19 years agoConvert LAPD and V.120 dissector to use tvbuff. Convert xdlc dissector-helper,
gram [Wed, 31 May 2000 03:58:56 +0000 (03:58 +0000)]
Convert LAPD and V.120 dissector to use tvbuff. Convert xdlc dissector-helper,

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2030 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDefine "proto_tree" and "proto_item" as "GNode" rather than "struct
guy [Tue, 30 May 2000 09:52:30 +0000 (09:52 +0000)]
Define "proto_tree" and "proto_item" as "GNode" rather than "struct
GNode"; the latter, as Andreas Sikkema noted, gets warnings from some
C++ compilers, but the former doesn't.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2029 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGive the IPX dissector dissector hash tables for the IPX type and socket
guy [Tue, 30 May 2000 03:35:55 +0000 (03:35 +0000)]
Give the IPX dissector dissector hash tables for the IPX type and socket
number, and have the protocols encapsulated inside IPX register
themselves with that table.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2028 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago#include netinet/in.h (for ntohs() macro), if available.
gram [Tue, 30 May 2000 03:09:11 +0000 (03:09 +0000)]
#include netinet/in.h (for ntohs() macro), if available.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2027 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago1 - Use "tvb_reported_length()" in the X.25 dissector.
oabad [Mon, 29 May 2000 22:35:11 +0000 (22:35 +0000)]
1 - Use "tvb_reported_length()" in the X.25 dissector.
2 - Consistantly display LCN in decimal (they used to be displayed in
    decimal in the packet list, and in hexadecimal in the tree view).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2026 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGraham Bloice's Win32 Makefile changes to build in batch mode (gets rid
guy [Mon, 29 May 2000 20:42:55 +0000 (20:42 +0000)]
Graham Bloice's Win32 Makefile changes to build in batch mode (gets rid
of multiple compile lines in the output of the build, speeds the build

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2025 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGraham Bloice's Win32 Makefile changes to build in batch mode (gets rid
guy [Mon, 29 May 2000 20:11:41 +0000 (20:11 +0000)]
Graham Bloice's Win32 Makefile changes to build in batch mode (gets rid
of multiple compile lines in the output of the build, speeds the build

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2024 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd "tvb_reported_length()" to get the "reported length" of a tvbuff
guy [Mon, 29 May 2000 08:57:42 +0000 (08:57 +0000)]
Add "tvb_reported_length()" to get the "reported length" of a tvbuff
(i.e., the amount of data that was in the packet, even if not all of it
was captured), for use when dissecting packets containing data that
fills the packet (we want the dissector to try to dissect all of it; if
it runs past the end of the captured data, we want it to throw an
exception so that we'll put a "Short Frame" note in the protocol tree).

This means we always want a tvbuff to have a real reported length value,
so we make it an unsigned integer, and don't bother checking it for -1,
as it should never be -1.

If the reported length passed in to "tvb_set_subset()" is -1, set the
reported length to the reported length of the tvbuff of which the new
tvbuff will be a subset minus the offset in that tvbuff of the subset,
so that "-1" means "what's left of the packet after we chop off the
header".  This is necessary in order to ensure that all tvbuffs have a
real reported length value.

Have "dissect_packet()" set the reported length of the top-level tvbuff
to the reported length of the frame, so that we start out with a tvbuff
with a real reported length value.

Have "tvb_offset_exists()" return FALSE if the offset is past the end of
the tvbuff.

If the offset passed to it is postitive, have "compute_offset_length()"
check for that it's not more than one byte past the end of the tvbuff -
if it's just past the end, we don't want the check to fail, as we don't
want attempts to create a subset tvbuff containing zero bytes to fail;
that would be done if a captured packet was all header and no payload,
and we'd want the dissector of the payload, not the dissector of the
header, to throw an exception, as the problem isn't with the protocol
for the header, it's with the protocol for the payload.

Convert the ATM dissector, the SSCOP dissector, the Q.2931 dissector,
and the Q.931 dissector to use tvbuffs.

Make the LAPD dissector set up a tvbuff for the Q.931 dissector (it's
not converted yet).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2023 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGive the Appletalk DDP dissector a dissector hash table, and have the
guy [Sun, 28 May 2000 22:59:18 +0000 (22:59 +0000)]
Give the Appletalk DDP dissector a dissector hash table, and have the
protocols encapsulated inside DDP register themselves with that table.

