19 years ago"hf_sna_rh_csi" is now an FT_UINT8 field, so add it with
guy [Wed, 3 Jan 2001 21:52:40 +0000 (21:52 +0000)]
"hf_sna_rh_csi" is now an FT_UINT8 field, so add it with
"proto_tree_add_uint()", not "proto_tree_add_boolean()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2818 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoEnsure that all value_string arrays end in {0, NULL}. Dissectors got away
gram [Wed, 3 Jan 2001 16:41:08 +0000 (16:41 +0000)]
Ensure that all value_string arrays end in {0, NULL}. Dissectors got away
with not terminating their arrays because they knew the limits of the
value used to look up strings in the value_string array, but the
dfilter_expr_dlg does not know these limits and must rely on the terminating
{0, NULL} record.

Also, in SNA fixed a bug in which a field should have been defined as FT_UINT8
but was defined as FT_BOOLEAN.

In WTP, fixed a value string which had duplicate keys.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2817 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave the TR MAC and LLC dissectors register themselves, make them
guy [Wed, 3 Jan 2001 10:34:42 +0000 (10:34 +0000)]
Have the TR MAC and LLC dissectors register themselves, make them
static, and have other dissectors call them through handles.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2816 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRegister the WSP dissector, make it static, and have the WTP dissector
guy [Wed, 3 Jan 2001 08:42:48 +0000 (08:42 +0000)]
Register the WSP dissector, make it static, and have the WTP dissector
call it through a handle.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2815 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMake the Zebra dissector, and a routine it uses, static, as they're not
guy [Wed, 3 Jan 2001 08:26:40 +0000 (08:26 +0000)]
Make the Zebra dissector, and a routine it uses, static, as they're not
called directly from outside "packet-zebra.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2814 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdate the README.developer file to reflect the recent changes to
guy [Wed, 3 Jan 2001 08:00:01 +0000 (08:00 +0000)]
Update the README.developer file to reflect the recent changes to
"proto_register_protocol()" and the addition of

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2813 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a new "prefs_register_protocol()" routine, which is like
guy [Wed, 3 Jan 2001 07:53:48 +0000 (07:53 +0000)]
Add a new "prefs_register_protocol()" routine, which is like
"prefs_register_module()" except that it takes a protocol index as
returned by "proto_register_protocol()" as its first argument, rather
than taking two character strings as arguments as its first two
arguments, and uses the protocol's abbreviation as the name to use for
preferences in the preferences file and the "-o" flag and uses the
protocol's short name as the name to use in the tabs in the
"Edit->Preferences" window.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2812 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave "proto_register_protocol()" build a list of data structures for
guy [Wed, 3 Jan 2001 07:37:29 +0000 (07:37 +0000)]
Have "proto_register_protocol()" build a list of data structures for
protocols, in addition to adding structures to the list of filterable
fields.  Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as


the dialog box for constructing filters;

the preferences tab for the protocol;

and so on (although we're not yet using it in all those places).

Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.

Make some routines and variables that aren't exported static.

Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2811 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoHave "proto_register_protocol()" build a list of data structures for
guy [Wed, 3 Jan 2001 06:56:03 +0000 (06:56 +0000)]
Have "proto_register_protocol()" build a list of data structures for
protocols, in addition to adding structures to the list of filterable
fields.  Give it an extra argument that specifies a "short name" for the
protocol, for use in such places as


the dialog box for constructing filters;

the preferences tab for the protocol;

and so on (although we're not yet using it in all those places).

Make the preference name that appears in the preferences file and the
command line for the DIAMETER protocol "diameter", not "Diameter"; the
convention is that the name in question be all-lower-case.

Make some routines and variables that aren't exported static.

Update a comment in the ICP dissector to make it clear that the
dissector won't see fragments other than the first fragment of a
fragmented datagram.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2810 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a damn stupid mistake that stopped us seeing all the bits in the flags on a NetSe...
sharpe [Wed, 3 Jan 2001 04:37:07 +0000 (04:37 +0000)]
Fix a damn stupid mistake that stopped us seeing all the bits in the flags on a NetServerEnum2 request.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2809 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSupport for HTTP methods added by GENA (the uPnP protocol), and for the
guy [Wed, 3 Jan 2001 03:40:29 +0000 (03:40 +0000)]
Support for HTTP methods added by GENA (the uPnP protocol), and for the
HTTP-based SSDP protocol, from David Hampton.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2808 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoBase the decision of whether selecting an entry in the value list sets
guy [Tue, 2 Jan 2001 19:54:50 +0000 (19:54 +0000)]
Base the decision of whether selecting an entry in the value list sets
the value entry on the type of the field, not on whether the value entry
is visible; the value entry is hidden, in "field_select_row_cb()", after
"build_boolean_values()" is called, and building the list in
"build_boolean_values()" will cause an entry in that list to be
selected, and "value_list_sel_cb()" will be called as a result, so it
can't correctly base its decision on whether to set the value entry on
whether the entry is visible, as it's not yet been made invisible.

