18 years agoInstead of saying the "manuf" file is in "/usr/local/etc/manuf", say
guy [Thu, 11 Oct 2001 01:21:50 +0000 (01:21 +0000)]
Instead of saying the "manuf" file is in "/usr/local/etc/manuf", say
it's in the "etc" subdirectory of the installation directory on UNIX and
in the installation directory on Windows, and give the typical pathnames
of both of those directories.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4014 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoInstall the "manuf" file.
guy [Thu, 11 Oct 2001 01:04:19 +0000 (01:04 +0000)]
Install the "manuf" file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4013 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoadd a couple of socket numbers that seem to be consistently allocated for these services
nneul [Mon, 8 Oct 2001 18:20:01 +0000 (18:20 +0000)]
add a couple of socket numbers that seem to be consistently allocated for these services

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4012 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAs UCP is atop TCP, its dissector isn't called unless there's at least
guy [Mon, 8 Oct 2001 17:42:18 +0000 (17:42 +0000)]
As UCP is atop TCP, its dissector isn't called unless there's at least
one byte in the tvbuff being handed to it, so the check I added for the
existence of that byte is unnecessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4011 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRemove the check I added to see whether the length of the packet, based
guy [Mon, 8 Oct 2001 17:37:52 +0000 (17:37 +0000)]
Remove the check I added to see whether the length of the packet, based
on the location of the UCB_ETX, is greater than the length of the tvbuff
- that can never happen, as the UCB_ETX is, as it was found, definitely
inside the tvbuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4010 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUCP support, from Tom Uijldert.
guy [Mon, 8 Oct 2001 17:30:23 +0000 (17:30 +0000)]
UCP support, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4009 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agomore packet types and fix some incorrect offsets and sizes in other packets
nneul [Mon, 8 Oct 2001 14:32:06 +0000 (14:32 +0000)]
more packet types and fix some incorrect offsets and sizes in other packets

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4008 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer: explain in the "LWP isn't installed" message where you
guy [Sun, 7 Oct 2001 22:19:14 +0000 (22:19 +0000)]
From Joerg Mayer: explain in the "LWP isn't installed" message where you
can get LWP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4007 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer: a patch to add 00:40:96 as an OUI for Aironet wireless
guy [Sun, 7 Oct 2001 09:27:57 +0000 (09:27 +0000)]
From Joerg Mayer: a patch to add 00:40:96 as an OUI for Aironet wireless
devices (which are now Cisco wireless devices, as Cisco bought Aironet).

This overrides the out-of-date assignment of 00:40:96 to Telesystems SLW
in the cavebear.com file (Telesystems SLW were bought by Telxon, who
then apparently spun off their RF division, plus Telesystems, as

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4006 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix to show FN_PROFILE_WARNING14, rather than FN_PROFILE_WARNING, as
guy [Sun, 7 Oct 2001 08:49:46 +0000 (08:49 +0000)]
Fix to show FN_PROFILE_WARNING14, rather than FN_PROFILE_WARNING, as
"Profile-Warning (encoding 1.4)".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4005 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Georg von Zezschwitz:
guy [Sun, 7 Oct 2001 08:37:29 +0000 (08:37 +0000)]
From Georg von Zezschwitz:

  - A bug related to "WSP header pages" is fixed, that
    resulted into "malformed WSP frame" alerts
  - "Concatenated PDUs" (Multiple PDUs within one UDP
    packet) are now supported (used e.g. by Nokia 8310)
  - The URL of WSP GET/POST requests is display in the
    info column, same like HTTP GET requests

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4004 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agocorrect subtrees for redirect/refuse, alter how data packets are processed, bitfield...
nneul [Sat, 6 Oct 2001 17:58:56 +0000 (17:58 +0000)]
correct subtrees for redirect/refuse, alter how data packets are processed, bitfield'ize the data flag