Pull the EIGRP dissector into its own file, as suggested by Paul
Ionescu; it's not an IP-specific protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2022 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn the FDDI and LLC dissectors, extract fields as we use them, so that
guy [Sun, 28 May 2000 22:02:17 +0000 (22:02 +0000)]
In the FDDI and LLC dissectors, extract fields as we use them, so that
we don't get an exception (and thus a "Short Frame" or "Malformed
Frame" entry) until we get to a field that isn't in the frame.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2021 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "tvb_get_ntoh24()" to extract the OUI from a SNAP header, rather
guy [Sun, 28 May 2000 21:21:23 +0000 (21:21 +0000)]
Use "tvb_get_ntoh24()" to extract the OUI from a SNAP header, rather
than extracting each byte with "tvb_get_guint8()" and then putting them

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2020 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoChanged my mail address to oabad@cybercable.fr (dhis.net is too
oabad [Sun, 28 May 2000 17:04:47 +0000 (17:04 +0000)]
Changed my mail address to oabad@cybercable.fr (dhis.net is too

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2019 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoProperly register hf_x25_dbit and hf_ex25_dbit.
gram [Sun, 28 May 2000 06:26:10 +0000 (06:26 +0000)]
Properly register hf_x25_dbit and hf_ex25_dbit.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2018 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix some typos in strings.
guy [Sat, 27 May 2000 17:51:15 +0000 (17:51 +0000)]
Fix some typos in strings.

Remove some of the comments from the "README.developer" sample whose
purpose was tutorial rather than explanatory, or that don't apply.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2017 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse tvb_length() instead of END_OF_FRAME.
gram [Sat, 27 May 2000 15:46:02 +0000 (15:46 +0000)]
Use tvb_length() instead of END_OF_FRAME.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2016 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMention Stefan Raab as author of Mobile IP dissector.
gram [Sat, 27 May 2000 15:21:31 +0000 (15:21 +0000)]
Mention Stefan Raab as author of Mobile IP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2015 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd Mobile IP.
gram [Sat, 27 May 2000 13:54:17 +0000 (13:54 +0000)]
Add Mobile IP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2014 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd Mobile IP dissector. Converted to use tvbuff.
gram [Sat, 27 May 2000 13:53:26 +0000 (13:53 +0000)]
Add Mobile IP dissector. Converted to use tvbuff.
I'm going to make one more change to get rid of use of END_OF_FRAME, but
that will be later.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2013 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSupport for SCTP in the capture dialog, from Michael Tuexen.
guy [Fri, 26 May 2000 22:08:16 +0000 (22:08 +0000)]
Support for SCTP in the capture dialog, from Michael Tuexen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2012 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoInitial SCTP support (showing it by name from "ipprotostr()") from
guy [Fri, 26 May 2000 21:54:59 +0000 (21:54 +0000)]
Initial SCTP support (showing it by name from "ipprotostr()") from
Michael Tuexen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2011 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIncorporate the GTK+ 1.2.8 version of "gtkclist.c" (which includes all
guy [Fri, 26 May 2000 07:47:47 +0000 (07:47 +0000)]
Incorporate the GTK+ 1.2.8 version of "gtkclist.c" (which includes all
the speedups ours included, and some others).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2010 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't duplicate the "gtk_radio_button_new_with_label()" and
guy [Fri, 26 May 2000 07:32:56 +0000 (07:32 +0000)]
Don't duplicate the "gtk_radio_button_new_with_label()" and
"gtk_check_button_new_with_label()" code, just call those routines and
then fix up the label, as suggested by Dermot Musgrove on the gtk
mailing list.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2009 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGet rid of some now-unused variables.
guy [Fri, 26 May 2000 05:52:55 +0000 (05:52 +0000)]
Get rid of some now-unused variables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2008 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert X.25 dissector to use tvbuffs.
oabad [Thu, 25 May 2000 21:34:58 +0000 (21:34 +0000)]
Convert X.25 dissector to use tvbuffs.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2007 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoreplaced pinfo->current with pinfo->current_proto
oabad [Thu, 25 May 2000 18:32:06 +0000 (18:32 +0000)]
replaced pinfo->current with pinfo->current_proto