Fix a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2807 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't show "Text" as one of the available fields.
guy [Tue, 2 Jan 2001 19:38:20 +0000 (19:38 +0000)]
Don't show "Text" as one of the available fields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2806 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a dialog box for constructing expressions that test a field in the
guy [Tue, 2 Jan 2001 01:32:21 +0000 (01:32 +0000)]
Add a dialog box for constructing expressions that test a field in the
display tree, based on Jeff Foster's dialog box for selecting fields.

Make the dialog box for browsing filters into a dialog box for
constructing filters; make the "Apply" button and the "OK" button apply
the filter in the text entry box in the dialog, not the currently
selected filter (selecting a filter puts it in that text entry box, but
the user may edit it afterwards, or may use the aforementioned dialog
box to construct a filter not in the list).

Get rid of extra declarations of "m_r_font" and "m_b_font" in
"proto_draw.c"; they're declared in "gtk/gtkglobals.h", which it includes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2805 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoA small fix to ensure that all servers/workgroups show up ... Last one
sharpe [Mon, 1 Jan 2001 01:44:46 +0000 (01:44 +0000)]
A small fix to ensure that all servers/workgroups show up ... Last one
was not being picked up ...

Will have to add proper state keeping code soon ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2804 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agounderstand TCP MD5 signature. Greg Hankins <gregh@twoguys.org>
itojun [Sat, 30 Dec 2000 05:23:56 +0000 (05:23 +0000)]
understand TCP MD5 signature.  Greg Hankins <gregh@twoguys.org>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2803 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTvbuffify the MAPI dissector.
guy [Fri, 29 Dec 2000 05:15:37 +0000 (05:15 +0000)]
Tvbuffify the MAPI dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2802 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix up some calls in which I didn't replace "NullTVB" with "tvb".
guy [Fri, 29 Dec 2000 04:41:30 +0000 (04:41 +0000)]
Fix up some calls in which I didn't replace "NullTVB" with "tvb".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2801 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf we get an exception when dissecting a packet, append "[Short Frame]"
guy [Fri, 29 Dec 2000 04:16:57 +0000 (04:16 +0000)]
If we get an exception when dissecting a packet, append "[Short Frame]"
or "[Malformed Frame]" to the Info column.

Make some dissectors set the Protocol column and clear the Info column
before fetching anything from the tvbuff they were handed, so that if
the frame is short or malformed, it'll be marked as being the right
top-level protocol, and the Info column won't have cruft left over from
the previous protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2800 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"dissect_lapb()" is static to "packet-lapb.c", so it can't be directly
guy [Fri, 29 Dec 2000 02:27:21 +0000 (02:27 +0000)]
"dissect_lapb()" is static to "packet-lapb.c", so it can't be directly
called by "dissect_lapbether()".  "packet-lapbether.c" included
"packet-lapb.h", to get "dissect_lapb()" declared, but that header file
doesn't exist.

Dissectors should call other dissectors indirectly, so have the LAPB
dissector register itself and have the LAPB-over-Ethernet dissector get
that handle and call the LAPB dissector through that handle, rather than
making the LAPB dissector non-static and adding a "packet-lapb.h" header
to declare it.

Remove some unnecessary includes from "packet-lapbether.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2799 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTvbuffify the IMAP dissector.
guy [Fri, 29 Dec 2000 02:19:14 +0000 (02:19 +0000)]
Tvbuffify the IMAP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2798 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoModify X.25 dissector to accept a search string of x.25 and ex.25, not x25 and ex25.
sharpe [Fri, 29 Dec 2000 01:27:35 +0000 (01:27 +0000)]
Modify X.25 dissector to accept a search string of x.25 and ex.25, not x25 and ex25.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2797 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdded a LAPBETHER dissector as per Guy's wishes ... :-)
sharpe [Fri, 29 Dec 2000 01:06:24 +0000 (01:06 +0000)]
Added a LAPBETHER dissector as per Guy's wishes ... :-)