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4003 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse separate items for accept/etc data fields
nneul [Sat, 6 Oct 2001 16:48:00 +0000 (16:48 +0000)]
Use separate items for accept/etc data fields
Add support for redirect and refuse packets (however, I don't have
examples of content for these.)
Change some variable names to match the routines they are in.
Make sure to insert boolean for each packet type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4002 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agobreak out fields of accept packet, only print connect data if it is actually present
nneul [Sat, 6 Oct 2001 15:45:38 +0000 (15:45 +0000)]
break out fields of accept packet, only print connect data if it is actually present

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4001 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoexpand out all fields in connect packet
nneul [Sat, 6 Oct 2001 15:27:47 +0000 (15:27 +0000)]
expand out all fields in connect packet

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4000 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agomore packet types - starting work on more complete dissection of tns
nneul [Sat, 6 Oct 2001 14:24:36 +0000 (14:24 +0000)]
more packet types - starting work on more complete dissection of tns

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3999 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdate from Todd Sabin to the data representation decoding:
guy [Fri, 5 Oct 2001 20:25:41 +0000 (20:25 +0000)]
Update from Todd Sabin to the data representation decoding:

Fixes a typo in the offset used for the floating point byte
(offset should be offset+1), changes cn_drep* to just drep*
(since it's the same for connection oriented and connectionless
packets), and adds the corresponding code to the connectionless
side of things.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3998 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDecode the mailslot payload as data in some additional cases where we
guy [Thu, 4 Oct 2001 23:19:01 +0000 (23:19 +0000)]
Decode the mailslot payload as data in some additional cases where we
didn't dissect it as some other protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3997 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIf the body of a mailslot message isn't decoded as anything we know
guy [Thu, 4 Oct 2001 23:06:49 +0000 (23:06 +0000)]
If the body of a mailslot message isn't decoded as anything we know
about, dump it as data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3996 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Motonori Shindo: have CVS ignore some files generated by Win32
guy [Thu, 4 Oct 2001 21:08:11 +0000 (21:08 +0000)]
From Motonori Shindo: have CVS ignore some files generated by Win32

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3995 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Motonori Shindo:
guy [Thu, 4 Oct 2001 08:52:38 +0000 (08:52 +0000)]
From Motonori Shindo:

Use hex notation in strings for ISO 8859-1 characters as keysym

Fix one error in the table of keysym names.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3994 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse longs as file offsets, so that on platforms with 64-bit "long" we
guy [Thu, 4 Oct 2001 08:30:36 +0000 (08:30 +0000)]
Use longs as file offsets, so that on platforms with 64-bit "long" we
can handle capture files bigger than 2GB.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3993 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAvoid using non-ASCII characters in labels in the protocol tree - some
guy [Thu, 4 Oct 2001 00:30:23 +0000 (00:30 +0000)]
Avoid using non-ASCII characters in labels in the protocol tree - some
compilers may not interpret them as the ISO 8859/1 characters they're
intended to be, and the GUI toolkit or other software through which the
text passes might not interpret them as such, either.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3992 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAttribute the packet-x11-keysym.h fixes properly.
sharpe [Wed, 3 Oct 2001 15:15:34 +0000 (15:15 +0000)]
Attribute the packet-x11-keysym.h fixes properly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3991 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoApply Monotori Shindo's fixes for X11 double byte chars ...
sharpe [Wed, 3 Oct 2001 15:13:24 +0000 (15:13 +0000)]
Apply Monotori Shindo's fixes for X11 double byte chars ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3990 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix Monotori Shindo's attributions. I screwed up before ...
sharpe [Mon, 1 Oct 2001 08:58:36 +0000 (08:58 +0000)]
Fix Monotori Shindo's attributions. I screwed up before ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3989 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMerge the two AUTHORS entries for Motonori Shindo.
guy [Mon, 1 Oct 2001 08:51:31 +0000 (08:51 +0000)]
Merge the two AUTHORS entries for Motonori Shindo.

