string_item to
dissect_rpc_string. Replaced only instance of this routine being called.

Added display filtering to rpc dissector. Replaced most instances of
proto_tree_add_text with proto_tree_add_item.

Added program version and procedure to the program tree in addition to it
being in the RPC tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1037 f5534014-38df-0310-8fa8-9805f1628bb7

start of display filters and fix for toupper prototype

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1036 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed rpc dissector to upcase program name.
Fixed nfs and nlm to use a lowercase protocol name so filtering will work.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1035 f5534014-38df-0310-8fa8-9805f1628bb7

Uwe Girlich's patches for nfs,mount,portmap and addition of nlm.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1034 f5534014-38df-0310-8fa8-9805f1628bb7

We have to include <sys/types.h> before including <netinet/in.h> on some
platforms, e.g. FreeBSD.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1033 f5534014-38df-0310-8fa8-9805f1628bb7

Add "class" that understands IPv4 addresses and subnet masks.
We now store IPv4 addresses in host order, allowing non-equivalence
comparisons. That is, display filters with lt, le, gt, and ge will work
on big-endian and little-endian machines.

CIDR notation is now supported for IPv4 addresses in display filters.
You can test to see if an IPv4 address is on a certain subnet by using
this notation. For example, to test for IPv4 packets on a Class-C network:

ip.addr == 192.168.1.0/24

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1032 f5534014-38df-0310-8fa8-9805f1628bb7

For ONC RPC, when constructing conversations, use a null address as the
destination address for calls and the source address of the reply - we
should't require the server address to be the same for a call and reply,
as they may not be on a multi-homed server (clients presumably check the
XID only, or perhaps the XID and the port whence the reply came,
although with TI-RPC I don't think they can check the port without
checking the address as well).

This requires that the conversation code not assume that the source and
destination addresses for a given packet in a conversation have the same
type, so, when comparing addresses for equality, it must explicitly
check the address types.

In said code, also check the port numbers before we check the addresses
- testing ports is cheaper, as they're just integers, and there's
probably a decent chance that you won't see two conversations between
different pairs of hosts and the *same* pair of ports in a capture file,
so the cheaper port tests are probably decently likely to fail first.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1031 f5534014-38df-0310-8fa8-9805f1628bb7

Move the test to see if something looks like an ONC RPC request or reply
into "dissect_rpc()" itself; it returns TRUE if it is, FALSE if it
isn't.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1030 f5534014-38df-0310-8fa8-9805f1628bb7

Set "conversation_keys" to NULL after destroying the list of
conversation keys.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1029 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1028 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1027 f5534014-38df-0310-8fa8-9805f1628bb7

Add display filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1026 f5534014-38df-0310-8fa8-9805f1628bb7

OK,

much more complete decoding of browse messages.

They are now shown in the parent tree as well.

I still have problems with:

  1. Times
  2. Election criteral

I also haven't been able to see a BecomeBackup request, nor a
GetBackupListResp with more than one browser ... Should run a Windows NT
server or another Samba on my network.

I am also not sure of there are any more message types.  Damn! Old, and
wrong MS documents!

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1025 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed some more small problems and added support for decoding
MS Windows Browser messages.  Can decode host announcements now.

Still need to decode more.  Also need to break the new code out.

I also have the Browse tree at the wrong location.  Can I get at the
parent of the tree somewhere, or do I have to pass it in as a variable?

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1024 f5534014-38df-0310-8fa8-9805f1628bb7

Dissect a whole pile of Q.931 information elements.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1023 f5534014-38df-0310-8fa8-9805f1628bb7

Add ETT_Q931_IE

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1022 f5534014-38df-0310-8fa8-9805f1628bb7

A few cause codes more (cue Ennio Morricone).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1021 f5534014-38df-0310-8fa8-9805f1628bb7

Add initial support for decoding information elements.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1020 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for HINFO records.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1019 f5534014-38df-0310-8fa8-9805f1628bb7

enhancements to ypserv dissector

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1018 f5534014-38df-0310-8fa8-9805f1628bb7

added minimalist MAPI dissector - only determines request/reply

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1017 f5534014-38df-0310-8fa8-9805f1628bb7