Damn, took more than half an hour :-(

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2796 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWhen creating a subset tvbuff with lengths that don't run to the end of
guy [Fri, 29 Dec 2000 00:51:52 +0000 (00:51 +0000)]
When creating a subset tvbuff with lengths that don't run to the end of
the parent tvbuff, we have to set "pinfo->len" and "pinfo->captured_len"
unless we know for certain that *no* old-style dissectors will be called
later, because old-style dissectors get their length information from
"pi.len" and "pi.captured_len".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2795 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTvbuffify the PPTP dissector.
guy [Fri, 29 Dec 2000 00:35:51 +0000 (00:35 +0000)]
Tvbuffify the PPTP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2794 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdates from Ed Warnicke.
guy [Thu, 28 Dec 2000 10:10:17 +0000 (10:10 +0000)]
Updates from Ed Warnicke.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2793 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTvbuffify the CDP, CGMP, ISL, and VTP dissectors.
guy [Thu, 28 Dec 2000 09:49:09 +0000 (09:49 +0000)]
Tvbuffify the CDP, CGMP, ISL, and VTP dissectors.

Add a new subdissector table in the LLC dissector for protocol IDs with
a Cisco OUI, and register the CDP, CGMP, and VTMP dissectors in that
table, rather than calling them via a switch statement.

Register the ISL dissector by name, and have the Ethernet dissector call
it via a handle.

Fix the handling of the checksum field in the CDP dissector.

The strings in CDP are counted, not null-terminated; treat them as such.

Fix the handling of the encapsulated frame CRC, and the encapsulated
frame, in the ISL dissector, at least for Ethernet frames; it may not be
correct for encapsulated Token Ring frames.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2792 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago>This patch adds a missing capabilities NOTIFICATION message, and support for
itojun [Thu, 28 Dec 2000 05:13:14 +0000 (05:13 +0000)]
>This patch adds a missing capabilities NOTIFICATION message, and support for
>RFC2385 (Protection of BGP Sessions via the TCP MD5 Signature Option).
From: Greg Hankins <gregh@twoguys.org>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2791 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIt turns out that the read timeout in Solaris's "bufmod" STREAMS module
guy [Thu, 28 Dec 2000 01:44:19 +0000 (01:44 +0000)]
It turns out that the read timeout in Solaris's "bufmod" STREAMS module
doesn't work like the read timeout in BPF - the timer doesn't start
until at least one packet has arrived.

I think that's the way read timeouts should work on *all* packet capture
mechanisms, but it does mean that Solaris will, on a quiet net, exhibit
the same symptoms that Linux used to exhibit before we put in a
"select()" call to wait until either packets arrive or a timer expires -
the "pcap_dispatch()" call blocks until a packet arrives, so the display
doesn't get updated and Ethereal doesn't respond to user input until a
packet arrives.

Furthermore, Linux isn't the only OS that lacks any read timeout
on its packet capture mechanism; the others will also have that problem.

We therefore do the "select()" on *all* platforms other than the BSDs
(where the timer starts when the read is done, and can be used for
polling); I don't know whether it's necessary on Digital UNIX, but I
suspect it's necessary on SunOS 4.x (as the 5.x "bufmod" is probably
derived from the 4.x one, and the 5.x one, as per the above, starts the
timer when a packet arrives), and it may even be necessary on 3.x, those
(BSD, SunOS including 5.x, and Digital UNIX) apparently being the only
UNIXes that appear to have such a read timeout.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2790 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAlways put the packet type in the Info column.
guy [Thu, 28 Dec 2000 00:44:49 +0000 (00:44 +0000)]
Always put the packet type in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2789 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf the capture child process exits unexpectedly, give more information
guy [Wed, 27 Dec 2000 22:35:48 +0000 (22:35 +0000)]
If the capture child process exits unexpectedly, give more information
on it, such as the exit status if it exited "normally" but unexpectedly.

On UNIX systems, #define the various POSIX <sys/wait.h> macros (and the
non-POSIX WCOREDUMP()" macro) if they're not defined by <sys/wait.h> (or
if we don't have <sys/wait.h>), and use them to dissect the exit status.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2788 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoTvbuffify the RIP and OSPF dissectors.
guy [Wed, 27 Dec 2000 12:48:27 +0000 (12:48 +0000)]
Tvbuffify the RIP and OSPF dissectors.