Fix a typo in the AUTHORS entry for Pasi Eronen, and add him to the list
of authors in the man page.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3988 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDamn the torpedos[1], commit it anyway.
sharpe [Mon, 1 Oct 2001 08:47:50 +0000 (08:47 +0000)]
Damn the torpedos[1], commit it anyway.

Who said that? I think I know ... F...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3987 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoHave a flag in the "packet_info" structure, which indicates whether the
guy [Mon, 1 Oct 2001 08:29:37 +0000 (08:29 +0000)]
Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet).  Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.

Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that.  (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)

Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3986 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake several of the fields in the SMB header filterable.
guy [Sun, 30 Sep 2001 23:36:46 +0000 (23:36 +0000)]
Make several of the fields in the SMB header filterable.

Get rid of the "unknown-0xXX" entries in the "value_string" table for
SMB command codes - they make it much more painful to select one of them
in the filter-editing dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3985 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe length of an NBSS message can be bigger than 64K, so make the
guy [Sun, 30 Sep 2001 23:14:43 +0000 (23:14 +0000)]
The length of an NBSS message can be bigger than 64K, so make the
variable that holds it an "int" rather than a "guint16".

Further strengthen the heuristics the NBSS dissector uses to distinguish
NBSS messages from continuations of NBSS messages.

If an frame contains an NBSS continuation, put the protocol tree item
for the continuation data under an NBSS protocol tree item.

Have the TCP dissector supply information to subdissectors via a "struct
tcpinfo" pointed to by "pinfo->private"; move the urgent pointer value
from a global variable into that structure, and add a Boolean flag that
indicates whether the data it's handing to a subdissector is reassembled
data or not.

Make the NBSS dissector check for continuations only in non-reassembled

Fix the computation, in the TCP dissector, of the offset into the tvbuff
handed to the subdissector of the first byte of stuff that needs further
reassembly, and fix the computation of the sequence number corresponding
to that byte.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3984 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"packet-ipv6.c" doesn't need anything from "packet-tcp.h" or
guy [Sun, 30 Sep 2001 23:07:12 +0000 (23:07 +0000)]
"packet-ipv6.c" doesn't need anything from "packet-tcp.h" or
"packet-udp.h", so it shouldn't #include them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3983 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFor requests and responses for unknown interfaces, put an entry into the
guy [Sun, 30 Sep 2001 21:56:24 +0000 (21:56 +0000)]
For requests and responses for unknown interfaces, put an entry into the
DCE RPC protocol tree for the stub data.

Use the counts of context items and transfer syntax items when
dissecting a bind or alter context PDU.

In bind and alter context PDUs, create the conversation, attach the
context ID and interface to it, and put the interface information into
the Info column as soon as the first context item is dissected, so that
if we get an exception after that, we've still processed the context ID
and interface information.

Use the count of results when dissecting a bind ack PDU.

In bind ack PDUs, dissect the transfer syntax and syntax version fields,
and put the opnum and context ID information into the Info column as
soon as it's dissected.

When dissecting a connection-oriented request or response, don't make
the tvbuff the full fragment length if we don't have that much data in
the frame being dissected.  (We should do TCP reassembly there,