Added mount dissector.
Added stat dissector.
Enhancements to portmap dissector.
Added rpc_prog_name function to packet-rpc to retrieve the name of an
        rpc program. This should likely eventually be modified to use the
        /etc/rpc or rpc.bynumber NIS maps in addition to the programs that
        are registered within ethereal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1016 f5534014-38df-0310-8fa8-9805f1628bb7

bgp improvements.
- a few more tree types
- RFC1771 NLRI printed on advertisements
- AS_PATH parsing
- lots of small cleanup on printing "byte" vs "bytes"

From: Greg Hankins <gregh@cc.gatech.edu>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1015 f5534014-38df-0310-8fa8-9805f1628bb7

The conversation comparison code should, if *any* of the tests that
check whether the two packets are going in the same direction in the
same conversation fails, check whether the two packets are going in
opposite directions in the same conversation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1014 f5534014-38df-0310-8fa8-9805f1628bb7

Additions to bootparams, portmap, and ypserv dissectors

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1013 f5534014-38df-0310-8fa8-9805f1628bb7

Remove potential for a bad toshiba trace file to overflow a fixed char[]
buffer in sscanf call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1012 f5534014-38df-0310-8fa8-9805f1628bb7

Expanded bootparams dissector to handle decoding getfile calls and replies.
Added proto_registrar_get_name routine to proto.c to retrieve the name
of particular proto_tree field.
Added dissect_rpc_string_item to packet-rpc.c. This routine does the same
thing as dissect_rpc_string, except it takes a hfindex of a
proto_tree item instead of a name. It uses the p_r_get_name call
to get the name, and adds the actual string content as a hidden
field (so that the subtree highlights the entire data area - length,
data, and padding). There is only one call to dissect_rpc_string, so
I believe that this routine should replace it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1011 f5534014-38df-0310-8fa8-9805f1628bb7

Some general fixups and some fixes for protocol decode problems
exposed by Win2000 interacting with a Samba server ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1010 f5534014-38df-0310-8fa8-9805f1628bb7

Support all lengths of call reference value (1 to 15 octets).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1009 f5534014-38df-0310-8fa8-9805f1628bb7

Change my e-mail address to the forwarding address my *alma mater*
provides. "Every problem in computer science can be solved by adding a
layer of indirection."

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1008 f5534014-38df-0310-8fa8-9805f1628bb7

Add #defines for bits in the LAPD address field and for the LAPD SAPI
values.

Dissect the LAPD payload, if present.

Add the beginnings of a Q.931 dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1007 f5534014-38df-0310-8fa8-9805f1628bb7

"XDLC_CONTROL_LEN()" actually returned the length of the entire xDLC
header, under the assumption that the address field was two octets.

It should return the length of the *control* field, and leave it up to
its caller to add in the length of the address field. (The address
field appears to be one byte in SNA, not two bytes.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1006 f5534014-38df-0310-8fa8-9805f1628bb7

Remove unnecessary file_seek per packet, speeding up loading of a
gzipped toshiba file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1005 f5534014-38df-0310-8fa8-9805f1628bb7

Add LAPD support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1004 f5534014-38df-0310-8fa8-9805f1628bb7

expanded portmap dissector to process some of the procedure calls

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1003 f5534014-38df-0310-8fa8-9805f1628bb7

Changed protocol names to all lowercase. It looks weird in listing though.
I'm presuming packet-rpc.c will be fixed soon.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1002 f5534014-38df-0310-8fa8-9805f1628bb7

More small memleak fixes.

colors.c wasn't freeing path in one place
main.c wasn't freeing rc_file
the frame_buffer fix in wtap.c didn't clear everything.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1001 f5534014-38df-0310-8fa8-9805f1628bb7

Fixed small memory leak in wiretap (frame_buffer wasn't being freed),
and aligned g_malloc calls with g_free calls (i.e, we no longer mix-and-match
C-library malloc with GLIB g_free, and vice-versa).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1000 f5534014-38df-0310-8fa8-9805f1628bb7

Added dissect_imap() prototype to get rid of compilation warning
in packet-tcp.c

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@999 f5534014-38df-0310-8fa8-9805f1628bb7

Added stubs for various RPC routines:
portmap
ypserv
ypxfr
ypserv
bootparams

Stubs currently just map procedure numbers to names. I'll add some more
decoding of the actual procedure call/reply contents eventually.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@998 f5534014-38df-0310-8fa8-9805f1628bb7

added ypxfr program to rpc

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@997 f5534014-38df-0310-8fa8-9805f1628bb7

fix ypbinb/ypbind typo

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@996 f5534014-38df-0310-8fa8-9805f1628bb7