Change them to use facilities in Ethereal that were probably not present
when they were originally written, e.g. routines to fetch 24-bit
integers and to dump a bunch of raw bytes in hex.

Redo them to extract data from the packet as they dissect it, rather
than extracting an entire data structure at once; that way, it may be
able to dissect a structure not all of which is in the packet.

Dissect a bit more of the type-of-service metrics etc. in OSPF packets.

Make "tvb_length_remaining()" return a "gint", not a "guint"; it returns
-1 if the offset is past the end of the tvbuff.

Add a "tvb_reported_length_remaining()" routine, similar to
"tvb_length_remaining()".  Use it instead of just subtracting an offset
from "tvb_reported_length()".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2787 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGet rid of extra blanks in strings.
guy [Wed, 27 Dec 2000 12:38:08 +0000 (12:38 +0000)]
Get rid of extra blanks in strings.

"tvb_length_remaining()" will return -1 if the offset argument is past
the end of the tvbuff; check for values > 0, not values != 0, when
checking to see if there's extra garbage at the end of the packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2786 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoadded KRB-ERROR response dissection
nneul [Tue, 26 Dec 2000 16:44:43 +0000 (16:44 +0000)]
added KRB-ERROR response dissection

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2785 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoadd tethereal_static
nneul [Tue, 26 Dec 2000 16:44:16 +0000 (16:44 +0000)]
add tethereal_static

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2784 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a new "tvb_strsize()" routine, which finds the size of a
guy [Mon, 25 Dec 2000 23:48:16 +0000 (23:48 +0000)]
Add a new "tvb_strsize()" routine, which finds the size of a
NUL-terminated string, starting at a given offset.  The size includes
the terminating NUL.  If it doesn't find the terminating NUL, it throws
the appropriate exception, as either there's no terminating NUL in the
packet or there is but it's past the end of the captured data in the

Use that routine in the TFTP dissector.  As it throws an exception if
the string isn't NUL-terminated, we can just use "%s" to print option
strings; we don't need to use "%.*s" with a string length.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2783 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPreferences shouldn't supposed to have blanks in their names - it can
guy [Mon, 25 Dec 2000 09:37:35 +0000 (09:37 +0000)]
Preferences shouldn't supposed to have blanks in their names - it can
make it a bit of a pain to set their values on the command line (you
have to quote the name).  Use underscores instead.

Give the gateway and callagent port preferences different names.

Fix up the text descriptions and labels for those preferences.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2782 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIf a PrincipalName has at least one name-string, put the first of the
guy [Mon, 25 Dec 2000 06:59:33 +0000 (06:59 +0000)]
If a PrincipalName has at least one name-string, put the first of the
name strings into the top-level tree item for the PrincipalName, along
the lines of what was done earlier.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2781 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agobgp route refresh/MP capability option.
itojun [Mon, 25 Dec 2000 05:28:40 +0000 (05:28 +0000)]
bgp route refresh/MP capability option.
Greg Hankins <gregh@twoguys.org>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2780 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdded kerberos name types and lookup in PrincName dissect
nneul [Sun, 24 Dec 2000 22:00:55 +0000 (22:00 +0000)]
Added kerberos name types and lookup in PrincName dissect
Cipher: to CipherText:
ETYPE to ENCTYPE to agree with krb5 headers
Added additional preauth types

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2779 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a "tftp_strnlen()" routine that
guy [Sun, 24 Dec 2000 20:33:04 +0000 (20:33 +0000)]
Add a "tftp_strnlen()" routine that

1) checks to make sure that the terminating '\0' is found in the
   string, and throws a BoundsError exception if it isn't (TFTP
   packets should fit in a single frame, so if the '\0' isn't
   found, that's an error);

2) adds 1 to the length to include the trailing '\0';

and use it to find all string lengths, so that we properly handle short
or malformed frames.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2778 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRename "asn1_octet_string_value_decode()" to
guy [Sun, 24 Dec 2000 09:10:12 +0000 (09:10 +0000)]
Rename "asn1_octet_string_value_decode()" to
"asn1_string_value_decode()", as it can be used for various character
string types as well.

Turn "asn1_octet_string_decode()" into "asn1_string_decode()", which
takes an additional argument giving the tag expected for the string in
question, and make "asn1_octet_string_decode()" a wrapper around it.

Clean up the ASN.1 dissection in the Kerberos dissector, making more use
of the code in "asn1.c", wrapping more operations up in macros, and
doing some more type checking.