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2006 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSet pinfo->current_proto
gram [Thu, 25 May 2000 15:11:11 +0000 (15:11 +0000)]
Set pinfo->current_proto

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2005 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRemoved : col_add_fstr(pinfo->fd, COL_RES_DL_SRC, "0x%02X", byte0);
oabad [Thu, 25 May 2000 14:57:34 +0000 (14:57 +0000)]
Removed : col_add_fstr(pinfo->fd, COL_RES_DL_SRC, "0x%02X", byte0);
because it overrides the "DTE" or "DCE" value which was added before.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2004 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert dissect_clip() to use tvbuffs. Very trivial change.
gram [Thu, 25 May 2000 14:55:22 +0000 (14:55 +0000)]
Convert dissect_clip() to use tvbuffs. Very trivial change.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2003 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSupport for reading compressed Sniffer files, from Tim Farley, Joerg
guy [Thu, 25 May 2000 09:00:24 +0000 (09:00 +0000)]
Support for reading compressed Sniffer files, from Tim Farley, Joerg
Mayer, and yours truly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2002 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert LAPB dissector to use tvbuffs, and to get pseudo_header from
gram [Thu, 25 May 2000 08:45:54 +0000 (08:45 +0000)]
Convert LAPB dissector to use tvbuffs, and to get pseudo_header from
packet_info struct.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2001 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAssorted enhancements from Mark Burton.
guy [Thu, 25 May 2000 08:38:54 +0000 (08:38 +0000)]
Assorted enhancements from Mark Burton.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2000 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAssorted padding fixes from Mark Burton.
guy [Thu, 25 May 2000 08:32:13 +0000 (08:32 +0000)]
Assorted padding fixes from Mark Burton.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1999 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert dissect_ppp() and friends to use tvbuffs.
gram [Thu, 25 May 2000 07:42:26 +0000 (07:42 +0000)]
Convert dissect_ppp() and friends to use tvbuffs.
(the ip_tcp_options stuff is still non-tvbuff until I convert ip and tcp).

Add preliminary fix for Linux ISDN ippp devices (similar watch was posted
to ethereal-users, but did not use tvbuffs).

Change packet-raw.c to call capture_ppp()/dissect_ppp() in the case
where the frame starts with FF:03. We had been calling
capture_ip()/dissect_ip() at byte offset 4, but I think this is for
historical reasons of packet-raw.c and packet-ip.c existing before

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1998 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDisplay the fragment offset in decimal (as the IPv4 dissector does)
guy [Wed, 24 May 2000 07:52:31 +0000 (07:52 +0000)]
Display the fragment offset in decimal (as the IPv4 dissector does)
rather than hex.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1997 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPatch from Scott Howard to show the IP fragment offset as a byte offset
guy [Wed, 24 May 2000 07:51:10 +0000 (07:51 +0000)]
Patch from Scott Howard to show the IP fragment offset as a byte offset
rather than an 8-byte offset.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1996 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdate a comment to reflect that only UCD SNMP 4.1.1 has
guy [Wed, 24 May 2000 05:59:50 +0000 (05:59 +0000)]
Update a comment to reflect that only UCD SNMP 4.1.1 has
"snmp_set_full_objid()" as a macro rather than a function - 4.1.2 has it
as a function again.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1995 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoEIGRP over Appletalk and EIGRP over IPX support, from Paul Ionescu.
guy [Mon, 22 May 2000 18:09:36 +0000 (18:09 +0000)]
EIGRP over Appletalk and EIGRP over IPX support, from Paul Ionescu.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1994 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSupport for ISAKMP XAUTH authentication, from Yaniv Kaul.
guy [Mon, 22 May 2000 17:59:53 +0000 (17:59 +0000)]
Support for ISAKMP XAUTH authentication, from Yaniv Kaul.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1993 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGet rid of the comment before "cfgattrident2str()" explaining why it's
guy [Mon, 22 May 2000 17:56:01 +0000 (17:56 +0000)]
Get rid of the comment before "cfgattrident2str()" explaining why it's
there - it's now called from within "packet-isakmp.c", so there's no
need to explain "this isn't used yet, but it will be in the future"; the
future has arrived....

