| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
all, not just before the third time you use it....
svn path=/trunk/; revision=613
|
| |
|
|
|
|
|
| |
Use "pletohs()" and "pletohl()" to access 16-bit and 32-bit fields in
the file and packet headers, as those fields are little-endian.
svn path=/trunk/; revision=612
|
| |
|
|
|
|
|
| |
their existence is checked), some FT_BOOLEAN-related functions in dfilter.c
are no longer called. So I removed them.
svn path=/trunk/; revision=611
|
| |
|
|
| |
svn path=/trunk/; revision=610
|
| |
|
|
| |
svn path=/trunk/; revision=609
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a protocol occurs only once in a packet. Because of encapsulation (IP within
IP), a protocol can occur more than once. I don't have a packet trace
showing such a packet, but the code should handle it now. The one thing
that it cannot do, though, is differentiate the levels. It might be
nice to say:
ip{1}.src == 192.168.1.1 && ipx{2}.dst == 10.0.0.1
In the dfilter grammar I had left IPXNET variables out of the list
of variables that could be checked for existence. Now you can check
for the existence of ipx.srcnet and ipx.dstnet. Hurrah.
svn path=/trunk/; revision=608
|
| |
|
|
|
|
|
| |
Remove debugging statements from colors.c.
Add blurb about Match Selected and Colorization to man page.
svn path=/trunk/; revision=607
|
| |
|
|
| |
svn path=/trunk/; revision=606
|
| |
|
|
| |
svn path=/trunk/; revision=605
|
| |
|
|
|
|
|
|
|
|
| |
that the only options that contain *no* length byte are the IP and TCP
EOL and NOP options so that we can treat unknown options as
VARIABLE_LENGTH with a minimum of 2, and at least be able to move on to
the next option by using the length in the option, rather than just
reporting the unknown option and processing no options after it.
svn path=/trunk/; revision=604
|
| |
|
|
|
|
|
|
|
| |
is pointed to by 'row_list_end', otherwise use 'g_list_nth()'" stuff
inside a macro.
Use that macro in place of an additional "g_list_nth()" call.
svn path=/trunk/; revision=603
|
| |
|
|
|
|
|
|
|
| |
filters by checking whether the structure pointed to by "cf->colors" has
a non-zero "num_of_filters", not a non-null "color_filters" (the latter
points to the CList widget holding the list of filters, and may be
non-null even if there currently aren't any filters).
svn path=/trunk/; revision=602
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of option code, one octet of length (which includes the two option code
and length bytes), followed by 0 or more octets of option data, with
some options being fixed-length and some being variable-length. Put
some stuff from the PPP control protocol option parsing code into the
IP-and-TCP option parsing code, and use the latter instead of the
former.
(That code might also be usable for CDP as well, with some stuff added
to it.)
Shuffle the arguments to "dissect_ip_tcp_options()" to resemble those of
various other dissectors (i.e., with the "proto_tree *" at the end).
Add in code to dissect a pile of PPP options documented in various RFCs.
svn path=/trunk/; revision=601
|
| |
|
|
|
|
| |
one byte in the hexdump.
svn path=/trunk/; revision=600
|
| |
|
|
|
|
| |
the IP layer, leaving the lower layer's abbreviation in the protocol column.
svn path=/trunk/; revision=599
|
| |
|
|
| |
svn path=/trunk/; revision=598
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the progress bar up to 100 times, as we get another percent closer to
completion. That reduces the number of times we run the GTK+ main loop;
that main loop may do a "select()" or "poll()" or FIONREAD "ioctl" to
check for input from the X server, adding to the CPU overhead of reading
a file.