Added imap dissector, pretty much a simple translation of the pop
dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@995 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@994 f5534014-38df-0310-8fa8-9805f1628bb7

Fix up the MX record handling.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@993 f5534014-38df-0310-8fa8-9805f1628bb7

Give all the fields in the VLAN header different names (fixing a
presumed cut-and-pasteo).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@992 f5534014-38df-0310-8fa8-9805f1628bb7

The equivalent, for NBNS, of Brian J. Murrell's DNS patch to put
information about the queries and answers into the COL_INFO column in
the summary pane.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@991 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@990 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "Go To Frame" menu item, which lets you go to a frame by frame
number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@989 f5534014-38df-0310-8fa8-9805f1628bb7

Brian J. Murrell's patch to put information about the queries and
answers into the COL_INFO column in the summary pane.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@988 f5534014-38df-0310-8fa8-9805f1628bb7

Add in a gross heuristic that attempts to detect files with the version
of the "libpcap" patch that changes the per-packet header but not the
magic number - it seems to work on at least one capture file I tried it
on.

Give the modified "libpcap" format a WTAP_FILE type of its own (so that,
in the future, we could support writing captures out in that format,
possibly).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@987 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for capture files written by programs linked with Alexey
Kuznetsov's modified "libpcap" *as long as you have the ss990915 or
later patch*; the 990417 patch, alas, changes the per-packet header but
*doesn't* change the magic number, so you can't just look at the magic
number to see that it's Not Standard Libpcap. (Even more unfortunately,
Red Hat appears to have picked up *that* patch for Red Hat 6.1; I've
filed bug 6773 with Bugzilla on their site - hopefully, if I'm not
misremembering the RH 6.1 code I've seen, and they really *did* pick up
the older patch, they'll fix it ASAP to use the new magic number, and
will make updates available.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@986 f5534014-38df-0310-8fa8-9805f1628bb7

Pop up a message box if a search for a frame fails.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@985 f5534014-38df-0310-8fa8-9805f1628bb7

Clean up some stuff I failed to cleanup before the initial checkin.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@984 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "Find Frame" menu item under "Display"; it lets you use a display
filter to search forward or backward in the list of displayed frames for
a matching frame.

When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.

Select the first frame when a file is read in.

Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@983 f5534014-38df-0310-8fa8-9805f1628bb7

Add a "Find Frame" menu item under "Display"; it lets you use a display
filter to search forward or backward in the list of displayed frames for
a matching frame.

When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.

Select the first frame when a file is read in.

Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@982 f5534014-38df-0310-8fa8-9805f1628bb7

Updates to the ICQ decoder, from Kojak.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@981 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of an unused #define.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@980 f5534014-38df-0310-8fa8-9805f1628bb7

more updates to bgp dissector.
- separate tree for each message
- added some comments
- merged my code for OPEN message, mainly just terminology updates
- searched all RFCs and defined known attributes

from: Greg Hankins <gregh@cc.gatech.edu>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@979 f5534014-38df-0310-8fa8-9805f1628bb7

fixed processing of tci and encapsulated proto

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@978 f5534014-38df-0310-8fa8-9805f1628bb7

Fix LPD dissector problem for bug reported by
Fabrizio Ammollo <f.ammollo@reitek.com>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@977 f5534014-38df-0310-8fa8-9805f1628bb7

Updates to the ONC RPC and NFS code, from Uwe Girlich.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@976 f5534014-38df-0310-8fa8-9805f1628bb7

Note that "ethereal -v" should give the GTK+ and "libpcap" version
numbers.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@975 f5534014-38df-0310-8fa8-9805f1628bb7

For the "-v" flag, dump the "libpcap" version number, if we were built
with "libpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@974 f5534014-38df-0310-8fa8-9805f1628bb7

Expand the description of the steps to take when reporting a bug.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@973 f5534014-38df-0310-8fa8-9805f1628bb7

Decode the hardware and protocol types.

Define the hardware type, protocol type, and opcode values fields as
enums.

Dissect the addresses the same way the ARP dissector does, so that we
don't completely give up if the hardware addresses aren't 6-byte
Ethernet/Token Ring addresses or the protocol addresses aren't 4-byte
Appletalk IDs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@972 f5534014-38df-0310-8fa8-9805f1628bb7

Define the hardware type, protocol type, and opcode values fields as
enums.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@971 f5534014-38df-0310-8fa8-9805f1628bb7