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1992 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoParsing attributes in Config mode, and support for a Hybrid mode
guy [Sun, 21 May 2000 19:59:02 +0000 (19:59 +0000)]
Parsing attributes in Config mode, and support for a Hybrid mode
authentication draft, from Yaniv Kaul.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1991 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "rm -f", not "rm", to remove "plugin_api.obj", so that if
guy [Sat, 20 May 2000 20:52:27 +0000 (20:52 +0000)]
Use "rm -f", not "rm", to remove "plugin_api.obj", so that if
"plugin_api.obj" doesn't exist, it just drives on rather than giving an

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1990 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd wtap-int.h. Move definitions relevant to the internal workins of wiretap
gram [Fri, 19 May 2000 23:07:04 +0000 (23:07 +0000)]
Add wtap-int.h. Move definitions relevant to the internal workins of wiretap
to that file, leave public definitions in wtap.h.

Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1989 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMove the closes of the save file FD around:
guy [Fri, 19 May 2000 22:37:57 +0000 (22:37 +0000)]
Move the closes of the save file FD around:

"capture()" should ensure that it's closed before returning, but
it was only getting closed by "wtap_dump_close()" on success, so
close the raw FD on failure (no "wtap_dump" stream is opened on
failure, so we just close the raw FD);

in a "update the display as packets arrive" capture, we should
close the FD in the parent as soon as the fork is done, before
even testing whether the fork succeeded (and we might as well do
the same with the write side of the sync pipe).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1988 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert dissect_raw() to use tvbuff's.
gram [Fri, 19 May 2000 21:47:38 +0000 (21:47 +0000)]
Convert dissect_raw() to use tvbuff's.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1987 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoClose capture file descriptor.
gram [Fri, 19 May 2000 19:53:48 +0000 (19:53 +0000)]
Close capture file descriptor.
From Mark Burton <markb@ordern.com>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1986 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDetect CISCO and NOVELL type IPX packets.
gram [Fri, 19 May 2000 19:48:01 +0000 (19:48 +0000)]
Detect CISCO and NOVELL type IPX packets.
From Paul Ionescu <ipaul@romsys.ro>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1985 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn Wiretap, a file stream handle is a "FILE_T", not a "FILE_T *" (a
guy [Fri, 19 May 2000 08:18:17 +0000 (08:18 +0000)]
In Wiretap, a file stream handle is a "FILE_T", not a "FILE_T *" (a
"FILE_T" is either a "gzFile" or a "FILE *", depending on whether zlib
support is enabled or not).  Fix various function declarations and

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1984 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThe only packets that look like SMUX packets *are* SMUX packets (unlike
guy [Fri, 19 May 2000 07:00:04 +0000 (07:00 +0000)]
The only packets that look like SMUX packets *are* SMUX packets (unlike
SNMP, where we let the ATM code tell the SNMP dissector to call it
"ILMI"), so don't pass a protocol name string into "dissect_smux_pdu()",
just have "dissect_smux_pdu()" call it "SMUX".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1983 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"wtap.h" doesn't need to include "ascend.h" or "toshiba.h".
guy [Fri, 19 May 2000 05:33:32 +0000 (05:33 +0000)]
"wtap.h" doesn't need to include "ascend.h" or "toshiba.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1982 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake "packet-clip.c", "packet-raw.c", "packet-ppp.c", "packet-tr.c",
guy [Fri, 19 May 2000 05:29:44 +0000 (05:29 +0000)]
Make "packet-clip.c", "packet-raw.c", "packet-ppp.c", "packet-tr.c",
"packet-eth.c", and "packet-fddi.c" include the include files that
declare the functions they export, so that the declarationss in the
header files will be checked against the definitions in the source

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1981 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake "packet-null.c" include "packet-null.h", so that the declarations
guy [Fri, 19 May 2000 05:18:26 +0000 (05:18 +0000)]
Make "packet-null.c" include "packet-null.h", so that the declarations
in "packet-null.h" will be checked against the definitions in

Fix the declaration of "dissect_null()" in "packet-null.h", so that said
checks don't complain.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1980 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd protection against 0-length FT_BYTES being added to proto_tree.
gram [Fri, 19 May 2000 04:54:36 +0000 (04:54 +0000)]
Add protection against 0-length FT_BYTES being added to proto_tree.