In connection-oriented response PDUs, put the opnum and context ID
information into the Info column as soon as it's dissected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3982 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoPasi Eronen's attribution ...
sharpe [Sun, 30 Sep 2001 13:50:14 +0000 (13:50 +0000)]
Pasi Eronen's attribution ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3981 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoCommitting Pasi Eronen's patches to dcerpc.
sharpe [Sun, 30 Sep 2001 13:48:20 +0000 (13:48 +0000)]
Committing Pasi Eronen's patches to dcerpc.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3980 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoCommitting Montonori Shindo's patched to ppp for chap support.
sharpe [Sun, 30 Sep 2001 13:30:51 +0000 (13:30 +0000)]
Committing Montonori Shindo's patched to ppp for chap support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3979 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoCommit Montori Shindo's small patch.
sharpe [Sun, 30 Sep 2001 13:23:20 +0000 (13:23 +0000)]
Commit Montori Shindo's small patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3978 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the item for NetBIOS only as long as the NetBIOS header, so that it
guy [Sat, 29 Sep 2001 20:32:29 +0000 (20:32 +0000)]
Make the item for NetBIOS only as long as the NetBIOS header, so that it
doesn't cover the payload.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3977 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe Wiretapped.net mirror is OK again (it was a problem with the
guy [Sat, 29 Sep 2001 19:56:08 +0000 (19:56 +0000)]
The Wiretapped.net mirror is OK again (it was a problem with the
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3976 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe Wiretapped.net mirror is OK again (it was a problem with the
guy [Sat, 29 Sep 2001 19:31:31 +0000 (19:31 +0000)]
The Wiretapped.net mirror is OK again (it was a problem with the
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3975 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse tvbuff routines to extract data from the SMB header.
guy [Sat, 29 Sep 2001 01:44:09 +0000 (01:44 +0000)]
Use tvbuff routines to extract data from the SMB header.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3974 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoStart the process of tvbuffifying the SMB dissector - give it a
guy [Sat, 29 Sep 2001 01:19:01 +0000 (01:19 +0000)]
Start the process of tvbuffifying the SMB dissector - give it a
tvbuffified heuristic-dissector interface, but have it immediately turn
its arguments into an old-style buffer pointer and offset.

Register the SMB dissector as a heuristic NetBIOS dissector, and have
"dissect_netbios_payload()" just try the heuristics, as it no longer has
to call the SMB dissector explicitly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3973 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoHave "dissect_netbios_payload()" take as an argument a tvbuff containing
guy [Sat, 29 Sep 2001 00:57:36 +0000 (00:57 +0000)]
Have "dissect_netbios_payload()" take as an argument a tvbuff containing
only the NetBIOS payload, and have the NBSS dissector construct tvbuffs
of that sort (i.e., stop at the end of the NBSS session message, not at
the end of the data handed to the NBSS dissector).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3972 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRe-strengthen the check for NBSS continuations, to avoid, for example,
guy [Sat, 29 Sep 2001 00:00:26 +0000 (00:00 +0000)]
Re-strengthen the check for NBSS continuations, to avoid, for example,
session messages with a zero byte count.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3971 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix indentation.
guy [Fri, 28 Sep 2001 23:34:03 +0000 (23:34 +0000)]
Fix indentation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3970 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Todd Sabin: dissect the auth info in connection oriented dcerpc
guy [Fri, 28 Sep 2001 22:43:57 +0000 (22:43 +0000)]
From Todd Sabin: dissect the auth info in connection oriented dcerpc

Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors.  Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead.  Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.

From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3969 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoPush-traffic dissecting for WSP/WTLS, from Tom Uijldert.
guy [Fri, 28 Sep 2001 18:59:30 +0000 (18:59 +0000)]
Push-traffic dissecting for WSP/WTLS, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3968 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdditional Ascend codes, and IETF codes, for Radius, from Graeme Hewson.
guy [Fri, 28 Sep 2001 18:50:19 +0000 (18:50 +0000)]
Additional Ascend codes, and IETF codes, for Radius, from Graeme Hewson.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3967 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoWordCount is unsigned, so test for "WordCount != 0" rather than
guy [Fri, 28 Sep 2001 08:39:59 +0000 (08:39 +0000)]
WordCount is unsigned, so test for "WordCount != 0" rather than
"WordCount > 0".

Always put the byte count field into the protocol tree, regardless of
whether WordCount is 0 - it's not one of the word parameters counted by
WordCount, so it's present even if WordCount is 0.

Fix a "val_to_str()" call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3966 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoBase decisions on whether to dump the word parameters on the word count
guy [Fri, 28 Sep 2001 08:01:22 +0000 (08:01 +0000)]
Base decisions on whether to dump the word parameters on the word count
value being non-zero, not on whether the error code is zero.  Don't
bother passing the error code to dissectors for particular SMBs, as they
don't need to use it.