Use "REP" rather than "RESP" in names and strings; "REP" is what the
Kerberos spec uses.

Make the routines in the Kerberos dissector not used outside that
dissector static.

Fix some problems with the dissection of strings in the Kerberos
dissector (it was extracting the data from the wrong place in the

In Kerberos V5, the "kvno" item in the EncryptedData type is optional;
treat it as such.

Treat integers as unsigned in the Kerberos dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2777 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoReport the holding time of a CLNP packet, in seconds, as seconds plus
guy [Sat, 23 Dec 2000 23:06:50 +0000 (23:06 +0000)]
Report the holding time of a CLNP packet, in seconds, as seconds plus
fractions of a second (the resolution is 1/2 second).

In the bitfield breakdown of the flags/type field of a CLNP PDU, report
the PDU type as a name rather than as an abbreviation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2776 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoShow the type/flags byte of a CLNP PDU with a subtree dissecting the
guy [Sat, 23 Dec 2000 21:40:22 +0000 (21:40 +0000)]
Show the type/flags byte of a CLNP PDU with a subtree dissecting the

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2775 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoOn Linux, try to open the "any" device and, if we can open it, add it to
guy [Sat, 23 Dec 2000 19:50:36 +0000 (19:50 +0000)]
On Linux, try to open the "any" device and, if we can open it, add it to
the end of the list of interfaces on which you can capture.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2774 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDissect the payload of a CLNP ER packet as a CLNP packet, so you know
guy [Sat, 23 Dec 2000 19:34:46 +0000 (19:34 +0000)]
Dissect the payload of a CLNP ER packet as a CLNP packet, so you know
what the offending packet was.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2773 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd support for the DLT_LINUX_SLL capture type in the current CVS
guy [Sat, 23 Dec 2000 08:06:16 +0000 (08:06 +0000)]
Add support for the DLT_LINUX_SLL capture type in the current CVS
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support

The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2772 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agofix '#endif FRED' to '#endif /* FRED */'
nneul [Fri, 22 Dec 2000 22:26:19 +0000 (22:26 +0000)]
fix '#endif FRED' to '#endif /* FRED */'

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2771 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoadded a couple of msg types - in particular - ERROR response
nneul [Fri, 22 Dec 2000 21:43:53 +0000 (21:43 +0000)]
added a couple of msg types - in particular - ERROR response

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2770 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoadded tethereal_static target
nneul [Fri, 22 Dec 2000 15:55:36 +0000 (15:55 +0000)]
added tethereal_static target

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2769 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoEnable FT_BYTES dfiltering, from Ed Warnicke.
gram [Fri, 22 Dec 2000 12:05:38 +0000 (12:05 +0000)]
Enable FT_BYTES dfiltering, from Ed Warnicke.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2768 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoBug fixes from Ed Warnicke.
gram [Wed, 20 Dec 2000 05:45:27 +0000 (05:45 +0000)]
Bug fixes from Ed Warnicke.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2767 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCall CHECK_DISPLAY_AS_DATA() for proto_ftp_data as well.
gram [Tue, 19 Dec 2000 02:57:49 +0000 (02:57 +0000)]
Call CHECK_DISPLAY_AS_DATA() for proto_ftp_data as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2766 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoX.25 over TCP support, from Paul Ionescu.
guy [Sun, 17 Dec 2000 07:38:14 +0000 (07:38 +0000)]
X.25 over TCP support, from Paul Ionescu.

Also, update his e-mail address.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2765 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPatches to prevent problems under Windows when time formats are negative.
sharpe [Sun, 17 Dec 2000 03:48:44 +0000 (03:48 +0000)]
Patches to prevent problems under Windows when time formats are negative.

Make sure that if _gtime is null, a bad format message returned.

