18 years agoFix an error in the "dcerpc_samr_dissectors[]" table.
guy [Mon, 22 Apr 2002 00:09:21 +0000 (00:09 +0000)]
Fix an error in the "dcerpc_samr_dissectors[]" table.

Rename "samr_dissect_enum_dom_alias_rqst()" and
"samr_dissect_enum_dom_alias_reply()" to
"samr_dissect_enum_dom_aliases_rqst()" and
"samr_dissect_enum_dom_aliases_reply()", to match the name of the RPC
that they dissect.

Rename the routines used to dissect the unknown 0x2f requests and replies
along the lines of the names of the routines for other unknown requests
and replies, and change the Info column information in that fashion as

Dissect the USER_INFO structure in the QueryUserInfo response.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5211 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd a hidden length fild for TCP, tcp.len. Also fixed a small type.
sharpe [Sun, 21 Apr 2002 02:57:01 +0000 (02:57 +0000)]
Add a hidden length fild for TCP, tcp.len. Also fixed a small type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5210 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoOn Windows, include "capture-wpcap.h", to define "has_wpcap".
guy [Sat, 20 Apr 2002 20:29:28 +0000 (20:29 +0000)]
On Windows, include "capture-wpcap.h", to define "has_wpcap".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5209 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoClean up white space.
guy [Sat, 20 Apr 2002 08:07:56 +0000 (08:07 +0000)]
Clean up white space.

Fix the display filter expression generated for protocol tree items
without named fields attached to them; the length defaults to 1 if not
specified in a range expression, so the length should be specified.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5208 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDissect ntstatus codes instead of uint32 for response packets.
tpot [Sat, 20 Apr 2002 07:15:19 +0000 (07:15 +0000)]
Dissect ntstatus codes instead of uint32 for response packets.

Display pretty names in COL_INFO for commonly used functions
(RequestChallenge, Auth2, SamLogon).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5207 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDon't prime the display filter unless we're re-applying it; otherwise,
guy [Sat, 20 Apr 2002 01:54:27 +0000 (01:54 +0000)]
Don't prime the display filter unless we're re-applying it; otherwise,
we aren't building a protocol tree, and we can't prime the filter
against the tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5206 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoBug fix from Frank Singleton.
guy [Fri, 19 Apr 2002 22:23:37 +0000 (22:23 +0000)]
Bug fix from Frank Singleton.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5205 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoOn Windows, don't put the capture preferences item into the
guy [Fri, 19 Apr 2002 20:49:28 +0000 (20:49 +0000)]
On Windows, don't put the capture preferences item into the
"Preferences" dialog box if we couldn't load WinPcap.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5204 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoproto_registrar_get_nth(hfinfo->id) == hfinfo, so use the latter rather
guy [Fri, 19 Apr 2002 10:03:52 +0000 (10:03 +0000)]
proto_registrar_get_nth(hfinfo->id) == hfinfo, so use the latter rather
than the former.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5203 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoInitial support for writing NetXRay 2.x (Windows Sniffer) format
guy [Thu, 18 Apr 2002 21:35:57 +0000 (21:35 +0000)]
Initial support for writing NetXRay 2.x (Windows Sniffer) format
captures, from Olivier Abad.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5202 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Phil Williams: support for looking up fields by name.
guy [Thu, 18 Apr 2002 20:19:10 +0000 (20:19 +0000)]
From Phil Williams: support for looking up fields by name.

Clean up some white space, and one non-extern declaration in

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5201 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMore LSA updates
sahlberg [Thu, 18 Apr 2002 10:40:30 +0000 (10:40 +0000)]
More LSA updates

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5200 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRemoved init routine as the dcerpc/smb init is now done in the correct
tpot [Thu, 18 Apr 2002 02:42:43 +0000 (02:42 +0000)]
Removed init routine as the dcerpc/smb init is now done in the correct

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5199 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse common policy handle hashing code in packet-dcerpc-nt.c
tpot [Thu, 18 Apr 2002 02:35:45 +0000 (02:35 +0000)]
Use common policy handle hashing code in packet-dcerpc-nt.c

Fix for lsa_open_policy request dissection.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5198 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoCatch attempts to register ett_ values after the array of "tree is
guy [Thu, 18 Apr 2002 00:50:45 +0000 (00:50 +0000)]
Catch attempts to register ett_ values after the array of "tree is
expanded" flags has been allocated.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5197 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd a "proto_register_dcerpc_smb()" which registers ett_ values for
guy [Thu, 18 Apr 2002 00:29:17 +0000 (00:29 +0000)]
Add a "proto_register_dcerpc_smb()" which registers ett_ values for
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine.  Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.

Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.

The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff.  It should also be called only once before
every capture, rather than 3 times.

The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.

This fixes a bug I saw wherein

1) the tree for Unicode strings was open by default


2) if you closed one and then exited, Ethereal would crash.

The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()".  As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.

Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".

Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5196 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agobugs found when verifying agains muddle generated idl file
sahlberg [Wed, 17 Apr 2002 15:39:27 +0000 (15:39 +0000)]
bugs found when verifying agains muddle generated idl file

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5195 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoBugfixes for LSA dissector and a small change to the security_descriptor dissector...
sahlberg [Wed, 17 Apr 2002 15:11:30 +0000 (15:11 +0000)]
Bugfixes for LSA dissector and a small change to the security_descriptor dissector in packet-smb.c  so we can call it from DCERPC NDR encoded services.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5194 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoTiny bugfix. One element was declared as of the wrong type.
sahlberg [Wed, 17 Apr 2002 13:48:56 +0000 (13:48 +0000)]
Tiny bugfix. One element was declared as of the wrong type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5193 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay rids for open user, group, alias in COL_INFO.
tpot [Wed, 17 Apr 2002 11:32:24 +0000 (11:32 +0000)]
Display rids for open user, group, alias in COL_INFO.

Give query user info its own dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5192 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoPrettification of SAMR dissector - display short names in COL_INFO.
tpot [Wed, 17 Apr 2002 11:17:43 +0000 (11:17 +0000)]
Prettification of SAMR dissector - display short names in COL_INFO.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5191 f5534014-38df-0310-8fa8-9805f1628bb7

sahlberg [Wed, 17 Apr 2002 11:01:38 +0000 (11:01 +0000)]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5190 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIn "fragment_add_seq_check()", handle short frames the same way
guy [Wed, 17 Apr 2002 10:59:58 +0000 (10:59 +0000)]
In "fragment_add_seq_check()", handle short frames the same way
regardless of whether they're the first frame we see in a reassembly or
not - put all but the last fragment into the hash table (so subsequent
frames with the same reassembly ID don't get misdissected as
unfragmented frames), return the head of the fragment list for the first
fragment and NULL for all other fragments (so the first fragment gets
dissected as a fragmented packet), and unhash the fragment head from the
reassembly hash table when we see the last fragment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5189 f5534014-38df-0310-8fa8-9805f1628bb7

sahlberg [Wed, 17 Apr 2002 10:41:05 +0000 (10:41 +0000)]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5188 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdded dissection and support functions for LSAENUMERATEPRIVILEGES
sahlberg [Wed, 17 Apr 2002 10:29:09 +0000 (10:29 +0000)]
Added dissection and support functions for LSAENUMERATEPRIVILEGES

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5187 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDon't try to reassemble short frames - but do still pass them through at
guy [Wed, 17 Apr 2002 10:07:57 +0000 (10:07 +0000)]
Don't try to reassemble short frames - but do still pass them through at
least some of the reassembly mechanism, so we can deal with both bogus
and real last fragment (display the bogus ones as unfragmented frames,
treat the real ones as fragments).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5186 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoChange the way not implemented functions are commented out so thast ethereal
sahlberg [Wed, 17 Apr 2002 09:51:11 +0000 (09:51 +0000)]
Change the way not implemented functions are commented out so thast ethereal
will still print the name of the function even if no dissector for it exists.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5185 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix up the handling of the "fragmented" flag in the "packet_info"
guy [Wed, 17 Apr 2002 09:34:09 +0000 (09:34 +0000)]
Fix up the handling of the "fragmented" flag in the "packet_info"
structure (make it match the way it's done in the IP dissector).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5184 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRemove some temporary functions from NETLOGON now that the real functions
sahlberg [Wed, 17 Apr 2002 09:32:48 +0000 (09:32 +0000)]
Remove some temporary functions from NETLOGON now that the real functions
exist in LSA.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5183 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoShow the "More Fragments" indicator as such, rather than as a "this is
guy [Wed, 17 Apr 2002 09:30:58 +0000 (09:30 +0000)]
Show the "More Fragments" indicator as such, rather than as a "this is
fragmented" vs. "this is not fragmented" indicator.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5182 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoLSA dissector updates. Adds a lot of LSA functions to the dissector.
sahlberg [Wed, 17 Apr 2002 09:24:09 +0000 (09:24 +0000)]
LSA dissector updates. Adds a lot of LSA functions to the dissector.
Also export dissect-nt-GUID() from netlogon since this structure is common to
other interfaces as well.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5181 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDon't bother with "reassembled_key" structures - just use the
guy [Wed, 17 Apr 2002 08:57:07 +0000 (08:57 +0000)]
Don't bother with "reassembled_key" structures - just use the
"frame_data" structure for the frame as the key structure, and use the
frame number in that field as the key.  (We could be even cheesier and
use the frame number as the key, with casts.)