In "get_unicode_or_ascii_string()", when aligning to an even boundary,
align to an even boundary in the SMB message, not in the packet as a
whole - there's no guarantee that there are an even number of bytes in
the frame before the SMB message.

In the Info column, mark the packet as a request or response based on
the request/response bit in the Flags field, not on the matched port -
for NBIPX, the source and destination ports (IPX sockets) may be the
same, so you may not be able to determine whether it's a request or a
response based on that.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3965 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoSigh. The wiretapped.net site appears to have an old version of
guy [Fri, 28 Sep 2001 07:50:48 +0000 (07:50 +0000)]
Sigh.  The wiretapped.net site appears to have an old version of
WinPcap's installer (it dates back to May, meaning it may be a beta of
2.2 or may even be 2.1), so don't suggest that people go there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3964 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoWe have our own internal versions of "gzgets()" and "gzgetc()", so we
guy [Fri, 28 Sep 2001 05:41:45 +0000 (05:41 +0000)]
We have our own internal versions of "gzgets()" and "gzgetc()", so we
don't need to check whether zlib has them.  We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3963 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd support for NT error codes.
guy [Thu, 27 Sep 2001 22:48:46 +0000 (22:48 +0000)]
Add support for NT error codes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3962 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoHandle interim Transact2 responses correctly.
guy [Thu, 27 Sep 2001 22:33:44 +0000 (22:33 +0000)]
Handle interim Transact2 responses correctly.

Mark interim responses as such in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3961 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoWhen dissecting an ICMP datagram that contains part of an IP datagram,
guy [Thu, 27 Sep 2001 10:35:40 +0000 (10:35 +0000)]
When dissecting an ICMP datagram that contains part of an IP datagram,
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.

When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3960 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIf the amount of available data in a UDP packet is less than the length,
guy [Thu, 27 Sep 2001 10:19:14 +0000 (10:19 +0000)]
If the amount of available data in a UDP packet is less than the length,
as reported in the header, don't checksum the packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3959 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse the right #define for the length of the CC.NEW TCP option.
guy [Thu, 27 Sep 2001 10:10:08 +0000 (10:10 +0000)]
Use the right #define for the length of the CC.NEW TCP option.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3958 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoShow Boolean flags as Booleans.
guy [Thu, 27 Sep 2001 10:01:07 +0000 (10:01 +0000)]
Show Boolean flags as Booleans.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3957 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago2.1 isn't the current version of WinPcap; don't say what the current
guy [Wed, 26 Sep 2001 21:22:02 +0000 (21:22 +0000)]
2.1 isn't the current version of WinPcap; don't say what the current
version is, as that's subject to change - just speak of the "latest
non-beta version".

Mention the mirrors for WinPcap and WinDump.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3956 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the message popped up if you try to do a capture on a Win32 machine
guy [Wed, 26 Sep 2001 20:02:36 +0000 (20:02 +0000)]
Make the message popped up if you try to do a capture on a Win32 machine
when wpcap.dll couldn't be loaded more detailed, in the hopes that it'll
reduce the chances that somebody will see that message and not know what
to do.  Also, mention the Wiretapped.net mirror of the WinPcap site, as
the WinPcap site is all-too-often down due to networking glitches.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3955 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMMSE support, from Tom Uijldert.
guy [Tue, 25 Sep 2001 21:32:41 +0000 (21:32 +0000)]
MMSE support, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3954 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIf "snprintf()" can't print all the data because there's not enough
guy [Tue, 25 Sep 2001 18:27:35 +0000 (18:27 +0000)]
If "snprintf()" can't print all the data because there's not enough
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.

It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does

n += snprintf (buf + n, BUF_LENGTH - n, ...);

may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.

The "capabilitiesStart" variable in "add_capabilities()" in the WSP
dissector is an offset into the PDU data; there's no guarantee that said
offet is < 256, and, even if there were, there's no point in making it
an 8-bit variable.