Also noticed that I am going to have to do something about Unicode strings soon and the SMBopenX dissect is slightly wrong ... Oh well, it is the Xmas break soon :-) No rest for the Wicca'd (please don't interpret that as a statement of my religious affiliation, it is just a cute saying :-)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2764 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMatch Selected works better with FT_STRING variables.
gram [Fri, 15 Dec 2000 13:53:11 +0000 (13:53 +0000)]
Match Selected works better with FT_STRING variables.
From Ed Warnicke <hagbard@physics.rutgers.edu>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2763 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd the relative time to the frame tree, at the request of Manfred Young.
gerald [Fri, 15 Dec 2000 03:30:21 +0000 (03:30 +0000)]
Add the relative time to the frame tree, at the request of Manfred Young.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2762 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCheck the checksum on GRE packets, if possible and if the Checksum
guy [Fri, 15 Dec 2000 00:03:09 +0000 (00:03 +0000)]
Check the checksum on GRE packets, if possible and if the Checksum
Present flag is set.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2761 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCheck the checksum on OSPF packets, if possible.
guy [Thu, 14 Dec 2000 22:23:15 +0000 (22:23 +0000)]
Check the checksum on OSPF packets, if possible.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2760 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoCheck the checksum on ICMPv6 packets, if possible.
guy [Thu, 14 Dec 2000 21:45:12 +0000 (21:45 +0000)]
Check the checksum on ICMPv6 packets, if possible.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2759 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix a typo in a comment.
guy [Thu, 14 Dec 2000 21:44:01 +0000 (21:44 +0000)]
Fix a typo in a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2758 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSet the "fragmented" field of the "packet_info" structure based on
guy [Thu, 14 Dec 2000 18:56:22 +0000 (18:56 +0000)]
Set the "fragmented" field of the "packet_info" structure based on
whether the packet has any fragmentation headers or not.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2757 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoInclude winsock.h on windows so that htons will be defined.
gram [Thu, 14 Dec 2000 17:51:51 +0000 (17:51 +0000)]
Include winsock.h on windows so that htons will be defined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2756 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMobile IPv6 support, from Martti Kuparinen.
guy [Thu, 14 Dec 2000 08:35:08 +0000 (08:35 +0000)]
Mobile IPv6 support, from Martti Kuparinen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2755 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPPP patches from Burke Lau to:
guy [Thu, 14 Dec 2000 08:20:31 +0000 (08:20 +0000)]
PPP patches from Burke Lau to:

add FCS checking;

support Cisco HDLC format in the PPP dissector;

handle MPLS-over-PPP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2754 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdded support for Router-Alert IP option (RFC2113)
ashokn [Wed, 13 Dec 2000 16:38:20 +0000 (16:38 +0000)]
Added support for Router-Alert IP option (RFC2113)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2753 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't check the checksum of ICMP datagrams that are fragmented
guy [Wed, 13 Dec 2000 02:43:32 +0000 (02:43 +0000)]
Don't check the checksum of ICMP datagrams that are fragmented
(unlikely, perhaps even forbidden, but not impossible).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2752 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd code to check the checksums of TCP segments and UDP datagrams;
guy [Wed, 13 Dec 2000 02:24:23 +0000 (02:24 +0000)]
Add code to check the checksums of TCP segments and UDP datagrams;
replace the existing checksummer with a modified version of the BSD
checksumming code.  Add a flag to the "packet_info" structure to
indicate that a packet is the first fragment of a fragmented datagram,
so that the checksummers won't try to checksum those.

(It doesn't seem to add a lot of CPU overhead, so we don't introduce a
flag to disable it, yet.  Further checks may be necessary to see whether
the overhead is just swamped by other overheads when scanning through a
capture dissecting all frames, or if it truly is negligible.)

Make the Boolean preference option controlling whether to make the
top-level protocol tree item for TCP display a packet summary static to
the TCP dissector (it doesn't need to be accessible outside the TCP

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2751 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoprint message ID in isakmp header
itojun [Tue, 12 Dec 2000 09:57:05 +0000 (09:57 +0000)]
print message ID in isakmp header

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2750 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoremove incorrect bound check. the check can fail on legal packet, at the
itojun [Tue, 12 Dec 2000 08:25:37 +0000 (08:25 +0000)]
remove incorrect bound check.  the check can fail on legal packet, at the
very end of the packet.  may need to revisit.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2749 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix for pppdump buffer-overflow check.
gram [Sat, 9 Dec 2000 03:02:43 +0000 (03:02 +0000)]
Fix for pppdump buffer-overflow check.
From Daniel Thompson <daniel.thompson@st.com>