Convert ethertype() and dissect_null() to use tvbuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1979 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse new-style wtap_dump().
gram [Fri, 19 May 2000 02:42:16 +0000 (02:42 +0000)]
Use new-style wtap_dump().

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1978 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMark DHCP packets as DHCP, and add boot.dhcp flag.
gram [Fri, 19 May 2000 02:16:17 +0000 (02:16 +0000)]
Mark DHCP packets as DHCP, and add boot.dhcp flag.
From Paul Ionescu <ipaul@romsys.ro>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1977 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoNote that the time stamp is printed only when reading an existing
guy [Thu, 18 May 2000 20:58:59 +0000 (20:58 +0000)]
Note that the time stamp is printed only when reading an existing
capture file, not when printing packet summaries as packets are

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1976 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRemove the "union pseudo_header" from the "frame_data" structure;
guy [Thu, 18 May 2000 09:09:50 +0000 (09:09 +0000)]
Remove the "union pseudo_header" from the "frame_data" structure;
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it.  This saves some

This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.

This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case.  We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1975 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPaul Ionescu's patch to add support for IPX over GRE.
guy [Thu, 18 May 2000 08:41:22 +0000 (08:41 +0000)]
Paul Ionescu's patch to add support for IPX over GRE.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1974 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave "proto_tree_is_visible" false except when we're in the middle of
guy [Thu, 18 May 2000 08:35:01 +0000 (08:35 +0000)]
Have "proto_tree_is_visible" false except when we're in the middle of
doing something that requires that the text for protocol tree entries be
generated, i.e.

1) initialize it to FALSE;

2) have every routine that sets it clear it when it's done;

3) when printing packets, set it to TRUE only if we're not just
   printing packet summary lines;

and then get rid of settings to FALSE made unnecessary as a result of
those changes.

This makes sure it's not set when it doesn't have to be (which causes
the protocol tree code to format the text when it doesn't have to,
wasting CPU time).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1973 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSmall fix from Yaniv Kaul.
guy [Wed, 17 May 2000 08:23:50 +0000 (08:23 +0000)]
Small fix from Yaniv Kaul.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1972 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdates to doco.
gram [Wed, 17 May 2000 04:34:20 +0000 (04:34 +0000)]
Updates to doco.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1971 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGuard against short/malformed packets with old-style bounds-checking.
gram [Wed, 17 May 2000 04:09:32 +0000 (04:09 +0000)]
Guard against short/malformed packets with old-style bounds-checking.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1970 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd "eth.trailer" and show ethernet trailer if it exists.
gram [Wed, 17 May 2000 03:05:39 +0000 (03:05 +0000)]
Add "eth.trailer" and show ethernet trailer if it exists.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1969 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix dissect_ascend() prototype.
gram [Tue, 16 May 2000 15:22:31 +0000 (15:22 +0000)]
Fix dissect_ascend() prototype.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1968 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoChange 'cp' to 'mv' for 'accept' step.
gram [Tue, 16 May 2000 06:23:05 +0000 (06:23 +0000)]
Change 'cp' to 'mv' for 'accept' step.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1967 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert Ethernet and Lucent/Ascend dissectors to use tvbuff.
gram [Tue, 16 May 2000 06:21:33 +0000 (06:21 +0000)]
Convert Ethernet and Lucent/Ascend dissectors to use tvbuff.
Note in AUTHORS file that we use the exception module from kazlib.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1966 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave tvbuff's keep track of cap_len and pkt_len ('length' and 'reported_length'
gram [Tue, 16 May 2000 04:44:14 +0000 (04:44 +0000)]
Have tvbuff's keep track of cap_len and pkt_len ('length' and 'reported_length'
in tvbuff terminology). This is implemented for TVBUFF_REAL and TVBUFF_SUBSET
so far; support for TVBUFF_COMPOSITE is coming soon.

Throw either ReportedBoundsError or BoundsError.
A ReportedBoundsError is reported as "Malformed Frame" since the protocol
stated that a certain number of bytes should be available but they weren't.
A BoundsError is reported as a "Short Frame" since the snaplen was too short.