Add some additional buffer overflow checks to the WSP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3953 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIf "snprintf()" can't print all the data because there's not enough
guy [Tue, 25 Sep 2001 02:21:15 +0000 (02:21 +0000)]
If "snprintf()" can't print all the data because there's not enough
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.

It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does

n += snprintf (buf + n, BUF_LENGTH - n, ...);

may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3952 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe data in a tagged field can be up to 255 bytes (the length is an
guy [Tue, 25 Sep 2001 00:34:24 +0000 (00:34 +0000)]
The data in a tagged field can be up to 255 bytes (the length is an
8-bit value), and the raw data of an SSID parameter is the
interpretation, so the buffer into which we put the interpretation must
be at least 256 bytes long; it's an array of size SHORT_STR, so boost
SHORT_STR to 256.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3951 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoExplain what the LLC header vs. no LLC header stuff in the ATM on Linux
guy [Sun, 23 Sep 2001 23:10:30 +0000 (23:10 +0000)]
Explain what the LLC header vs. no LLC header stuff in the ATM on Linux
tcpdump patch is all about, and note that a future version of libpcap
may render it irrelevant.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3950 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdate the URL for ATM-on-Linux.
guy [Sun, 23 Sep 2001 21:55:21 +0000 (21:55 +0000)]
Update the URL for ATM-on-Linux.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3949 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRemoved the dependency on gzgetc and gzgets by implementing internal
ashokn [Thu, 20 Sep 2001 16:36:45 +0000 (16:36 +0000)]
Removed the dependency on gzgetc and gzgets by implementing internal
versions of these commands in file_wrappers.c. This allows us to
compile successfully even on platforms where X has an older zlib built

Removed this restriction from acinclude.m4

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3948 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"value_string" arrays must end with a terminator entry.
guy [Thu, 20 Sep 2001 02:26:03 +0000 (02:26 +0000)]
"value_string" arrays must end with a terminator entry.

If "get_hex_uint()" supplies a "next_offset" equal to the offset fed
into it, it found no hex digits; don't put the value into the tree if
that's the case.

If "get_unquoted_string()" or "get_quoted_string()" returns NULL, the
string separator/terminator wasn't found; don't put the value into the
tree if that's the case.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3947 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdates from Michal Melerowicz:
guy [Wed, 19 Sep 2001 06:08:36 +0000 (06:08 +0000)]
Updates from Michal Melerowicz:

1. simplified and shorter names
2. fixed problem with filtering (consequence of 1st point)
3. added more charging tickets

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3946 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDistribute the make-manuf and manuf.tmpl files in the source tarball.
gram [Tue, 18 Sep 2001 21:29:56 +0000 (21:29 +0000)]
Distribute the make-manuf and manuf.tmpl files in the source tarball.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3945 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix from Andy Hood, to remove a bogus extra line.
guy [Mon, 17 Sep 2001 23:35:22 +0000 (23:35 +0000)]
Fix from Andy Hood, to remove a bogus extra line.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3944 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd support for desegmentation of DNS messages.
guy [Mon, 17 Sep 2001 02:07:00 +0000 (02:07 +0000)]
Add support for desegmentation of DNS messages.

Make the default for NBSS and ONC RPC-over-TCP desegmentation "on",
rather than "off"; the default for desegmentation in general is "off",
so this won't change the default behavior, but it lets you turn
desegmentation on by flipping only one switch (and turn it off for
particular protocols if you desire).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3943 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd "idl2eth" to the list of files for CVS to ignore; it's now a
guy [Mon, 17 Sep 2001 00:37:04 +0000 (00:37 +0000)]
Add "idl2eth" to the list of files for CVS to ignore; it's now a
generated file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3942 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix the handling of DNS-over-TCP.
guy [Mon, 17 Sep 2001 00:36:04 +0000 (00:36 +0000)]
Fix the handling of DNS-over-TCP.