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2748 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoWhen printing an address mask in hex, zero-pad it, don't blank-pad it.
guy [Fri, 8 Dec 2000 22:53:08 +0000 (22:53 +0000)]
When printing an address mask in hex, zero-pad it, don't blank-pad it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2747 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoBreak out the bits in the NBIPX "connection control" field.
guy [Wed, 6 Dec 2000 04:19:44 +0000 (04:19 +0000)]
Break out the bits in the NBIPX "connection control" field.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2746 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix egregious error with AF_ types. I relied on a Linux header file rather
sharpe [Mon, 4 Dec 2000 13:40:11 +0000 (13:40 +0000)]
Fix egregious error with AF_ types. I relied on a Linux header file rather
than checking RFC1700.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2745 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd a "col_clear()" routine, to clear a column; it appears (and it
guy [Mon, 4 Dec 2000 06:37:46 +0000 (06:37 +0000)]
Add a "col_clear()" routine, to clear a column; it appears (and it
doesn't just seem to be a profiling artifact) that, at least on FreeBSD
3.4, it's significantly more efficient to clear out a column by stuffing
a '\0' into the first byte of the column data than to do so by copying a
null string (I guess when copying one byte, the fixed overhead of the
procedure call and of "strcpy()" is significant).

Have the TCP dissector set the Protocol column, and clear the Info
column, before doing anything that might cause an exception to be
thrown, so that if we *do* get an exception thrown, the frame at least
shows up as TCP.

Instead of, in the TCP dissector, constructing a string and then
stuffing it into the Info column, just append to the Info column, which
avoids one string copy.

Pass a "frame_data" pointer to dissectors for TCP and IP (and PPP)
options, so they can use it to append to the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2744 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDon't loop infinitely if we see a Host Address or unknown Forwarding
guy [Mon, 4 Dec 2000 06:05:49 +0000 (06:05 +0000)]
Don't loop infinitely if we see a Host Address or unknown Forwarding
Equivalence Class.

Set "pinfo->current_proto", so that if we run past the end of the data
the problem is noted as being with LDP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2743 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoUpdate a comment.
guy [Sun, 3 Dec 2000 22:53:09 +0000 (22:53 +0000)]
Update a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2742 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDeclare "proto_malformed" in "packet-frame.h", as "packet-frame.c"
guy [Sun, 3 Dec 2000 22:32:10 +0000 (22:32 +0000)]
Declare "proto_malformed" in "packet-frame.h", as "packet-frame.c"
exports it.

Make the pointer that points to the GMemChunk for per-frame data static
to "epan/packet.c", as it's not used outside "epan/packet.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2741 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoNothing in "packet.c" uses the global "cfile", so there's no need to
guy [Sun, 3 Dec 2000 22:26:26 +0000 (22:26 +0000)]
Nothing in "packet.c" uses the global "cfile", so there's no need to
declare it there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2740 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPull the code to set the fields in the "cfile.cinfo" structure into a
guy [Sun, 3 Dec 2000 22:12:21 +0000 (22:12 +0000)]
Pull the code to set the fields in the "cfile.cinfo" structure into a
common routine to initialize a "column_info()" structure, shared by
Ethereal and Tethereal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2739 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoPut the "-s" flag into the usage message for editcap.
guy [Sun, 3 Dec 2000 21:11:05 +0000 (21:11 +0000)]
Put the "-s" flag into the usage message for editcap.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2738 f5534014-38df-0310-8fa8-9805f1628bb7

19 years ago"dissect_ppp()" isn't called directly from outside of "packet-ppp.c", so
guy [Sun, 3 Dec 2000 09:59:49 +0000 (09:59 +0000)]
"dissect_ppp()" isn't called directly from outside of "packet-ppp.c", so
make it static.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2737 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd the standard "CHECK_DISPLAY_AS_DATA()" call.
guy [Sun, 3 Dec 2000 09:47:18 +0000 (09:47 +0000)]
Add the standard "CHECK_DISPLAY_AS_DATA()" call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2736 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoRegister "dissect_nbipx()", and have the IPX dissector look up its
guy [Sun, 3 Dec 2000 09:18:20 +0000 (09:18 +0000)]
Register "dissect_nbipx()", and have the IPX dissector look up its
handle and call it through the handle.  Make it static; this renders
"packet-nbipx.h" unnecessary.

Get rid of the "tvb_compat()" call in the IPX dissector - it calls all
dissectors through handles or lookup tables, and thus any
backwards-compatibility stuff is done by the code in libethereal.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2735 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoStealing time again to compulsively code this beast.
sharpe [Sun, 3 Dec 2000 02:37:56 +0000 (02:37 +0000)]
Stealing time again to compulsively code this beast.

Still more TLVs to code ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2734 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoDissect Common Hello Params TLV ...
sharpe [Sat, 2 Dec 2000 14:23:04 +0000 (14:23 +0000)]
Dissect Common Hello Params TLV ...