Register proto_short (BoundsError) and proto_malformed (ReportedBounds)
so searches can be made on "short" and "malformed".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1965 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a botch that kept it from compiling if you didn't have an SNMP
guy [Mon, 15 May 2000 08:02:39 +0000 (08:02 +0000)]
Fix a botch that kept it from compiling if you didn't have an SNMP

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1964 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd very basic tvbuff documentation. I still need to explain TVBUFF_COMPOSITE's,
gram [Mon, 15 May 2000 06:48:16 +0000 (06:48 +0000)]
Add very basic tvbuff documentation. I still need to explain TVBUFF_COMPOSITE's,
and explain how to use exceptions.h.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1963 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert token-ring dissector to use tvbuffs.
gram [Mon, 15 May 2000 06:22:07 +0000 (06:22 +0000)]
Convert token-ring dissector to use tvbuffs.

Modify ethernet dissector to catch BoundsError if the attempt to
create next_tvb with the length specified in the ethernet header throws
an exception. In that case, next_tv is created with as many bytes as
are available in the frame.

Both dissect_tr() and dissect_eth() now have TRY blocks, which means
I had to fiddle with 'volatile' and 'static' storage options to get
things right (at least according to gcc).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1962 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd accessors for 24-bit integers (which get returned as guint32's).
gram [Mon, 15 May 2000 04:37:27 +0000 (04:37 +0000)]
Add accessors for 24-bit integers (which get returned as guint32's).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1961 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSMUX and SNMP V3 support from Jochen Friedrich.
guy [Mon, 15 May 2000 03:15:12 +0000 (03:15 +0000)]
SMUX and SNMP V3 support from Jochen Friedrich.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1960 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWe can't trust "cf->current_frame" to refer to the frame that was
guy [Mon, 15 May 2000 01:50:16 +0000 (01:50 +0000)]
We can't trust "cf->current_frame" to refer to the frame that was
selected before we started re-colorizing or re-filtering the display, as
when the first row is added to the clist, that may be selected and thus
made the current frame.

This means that we can't find the row corresponding to the
previously-selected frame, if any, by checking as each packet is
colorized/filtered and see whether its "frame_data" structure is equal
to "cf->current_frame", as that'll always say that the first frame in
the display is the selected frame.

Instead, we recored the value of "cf->current_frame" before we do
anything to the clist, have "add_packet_to_packet_list()" return either
the row number of the frame (if it passed the filter and thus was added
to the clist) or -1 (if it didn't pass the filter and thus wasn't added
to the clist), and, after "add_packet_to_packet_list()", if the current
frame is the one that was the selected row, remember its row number (if
any), and, when we're finished colorizing/filtering the display, make
that row the current row if it's not -1 (-1 means that the selected row
didn't pass the filter).

Also, don't do that until after we've thawed the clist, as the vertical
adjustment for the clist doesn't reflect reality until then, and
attempting to go to a given row won't work right until the vertical
adjustment for the clist reflects reality.

Shove all the code to set the selected and focus rows, and to make said
row visible, into a routine, so the "Find Frame" and "Go To Frame" code
can use it as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1959 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a comment giving the URL of the CIFS Remote Administration Protocol
guy [Sun, 14 May 2000 20:50:03 +0000 (20:50 +0000)]
Add a comment giving the URL of the CIFS Remote Administration Protocol
spec (which covers some of what this file dissects).

Dissect the share type in NetShareEnum replies as a type value (using
values from said spec), not just as a number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1958 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThe argument to a "proto_tree_add_item()" adding an FT_IPv4 item should
guy [Sun, 14 May 2000 07:19:49 +0000 (07:19 +0000)]
The argument to a "proto_tree_add_item()" adding an FT_IPv4 item should
be the 32-bit IP address (in host byte order), not a pointer to the
first octet of that IP address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1957 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPut in some checks to make sure we don't go past the end of the frame
guy [Sun, 14 May 2000 04:00:48 +0000 (04:00 +0000)]
Put in some checks to make sure we don't go past the end of the frame
when fetching strings in NetShareEnum and NetServEnum2 replies.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1956 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn a NetServEnum, there's only one byte of padding after the share name.
guy [Sun, 14 May 2000 03:17:26 +0000 (03:17 +0000)]
In a NetServEnum, there's only one byte of padding after the share name.
(See, for example