When we move an entry from the hash table of reassemblies to the hash
table of reassembled packets, free the key structure for the first hash
table.  (This doesn't plug a leak, as they get freed when you
reinitialize the data structures, but it does reduce the memory needed
for them to the amount needed for in-progress reassemblies rather than
the amount needed for all reassemblies.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5180 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIn a ChangeHosts request, display 4-byte Internet addresses as IPv4
guy [Wed, 17 Apr 2002 08:33:09 +0000 (08:33 +0000)]
In a ChangeHosts request, display 4-byte Internet addresses as IPv4

When showing a list of keysyms, build the text representation of the
item for the list by appending keysyms to the text of the item as
dissected; this fixes a bug in the display of those keysums, and means
that we don't build a text string with the keysyms if we're not
generating the text representation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5179 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix up the offsets in the list of segments.
guy [Wed, 17 Apr 2002 08:30:17 +0000 (08:30 +0000)]
Fix up the offsets in the list of segments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5178 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd a separate hash table to the reassembly code for reassembled
guy [Wed, 17 Apr 2002 08:25:05 +0000 (08:25 +0000)]
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key.  There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing

Add a routine "fragment_add_seq_check()", which

if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;

if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;

if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.

Add reassembly support for fragmented 802.11 frames.  Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5177 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse policy handle hash code in DCERPC/SMB SAMR dissector.
tpot [Wed, 17 Apr 2002 07:52:26 +0000 (07:52 +0000)]
Use policy handle hash code in DCERPC/SMB SAMR dissector.

Start to move some common stuff into packet-dcerpc-nt.[ch]

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5176 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoRename the "frag_offset" argument of "fragment_add_seq()" to
guy [Wed, 17 Apr 2002 04:54:30 +0000 (04:54 +0000)]
Rename the "frag_offset" argument of "fragment_add_seq()" to
"frag_number", to make it clearer that it's not a byte offset but a
sequence number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5175 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Michael Tuexen: add missing support for the T-Bit in ABORT chunks.
guy [Tue, 16 Apr 2002 19:58:53 +0000 (19:58 +0000)]
From Michael Tuexen: add missing support for the T-Bit in ABORT chunks.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5174 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd support for desegmentation of X11 messages.
guy [Tue, 16 Apr 2002 09:42:31 +0000 (09:42 +0000)]
Add support for desegmentation of X11 messages.

Try to check whether the first request we see is an initial connection
request, and dissect it as such if so.

Get rid of the global "next_offset" variable.

Check for buffer overflows when building the summary item for a list
of keysyms.

Display BASE_DEC items in decimal, not hex.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5173 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix more Politecnico di Torino links.
gerald [Tue, 16 Apr 2002 03:00:54 +0000 (03:00 +0000)]
Fix more Politecnico di Torino links.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5172 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDo the standard "next entry offset" stuff in NT NOTIFY replies, so as to
guy [Tue, 16 Apr 2002 02:42:24 +0000 (02:42 +0000)]
Do the standard "next entry offset" stuff in NT NOTIFY replies, so as to

1) handle inter-entry padding;

2) quit when the "next entry offset" is 0 (that being the signal
   for the last entry).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5171 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay non-zero return codes in COL_INFO.
tpot [Tue, 16 Apr 2002 02:02:04 +0000 (02:02 +0000)]
Display non-zero return codes in COL_INFO.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5170 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Michael Tuexen:
guy [Mon, 15 Apr 2002 21:53:55 +0000 (21:53 +0000)]
From Michael Tuexen:

- support for current SCTP checksum
- fix a bug for the -S parameter
- fix a bug in the displayed output for the TSN and PPI.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5169 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoASAP support, from Michael Tuexen.
guy [Mon, 15 Apr 2002 21:47:59 +0000 (21:47 +0000)]
ASAP support, from Michael Tuexen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5168 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Jason Lango: a hack to get SDES length correct on QT packets.
guy [Mon, 15 Apr 2002 21:25:05 +0000 (21:25 +0000)]
From Jason Lango: a hack to get SDES length correct on QT packets.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5167 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Simharajan Srishylam:
guy [Mon, 15 Apr 2002 21:12:56 +0000 (21:12 +0000)]
From Simharajan Srishylam:

In capability element, length is for the value (excluding type &
len field) not for the whole element.  Results in packets not
being parsed correctly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5166 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Ronnie Sahlberg: dissect_mount_dirpath_call()
girlich [Mon, 15 Apr 2002 08:55:03 +0000 (08:55 +0000)]
From Ronnie Sahlberg: dissect_mount_dirpath_call()
The sprintf() thingy failed to properly null terminate the string thus
causing damage.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5165 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse "CLEANUP_PUSH()" and "CLEANUP_CALL_AND_POP()" to plug potential
guy [Mon, 15 Apr 2002 00:10:26 +0000 (00:10 +0000)]
Use "CLEANUP_PUSH()" and "CLEANUP_CALL_AND_POP()" to plug potential
memory leaks.

Put "Requests", not "X11 request", in the Info column for packets to the
server - we already know it's X11, and there may be more than one
request in the packet.

Put "Replies/events", not "X11 event", in the Info column for packets
from the server - we already know it's X11, and there may be more than
one message, and the messages might be replies rather than events.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5164 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer: get rid of some unused variables and arguments.
guy [Sun, 14 Apr 2002 23:22:22 +0000 (23:22 +0000)]
From Joerg Mayer: get rid of some unused variables and arguments.

Use "tvb_get_ntohs()" to fetch the checksum from a VJ compressed packet,
rather than doing the ntoh by hand.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5163 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer:
guy [Sun, 14 Apr 2002 23:04:04 +0000 (23:04 +0000)]
From Joerg Mayer:

Declares some variables static.

Creates a new include file packet-rsvp.h, and make use of it
(change some extern decls to #inlcude).

Move the file packet-pgm.h into packet-pgm.c as it is not used
by anything outside packet-pgm.c.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5162 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Didier Gautheron: make the "code" field an signed decimal number.
guy [Sun, 14 Apr 2002 22:56:02 +0000 (22:56 +0000)]
From Didier Gautheron: make the "code" field an signed decimal number.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5161 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoM2UA support, from Michael Tuexen.
guy [Sun, 14 Apr 2002 22:52:49 +0000 (22:52 +0000)]
M2UA support, from Michael Tuexen.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5160 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of another global variable.
guy [Sun, 14 Apr 2002 22:50:07 +0000 (22:50 +0000)]
Get rid of another global variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5159 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay Boolean bitfields that control whether other fields show up in a
guy [Sun, 14 Apr 2002 22:08:51 +0000 (22:08 +0000)]
Display Boolean bitfields that control whether other fields show up in a
message regardless of whether they're set or clear, so you can see not
only what flags are set, but also what flags aren't set.  (The previous
checkin only affected bitfields that don't control whether other fields
show up in a message.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5158 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDisplay Boolean bitfields regardless of whether they're set or clear, so
guy [Sun, 14 Apr 2002 21:44:48 +0000 (21:44 +0000)]
Display Boolean bitfields regardless of whether they're set or clear, so
you can see not only what flags are set, but also what flags aren't set.
Don't show reserved bits unless they're set, though.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5157 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdate wiretapped mirror links.
gerald [Sun, 14 Apr 2002 20:06:04 +0000 (20:06 +0000)]
Update wiretapped mirror links.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5156 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoChange "http://netgroup-mirror.ethereal.com/winpcap" URLs to
gerald [Sun, 14 Apr 2002 19:24:26 +0000 (19:24 +0000)]
Change "netgroup-mirror.ethereal.com/winpcap" URLs to
"http://winpcap.mirror.ethereal.com/", since that's how we're mirroring
the Politecnico di Torino sites now.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5155 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd an ett_ variable to the "ett[]" array; it was missing.
guy [Sat, 13 Apr 2002 22:34:17 +0000 (22:34 +0000)]
Add an ett_ variable to the "ett[]" array; it was missing.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5154 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdate to reflect the replacement of "--enable-zlib"/"--disable-zlib"
guy [Sat, 13 Apr 2002 22:11:06 +0000 (22:11 +0000)]
Update to reflect the replacement of "--enable-zlib"/"--disable-zlib"
with "--with-zlib"/"--without-zlib", and the added support for