Rename the "cap_len" argument to "dissect_dns_common()" to "msg_len", as
it's just the length of the DNS message being dissected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3941 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGenerate "idl2eth" from "idl2eth.sh", filling in the pathname for the
guy [Sat, 15 Sep 2001 23:01:12 +0000 (23:01 +0000)]
Generate "idl2eth" from "idl2eth.sh", filling in the pathname for the
shell.  (This also arranges that the source to "idl2eth" - which is now
"idl2eth.sh" - not be deleted by "make clean").

Add "doc/idl2eth.pod" to the list of files in a source tarball.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3940 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoTo check whether something is a directory, call "test_for_directory()"
guy [Fri, 14 Sep 2001 09:27:35 +0000 (09:27 +0000)]
To check whether something is a directory, call "test_for_directory()"
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3939 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoTimes in NFS done as FT_ABSOLUTE_TIME and FT_RELATIVE_TIME fields, from
guy [Fri, 14 Sep 2001 08:22:29 +0000 (08:22 +0000)]
Times in NFS done as FT_ABSOLUTE_TIME and FT_RELATIVE_TIME fields, from
Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3938 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the resolution for time values be nanoseconds rather than
guy [Fri, 14 Sep 2001 07:33:04 +0000 (07:33 +0000)]
Make the resolution for time values be nanoseconds rather than

Fix some "signed vs. unsigned" comparison warnings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3937 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of no-longer-necessary includes of <sys/time.h>.
guy [Fri, 14 Sep 2001 07:23:34 +0000 (07:23 +0000)]
Get rid of no-longer-necessary includes of <sys/time.h>.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3936 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the resolution for time values be nanoseconds rather than
guy [Fri, 14 Sep 2001 07:16:42 +0000 (07:16 +0000)]
Make the resolution for time values be nanoseconds rather than

Fix some "signed vs. unsigned" comparison warnings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3935 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the resolution for time values be nanoseconds rather than
guy [Fri, 14 Sep 2001 07:10:13 +0000 (07:10 +0000)]
Make the resolution for time values be nanoseconds rather than

Fix some "signed vs. unsigned" comparison warnings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3934 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"stat" is the status in an NLM reply; "state" is the lock manager state
guy [Fri, 14 Sep 2001 06:48:30 +0000 (06:48 +0000)]
"stat" is the status in an NLM reply; "state" is the lock manager state
sent over the wire in a lock request.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3933 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoSquelch a signed vs. unsigned comparison complaint.
guy [Fri, 14 Sep 2001 06:34:36 +0000 (06:34 +0000)]
Squelch a signed vs. unsigned comparison complaint.

Display the command in decimal, not hex, as that's how it's specified in
the RFCs for RIP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3932 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of a trailing blank.
guy [Fri, 14 Sep 2001 06:30:42 +0000 (06:30 +0000)]
Get rid of a trailing blank.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3931 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoSupport for dissecting multiple capabilities, from Endoh Akira.
guy [Thu, 13 Sep 2001 22:06:55 +0000 (22:06 +0000)]
Support for dissecting multiple capabilities, from Endoh Akira.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3930 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoSquelch a "signed vs. unsigned comparison" warning (which warned of a
guy [Thu, 13 Sep 2001 20:42:13 +0000 (20:42 +0000)]
Squelch a "signed vs. unsigned comparison" warning (which warned of a
real problem, if "byte_span" were 0 - that would only happen if
"bitoffset" and "bitlength" were both 0, and "bitlength" should never be