Still more work to do though ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2733 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoAdd the relevant "CHECK_DISPLAY_AS_DATA()" call.
guy [Sat, 2 Dec 2000 09:09:25 +0000 (09:09 +0000)]
Add the relevant "CHECK_DISPLAY_AS_DATA()" call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2732 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoThe second argument to "proto_register_protocol()" is a name to be used
guy [Sat, 2 Dec 2000 08:56:40 +0000 (08:56 +0000)]
The second argument to "proto_register_protocol()" is a name to be used
in filters, and should be all-lower-case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2731 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSome tvbuffified dissectors weren't setting "pinfo->current_proto", so
guy [Sat, 2 Dec 2000 08:41:08 +0000 (08:41 +0000)]
Some tvbuffified dissectors weren't setting "pinfo->current_proto", so
that if they threw an exception, the wrong protocol would be blamed.
Add the missing assignments.

Clean up the extraction of the null-encapsulation header.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2730 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoClean up the handling of MIME headers.
guy [Sat, 2 Dec 2000 06:05:29 +0000 (06:05 +0000)]
Clean up the handling of MIME headers.

Handle the Content-Length: MIME header, so that, if there's a
Content-Length: header, we only process as RTSP payload the amount of
data specified by that header.

Handle frames with more than one RTSP message in them (the previous
change allows us to do so).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2729 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoComment out some unused variables.
gram [Fri, 1 Dec 2000 15:12:25 +0000 (15:12 +0000)]
Comment out some unused variables.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2728 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix one small type WRT Forwarding Equivalence Classes and handle the
sharpe [Fri, 1 Dec 2000 09:40:12 +0000 (09:40 +0000)]
Fix one small type WRT Forwarding Equivalence Classes and handle the
illegal padding by trying to skip it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2727 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoA much more complete LDP dissector.
sharpe [Fri, 1 Dec 2000 09:05:46 +0000 (09:05 +0000)]
A much more complete LDP dissector.

Still more work to do though, as I want to dissect the various message
types correctly, and to dissect TLVs much more as well.

The dissector currently handles multiple messages in a PDU, as the trace
file I have has some of those.

I think that the equipment that generated the LDP trace I have has a bug.

It seems to think that TLVs must be alligned on 4-byte boundaries, while the
spec (draft) says that there are no alignment requirements :-)

Don't know what generated the trace :-)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2726 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoNFS V4 support, from Mike Frisch.
guy [Fri, 1 Dec 2000 00:38:20 +0000 (00:38 +0000)]
NFS V4 support, from Mike Frisch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2725 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoStep-wise improvement on this thing ... next to dissect each message type
sharpe [Thu, 30 Nov 2000 20:27:40 +0000 (20:27 +0000)]
Step-wise improvement on this thing ... next to dissect each message type
more fully.

Apparently, LDP allows multiple messages per PDU. Has anyone seen such an

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2724 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoSmall code optimization to make it possible to compile on ReliantUNIX.
girlich [Thu, 30 Nov 2000 14:09:14 +0000 (14:09 +0000)]
Small code optimization to make it possible to compile on ReliantUNIX.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2723 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoFix up the handling of type/length fields in ATMARP.
guy [Thu, 30 Nov 2000 10:42:50 +0000 (10:42 +0000)]
Fix up the handling of type/length fields in ATMARP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2722 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoGVRP dissector, from Kevin Shi.
guy [Thu, 30 Nov 2000 09:31:52 +0000 (09:31 +0000)]
GVRP dissector, from Kevin Shi.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2721 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoMore work in progress on the Label Distribution Protocol dissector ...
sharpe [Thu, 30 Nov 2000 06:24:53 +0000 (06:24 +0000)]
More work in progress on the Label Distribution Protocol dissector ...

Bit more work to do, and a list of TLV values, and I am away :-)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2720 f5534014-38df-0310-8fa8-9805f1628bb7

19 years agoIn "tvb_find_guint8()" and "tvb_pbrk_guint8()", correctly set the limit
guy [Thu, 30 Nov 2000 06:11:32 +0000 (06:11 +0000)]
In "tvb_find_guint8()" and "tvb_pbrk_guint8()", correctly set the limit
of the search if the caller-supplied limit goes past the end of the
tvbuff - the limit should just be what remains in the tvbuff after the
specified starting offset.

In "tvb_find_line_end_unquoted()", after searching for the next
interesting character, check the value we got back from that search, in
"char_offset", not whatever happens to be in "cur_offset", to see if we
found a character.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@2719 f5534014-38df-0310-8fa8-9805f1628bb7