Update to reflect the replacement of "--disable-snmp" with

Note "--without-pcap" is what you'd use to build on a system without

Fix some typos.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5153 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of another global variable.
guy [Sat, 13 Apr 2002 20:16:09 +0000 (20:16 +0000)]
Get rid of another global variable.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5152 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Jouni Malinen:
guy [Sat, 13 Apr 2002 18:41:47 +0000 (18:41 +0000)]
From Jouni Malinen:

Fix offset of challenge element in 802.11 dissector.
Show fragmented 802.11 frames as fragments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5151 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Michael Tuexen:
guy [Sat, 13 Apr 2002 18:36:24 +0000 (18:36 +0000)]
From Michael Tuexen:

The -S option has been changed such that the payload protocol
identifier can be specified instead of the verification tag.

The error messages for -s -S have been corrected.

Update the text2pcap man page to reflect the "-S" change.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5150 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Aamer Akhter: fix initialization of ett_slarp in CHDLC dissector.
guy [Sat, 13 Apr 2002 09:22:39 +0000 (09:22 +0000)]
From Aamer Akhter: fix initialization of ett_slarp in CHDLC dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5149 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"pinfo->pseudo_header" might be null, even for link-layer types such as
guy [Sat, 13 Apr 2002 00:02:55 +0000 (00:02 +0000)]
"pinfo->pseudo_header" might be null, even for link-layer types such as
WTAP_ENCAP_CHDLC; check whether it's null before using it.

Use FROM_DCE rather than 0x80 to check the "this is DCE->DTE" bit in

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5148 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd (untested) routines to fetch IEEE single-precision and
guy [Fri, 12 Apr 2002 23:25:24 +0000 (23:25 +0000)]
Add (untested) routines to fetch IEEE single-precision and
double-precision floating-point numbers, in big-endian and little-endian
format (hopefully there aren't any middle-endian formats; if there are,
we'll have to add them), from a tvbuff, and to return floats (for
single-precision) and doubles (for double-precision).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5147 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoBug fix from Didier Gautheron.
guy [Fri, 12 Apr 2002 01:18:47 +0000 (01:18 +0000)]
Bug fix from Didier Gautheron.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5146 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Pasi Eronen: support for the PCT record layer, and fixes for a
guy [Thu, 11 Apr 2002 09:43:22 +0000 (09:43 +0000)]
From Pasi Eronen: support for the PCT record layer, and fixes for a
couple of bugs in the TCP desegmentation routines.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5145 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer: get rid of some unused arguments, and make some
guy [Thu, 11 Apr 2002 09:38:03 +0000 (09:38 +0000)]
From Joerg Mayer: get rid of some unused arguments, and make some
routines not used outside the file in which they're defined static.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5144 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Pasi Eronen: add some items for the cipher suites for Microsoft's
guy [Thu, 11 Apr 2002 09:20:33 +0000 (09:20 +0000)]
From Pasi Eronen: add some items for the cipher suites for Microsoft's
old PCT protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5143 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Tom Uijldert: create a subtree with "proto_item_add_subtree()",
guy [Thu, 11 Apr 2002 09:10:47 +0000 (09:10 +0000)]
From Tom Uijldert: create a subtree with "proto_item_add_subtree()",
rather than just using an item as a tree.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5142 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUpdate the Win32 nmakefile to include "packet-lmp.c".
guy [Thu, 11 Apr 2002 09:01:52 +0000 (09:01 +0000)]
Update the Win32 nmakefile to include "packet-lmp.c".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5141 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDo the "follow TCP stream" stuff before calling the subdissector, so
guy [Thu, 11 Apr 2002 08:59:43 +0000 (08:59 +0000)]
Do the "follow TCP stream" stuff before calling the subdissector, so
that it gets done even if the subdissector throws an exception (and so
that, if the subdissector modifies the addresses or ports, we still hand
the right values to "reassemble_tcp()").