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3929 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFixes to the OSPFv3 dissector, from Palle Lyckegaard.
guy [Thu, 13 Sep 2001 20:27:24 +0000 (20:27 +0000)]
Fixes to the OSPFv3 dissector, from Palle Lyckegaard.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3928 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake the filter name for the status monitor callback "statnotify", to
guy [Thu, 13 Sep 2001 08:14:45 +0000 (08:14 +0000)]
Make the filter name for the status monitor callback "statnotify", to
match the name in the filterable fields; make the short name "STAT-CB"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3927 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay filters for RIP protocol fields, from Ronnie Sahlberg.
guy [Thu, 13 Sep 2001 08:10:53 +0000 (08:10 +0000)]
Display filters for RIP protocol fields, from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3926 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay filters for XoT protocol fields, from Ronnie Sahlberg.
guy [Thu, 13 Sep 2001 08:05:26 +0000 (08:05 +0000)]
Display filters for XoT protocol fields, from Ronnie Sahlberg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3925 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoNLM fix, and change of status monitor callback protocol name to use "_"
guy [Thu, 13 Sep 2001 08:02:11 +0000 (08:02 +0000)]
NLM fix, and change of status monitor callback protocol name to use "_"
rather than "-" ("-" upsets the display filter parser), from Ronnie

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3924 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoTCP desegmentation support, and changes to the ONC RPC and NBSS
guy [Thu, 13 Sep 2001 07:56:53 +0000 (07:56 +0000)]
TCP desegmentation support, and changes to the ONC RPC and NBSS
dissectors to use it, from Ronnie Sahlberg, with additional changes to
handle the case where a frame contains messages that don't run past the
end followed by one that does and where a reassembled chunk has, at the
end, a message that runs past the end of that chunk (because the
reassembly was for an earlier message).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3923 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoClean up the previous checkin a bit - there's no need to have
guy [Wed, 12 Sep 2001 08:46:39 +0000 (08:46 +0000)]
Clean up the previous checkin a bit - there's no need to have
"dissect_rpc_common()" check, every time it's about to return FALSE,
whether it's being used as a heuristic dissector and, if not, call
"dissect_rpc_continuation()" - we can just have the non-heuristic
dissector call it and, if it returned FALSE, call

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3922 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoWhen establishing or searching for a conversation for ONC RPC, use both
guy [Wed, 12 Sep 2001 08:13:33 +0000 (08:13 +0000)]
When establishing or searching for a conversation for ONC RPC, use both
source and destination addresses if the transport is TCP (we use that,
for now, as a proxy for "if the transport is connection-oriented"), as
the endpoint addresses should be the same for all packets.

Have both a heuristic RPC dissector and a non-heuristic version, and
make the non-heuristic version the dissector for the conversations we
create; that version will, if the frame doesn't look like a call or
reply, mark it as continuation data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3921 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix from Tom Uijldert: scan TPI's to get proper WTP packet length and
guy [Tue, 11 Sep 2001 14:36:33 +0000 (14:36 +0000)]
Fix from Tom Uijldert: scan TPI's to get proper WTP packet length and
correct start of WSP-data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3920 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGTPv1 support and GTPv0 improvements, from Michal Melerowicz and Nicolas
guy [Tue, 11 Sep 2001 08:14:39 +0000 (08:14 +0000)]
GTPv1 support and GTPv0 improvements, from Michal Melerowicz and Nicolas

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3919 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix some bugs (and some indentation).
guy [Tue, 11 Sep 2001 06:38:57 +0000 (06:38 +0000)]
Fix some bugs (and some indentation).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3918 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe byte count field in an SMB Write request counts not only the data
guy [Tue, 11 Sep 2001 05:31:45 +0000 (05:31 +0000)]
The byte count field in an SMB Write request counts not only the data
being written, but the 2 bytes of data length and one byte of buffer
type preceding that data; use the data length (which doesn't count
itself or the buffer type byte), rather than the byte count, to
determine how much data is being written.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3917 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Frank Singleton: install idl2eth in "/usr/local/bin".
guy [Mon, 10 Sep 2001 22:06:33 +0000 (22:06 +0000)]
From Frank Singleton: install idl2eth in "/usr/local/bin".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3916 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMan page update, from Frank Singleton, to mention
guy [Mon, 10 Sep 2001 21:59:57 +0000 (21:59 +0000)]
Man page update, from Frank Singleton, to mention

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3915 f5534014-38df-0310-8fa8-9805f1628bb7