git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1955 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix location of $(TETHEREAL) dependency.
gram [Sat, 13 May 2000 11:34:12 +0000 (11:34 +0000)]
Fix location of $(TETHEREAL) dependency.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1954 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "htoles()" rather than "pletohs()" to convert host-byte-order shorts
guy [Fri, 12 May 2000 22:12:21 +0000 (22:12 +0000)]
Use "htoles()" rather than "pletohs()" to convert host-byte-order shorts
to little-endian shorts - and to convert host-byte-order longs to
little-endian shorts (if the host-byte-order long will fit into a short,
"htoles()" does the right thing; if it doesn't, there is no right thing
to do - perhaps we should return a wiretap error, although, at least at
present, it's unlikely that we'll have packets bigger than 65535 bytes,
so it's unlikely that the values won't fit into a short).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1953 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoBen Fowler <wapdev@leedsnet.com>'s "usage of fd" patch.
gram [Fri, 12 May 2000 22:03:59 +0000 (22:03 +0000)]
Ben Fowler <wapdev@leedsnet.com>'s "usage of fd" patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1952 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix minor typo found by Alan Harrison.
guy [Fri, 12 May 2000 21:27:04 +0000 (21:27 +0000)]
Fix minor typo found by Alan Harrison.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1951 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf ethernet header has 'length', create tvbuff of only that length
gram [Fri, 12 May 2000 19:15:53 +0000 (19:15 +0000)]
If ethernet header has 'length', create tvbuff of only that length
for next dissector. TODO: mark any remaining data as "Ethernet Trailer"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1950 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDoug Nazar's patch to dissect substring filters.
guy [Fri, 12 May 2000 08:04:29 +0000 (08:04 +0000)]
Doug Nazar's patch to dissect substring filters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1949 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix dissect_data_tvb() so that it only appends a "Data" proto_tree label
gram [Fri, 12 May 2000 06:23:33 +0000 (06:23 +0000)]
Fix dissect_data_tvb() so that it only appends a "Data" proto_tree label
if there are more than 0 bytes of data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1948 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a sample Makefile for regression testing by using tethereal.
gram [Fri, 12 May 2000 05:47:00 +0000 (05:47 +0000)]
Add a sample Makefile for regression testing by using tethereal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1947 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn wiretap, set err to 0 before doing anything inside wtap_loop().
gram [Fri, 12 May 2000 05:06:33 +0000 (05:06 +0000)]
In wiretap, set err to 0 before doing anything inside wtap_loop().
Tethereal was dying on me because err was initialized to some random value.

It was this section of code that would exit even if wtap_loop was successful
(returned TRUE) because err was never initialized or set to anything.

err = load_cap_file(&cf, out_file_type);
if (err != 0) {

<BIGGER sheepish grin>
Fixed even more errors in LLC dissector. I had inadvertantly used the
wrong tvbuff_t* when calling dissect_data_tvb(). There is no way we are going
to be successful in this tvbuff conversion w/o regression testing. I'm
working on setting up a simple Makefile for regression testing tonight.
That's why I'm finding so many bugs in my LLC conversion.
</BIGGER sheepish grin>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1946 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago<sheepish grin>
gram [Fri, 12 May 2000 04:21:21 +0000 (04:21 +0000)]
<sheepish grin>
Fix error in my conversion to tvbuff routines.
Because offset was calculated based on next_tvb, which already knew to
skip 8 bytes, I don't have to use "offset+8" in calls to the next non-tvbuff
</sheepish grin>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1945 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRemove proto_tree doc, as all necessary info in it is in README.developer.
gram [Fri, 12 May 2000 04:00:05 +0000 (04:00 +0000)]
Remove proto_tree doc, as all necessary info in it is in README.developer.
Add tvbtest.c to list of packaged files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1944 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoConvert LLC dissector to use tvbuffs.
gram [Thu, 11 May 2000 22:04:18 +0000 (22:04 +0000)]
Convert LLC dissector to use tvbuffs.
Non-tvbuff dissectors create a tvbuff when calling dissect_llc()
Changed name of current_proto to match string in COL_PROTO ("FDDI" instead of "fddi")
Changed short text to be: [Short Frame: %s]  where %s is current_proto.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1943 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPut in a comment to note that "cfgattrident2str()" was put in for use
guy [Thu, 11 May 2000 20:36:14 +0000 (20:36 +0000)]
Put in a comment to note that "cfgattrident2str()" was put in for use
when we parse ISAKMP data attributes - we don't do that yet, which is
why it's not currently used.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1942 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoYaniv Kaul's patch to add support for the ISAKMP Configuration Method
guy [Thu, 11 May 2000 18:55:40 +0000 (18:55 +0000)]
Yaniv Kaul's patch to add support for the ISAKMP Configuration Method