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5140 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd "-" (hyphen) to the pattern for field-name/non-quoted string.
gram [Thu, 11 Apr 2002 03:26:26 +0000 (03:26 +0000)]
Add "-" (hyphen) to the pattern for field-name/non-quoted string.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5139 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdded support for the Link Management Protocol (LMP), used for optical
ashokn [Wed, 10 Apr 2002 22:00:49 +0000 (22:00 +0000)]
Added support for the Link Management Protocol (LMP), used for optical
signalling and Generalized MPLS. This commit contains code for the
protocol version described in draft-ietf-ccamp-lmp-03.txt.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5138 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFixed two instances where si->sip was being not checked for NULL before
tpot [Tue, 9 Apr 2002 23:56:57 +0000 (23:56 +0000)]
Fixed two instances where si->sip was being not checked for NULL before
being dereferenced.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5137 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer: remove unused parameters.
guy [Tue, 9 Apr 2002 09:04:33 +0000 (09:04 +0000)]
From Joerg Mayer: remove unused parameters.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5136 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"dissect_frame()" is now static; don't declare it in "packet-frame.h".
guy [Tue, 9 Apr 2002 08:43:43 +0000 (08:43 +0000)]
"dissect_frame()" is now static; don't declare it in "packet-frame.h".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5135 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMove the definition of the FROM_DCE bit in the "flags" field of a
guy [Tue, 9 Apr 2002 08:15:04 +0000 (08:15 +0000)]
Move the definition of the FROM_DCE bit in the "flags" field of a
"struct x25_phdr" to "wiretap/wtap.h".

Have two X.25 dissectors, one of which assumes that there's a "struct
x25_phdr" pseudo-header and one of which doesn't; the former uses the
information in that pseudo-header to determine whether the packet is
DTE->DCE or DCE->DTE, and the latter assumes it has no clue whether the
packet is DTE->DCE or DCE->TDE.  Use the former one in the LAPB
dissector, and the latter one in the XOT dissector and in the LLC
dissector table.

In the X.25-over-TCP dissector, handle multiple X.25 packets per TCP
segment, and handle X.25 packets split across TCP segments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5134 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of the extra "Header" entry, putting the tree back the way it
guy [Tue, 9 Apr 2002 06:02:24 +0000 (06:02 +0000)]
Get rid of the extra "Header" entry, putting the tree back the way it

Get rid of variables unused as a result.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5133 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoDecode FORM_1 and FORM_REL flag values as value_strings.
tpot [Tue, 9 Apr 2002 04:41:40 +0000 (04:41 +0000)]
Decode FORM_1 and FORM_REL flag values as value_strings.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5132 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMore static-ization.
gram [Mon, 8 Apr 2002 20:30:56 +0000 (20:30 +0000)]
More static-ization.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5131 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMore static-ization. In util.c, I commented out the ASCII-to-EBCDIC
gram [Mon, 8 Apr 2002 20:23:55 +0000 (20:23 +0000)]
More static-ization. In util.c, I commented out the ASCII-to-EBCDIC
functions, until that time that we need them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5130 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoMake some variables and functions static.
gram [Mon, 8 Apr 2002 20:11:31 +0000 (20:11 +0000)]
Make some variables and functions static.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5129 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Michael Tuexen:
guy [Mon, 8 Apr 2002 19:18:11 +0000 (19:18 +0000)]
From Michael Tuexen:

- fix a bug with the LI field
- remove some out of date comments
- remove some unnecessary #includes

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5128 f5534014-38df-0310-8fa8-9805f1628bb7

18 years ago"expand_tree()" and "collapse_tree()" can be called on leaf nodes, so
guy [Mon, 8 Apr 2002 19:10:09 +0000 (19:10 +0000)]
"expand_tree()" and "collapse_tree()" can be called on leaf nodes, so
don't blow up if "finfo->tree_type" is -1, just don't expand anything.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5127 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoNote the AiroPeek support in the message for the file type.
guy [Mon, 8 Apr 2002 17:42:40 +0000 (17:42 +0000)]
Note the AiroPeek support in the message for the file type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5126 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Scott Renfro: remove unused "pinfo" arguments.
guy [Mon, 8 Apr 2002 10:05:19 +0000 (10:05 +0000)]
From Scott Renfro: remove unused "pinfo" arguments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5125 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoThe length passed into "seek_read" routines is the length supplied by
guy [Mon, 8 Apr 2002 10:01:26 +0000 (10:01 +0000)]
The length passed into "seek_read" routines is the length supplied by
the "read" routine, which means it's already had any end-of-frame
padding/FCS removed; we don't need to remove it in the "seek_read"

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5124 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoUse WTAP_ENCAP_IEEE_802_11_WITH_RADIO for AiroPeek files, rather than
guy [Mon, 8 Apr 2002 09:44:42 +0000 (09:44 +0000)]
Use WTAP_ENCAP_IEEE_802_11_WITH_RADIO for AiroPeek files, rather than
having a special encapsulation type for AiroPeek files.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5123 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoAdd an encapsulation type for "802.11 with radio information"; that type
guy [Mon, 8 Apr 2002 09:09:49 +0000 (09:09 +0000)]
Add an encapsulation type for "802.11 with radio information"; that type
returns radio information such as signal strength, channel, and data
rate in a pseudo-header.  Add that pseudo-header.

Use the "802.11 with radio information" encapsulation type for Wireless
Sniffer files; extract the radio information from where it appears to be
in the header.

Add dissector code for that encapsulation type.

Fix an error in the code to put radio information into the AiroPeek

Make the "wrapped" flag for NetXRay/Windows Sniffer captures a

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5122 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFix the transparency on each 16-color image in ethereal.ico.
gerald [Mon, 8 Apr 2002 02:18:14 +0000 (02:18 +0000)]
Fix the transparency on each 16-color image in ethereal.ico.

Add our own checkbox images to the NSIS installer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5121 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoFrom Joerg Mayer; get rid of unused arguments, and make some variables
guy [Mon, 8 Apr 2002 02:13:36 +0000 (02:13 +0000)]
From Joerg Mayer; get rid of unused arguments, and make some variables
not used outside "packet-beep.c" static.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5120 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoYes, that stuff really *does* appear to be just padding. Go figure.
guy [Mon, 8 Apr 2002 02:11:24 +0000 (02:11 +0000)]
Yes, that stuff really *does* appear to be just padding.  Go figure.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5119 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of an unused variable.
guy [Mon, 8 Apr 2002 02:02:27 +0000 (02:02 +0000)]
Get rid of an unused variable.

Don't register the PFLOG dissector by name; it's only called through the
"wtap_encap" dissector table.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5118 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoIf variables are used only if "HAVE_UCD_SNMP" is undefined, declare them
guy [Mon, 8 Apr 2002 01:55:05 +0000 (01:55 +0000)]
If variables are used only if "HAVE_UCD_SNMP" is undefined, declare them
only if "HAVE_UCD_SNMP" is undefined.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5117 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoClean up the "Use zlib library" message.
guy [Mon, 8 Apr 2002 01:39:02 +0000 (01:39 +0000)]
Clean up the "Use zlib library" message.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5116 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoReplace "--enable-zlib" with "--with-zlib", and have it take an optional
guy [Mon, 8 Apr 2002 01:34:39 +0000 (01:34 +0000)]
Replace "--enable-zlib" with "--with-zlib", and have it take an optional
"=DIR" argument to specify the directory in subdirectories of which
zlib's headers and libraries can be found.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5115 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoA devicemode contains a uint32 at the start which represents the size of
tpot [Mon, 8 Apr 2002 00:27:36 +0000 (00:27 +0000)]
A devicemode contains a uint32 at the start which represents the size of
the structure.

Fixed an off by one but in displaying the device mode in a PRINTER_INFO_2

The devicemode in a devicemode container is not a deferred pointer but
rather occurs immediately after the pointer if it is non-NULL.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5114 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of the unused hf_ value "hf_isis_hello_clv_restart".
guy [Sun, 7 Apr 2002 23:39:00 +0000 (23:39 +0000)]
Get rid of the unused hf_ value "hf_isis_hello_clv_restart".

Use the "tree_id" argument to "isis_dissect_mt_clv()" for the 2-byte MT
IDs, and arrange that the two hf_ values passed as that argument
actually be defined for protocol fields.

Fix the loop in "isis_dissect_mt_clv()" so that it actually catches an
odd byte at the end (i.e., loop until there is data at all, not until
there is 1 or fewer bytes), and put that odd byte, if it exists, into
the tree as a 1-byte text item, not a 2-byte text item.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5113 f5534014-38df-0310-8fa8-9805f1628bb7

18 years agoGet rid of unused "pinfo" arguments.
guy [Sun, 7 Apr 2002 22:36:55 +0000 (22:36 +0000)]
Get rid of unused "pinfo" arguments.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@5112 f5534014-38df-0310-8fa8-9805f1628bb7