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1941 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoI had moved the COL_INFO string to far forward, before fc was
gram [Thu, 11 May 2000 16:52:15 +0000 (16:52 +0000)]
I had moved the COL_INFO string to far forward, before fc was
being set. Fixed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1940 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd tvbuff class.
gram [Thu, 11 May 2000 08:18:09 +0000 (08:18 +0000)]
Add tvbuff class.
Add exceptions routines.
Convert proto_tree_add_*() routines to require tvbuff_t* argument.
Convert all dissectors to pass NULL argument ("NullTVB" macro == NULL) as
the tvbuff_t* argument to proto_tree_add_*() routines.

dissect_packet() creates a tvbuff_t, wraps the next dissect call in
a TRY block, will print "Short Frame" on the proto_tree if a BoundsError
exception is caught.

The FDDI dissector is converted to use tvbuff's.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1939 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn "Makefile.am" and "Makefile.nmake", have "DISSECTOR_SOURCES" include
guy [Thu, 11 May 2000 07:34:32 +0000 (07:34 +0000)]
In "Makefile.am" and "Makefile.nmake", have "DISSECTOR_SOURCES" include
only the dissector source files, not the header files; that way you
don't feed the header files to "make-reg-dotc", as "make-reg-dotc" won't
find any registration routines there so there's no point in feeding
header files to it.

Doing so means that we can make "DISSECTOR_OBJECTS" in "Makefile.nmake"
by doing


rather than separately enumerating the object files, as Nmake supports
System V "make"-style substitution.

This should let users who change "DISSECTOR_SOURCES" in one of those
files just copy it to the other file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1938 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoInclude an example of "wdd" output data from an Ascend trace I got ages
guy [Wed, 10 May 2000 22:20:26 +0000 (22:20 +0000)]
Include an example of "wdd" output data from an Ascend trace I got ages

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1937 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRename the "private" member of a "wtap_dumper" structure to "dump", as
guy [Wed, 10 May 2000 22:16:31 +0000 (22:16 +0000)]
Rename the "private" member of a "wtap_dumper" structure to "dump", as
per the "capture" member of a "wtap" structure, so that it doesn't
collide with the C++ reserved word "private".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1936 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"packet-giop.h" and "packet-h1.h" have joined the Choir Invisibule, so
guy [Wed, 10 May 2000 21:57:47 +0000 (21:57 +0000)]
"packet-giop.h" and "packet-h1.h" have joined the Choir Invisibule, so
they can just be deleted, not just commented out.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1935 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a typo in the packet counter.
gerald [Wed, 10 May 2000 21:36:55 +0000 (21:36 +0000)]
Fix a typo in the packet counter.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1934 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFixes for building 0.8.8.
gram [Wed, 10 May 2000 15:32:09 +0000 (15:32 +0000)]
Fixes for building 0.8.8.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1933 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUse "F<>" rather than "B<>" for file names in the Tethereal man page.
guy [Wed, 10 May 2000 06:05:17 +0000 (06:05 +0000)]
Use "F<>" rather than "B<>" for file names in the Tethereal man page.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1932 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGraham Bloice's changes to make clicking on a column header cause the
guy [Wed, 10 May 2000 06:00:22 +0000 (06:00 +0000)]
Graham Bloice's changes to make clicking on a column header cause the
display to be sorted by the value in that column (and to reverse the sort
order the next time you click on that column).

Use "F<>" rather than "B<>" for file names in the Ethereal man page.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1931 f5534014-38df-0310-8fa8-9805f1628bb7