The packet filtering progress bar is already updated in a similar
fashion; make it also do up to 100 updates.
svn path=/trunk/; revision=597
|
| |
|
|
|
|
|
|
|
| |
read, and maintain it ourselves as we read through the file, rather than
calling "ftell()" for every packet we read - "ftell()" may involve an
"lseek()" call, which could add a noticeable CPU overhead when reading a
large file.
svn path=/trunk/; revision=596
|
| |
|
|
| |
svn path=/trunk/; revision=595
|
| |
|
|
| |
svn path=/trunk/; revision=594
|
| |
|
|
|
|
| |
optimized gtkclist until Guy's changes appear in the offical GTK+.
svn path=/trunk/; revision=593
|
| |
|
|
|
|
| |
bits and is definitely not 32 bits on some platforms).
svn path=/trunk/; revision=592
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
is true. The test for truth now becomes a test for existence. The dfilter
grammar no longer recognizes 'true' and 'false', since you can now check
a boolean field via:
tr.sr
or by its negation:
!tr.sr
svn path=/trunk/; revision=591
|
| |
|
|
| |
svn path=/trunk/; revision=590
|
| |
|
|
|
|
|
|
| |
TR packets that are seen on Linux 2.0 boxes (viewing your own packets
before they get to the wire). Thanks to Tom Gallagher <Tom.Gallagher@madge.com>
for providing the patch.
svn path=/trunk/; revision=589
|
| |
|
|
| |
svn path=/trunk/; revision=588
|
| |
|
|
|
|
| |
strings....) Thanks to Tom Gallagher at Madge for pointing this out.
svn path=/trunk/; revision=587
|
| |
|
|
| |
svn path=/trunk/; revision=586
|
| |
|
|
| |
svn path=/trunk/; revision=585
|
| |
|
|
|
|
|
| |
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).
svn path=/trunk/; revision=584
|
| |
|
|
|
|
|
|
| |
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
| |
|
|
| |
svn path=/trunk/; revision=581
|
| |
|
|
|
|
|
|
| |
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.
svn path=/trunk/; revision=580
|
| |
|
|
|
|
|
|
|
| |
to be just "fd->cap_len - offset", but it's now "pi.captured_len - offset",
which means that, for a protocol built atop TCP, like LPD, it'll take
into account the fact that the IP (and thus TCP) data in the packet may
end before the end of the frame.
svn path=/trunk/; revision=579
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add in the Identification and Time Remaining codes for LCP.
Add in a pile of other LCP options, albeit without anything more than
names for now.
Don't say "1 bytes", say "1 byte".
Don't use "dissect_data()" to dissect part of a *CP packet, and don't
dissect opaque data if there're zero bytes of it.
svn path=/trunk/; revision=578
|
| |
|
|
|
|
|
|
|
|
| |
Have a common routine to parse both LCP and IPCP, as IPCP is based on
LCP.
Have only one "value_string" array of PPP protocol types, with all the
types we know about.
svn path=/trunk/; revision=577
|
| |
|
|
|
|
|
|
| |
"dissect_payload_ppp()"; put it into a common routine, called by both
(which means we now dissect LCP and IPCP in PPP requests even if they
aren't inside PPPOE or GRE packets).
svn path=/trunk/; revision=576
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that it can pop up a message box; have it do so.
Make the "Can't open file" message boxes in "colors.c" include the
"errno" error message in the message they put up.
Don't complain about being unable to open the color filter file if it
doesn't exist (perhaps the user just never made one).
Make the message for a failure to open the preferences file resemble
that for a failure to open a color filter file.
svn path=/trunk/; revision=575
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetBIOS Datagram Service in NBTland; a capture Gilbert sent had a pile
of those packets containing what looked like SMB browser announcements,
which are sent out as broadcast datagrams. Label them as such, and
treat them as such.
Might packet type 2 be the equivalent of the NetBIOS Session Service -
both of them contain SMBs, but the former is a connection-oriented
service (LLC I frames, presumably, in NBF, and TCP in NBT), and the
latter is a datagram-oriented service (LLC UI frames, presumably, in
NBF, and UDP in NBT)? For now, we leave type 2 as "SMB (over NBIPX)",
but we might want to label it as "NetBIOS session" or whatever the
appropriate term is.
svn path=/trunk/; revision=574
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=573
|
| |
|
|
|
|
|
| |
them with "proto_tree_add_item()" rather than "proto_tree_add_text()"
when adding them to the subtree for a TLV item.
svn path=/trunk/; revision=572
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=571
|
| |
|
|
| |
svn path=/trunk/; revision=570
|
| |
|
|
| |
svn path=/trunk/; revision=569
|
| |
|
|
|
|
|
|
|
|
| |
Fixed the default case in the packet-cdp while() statement to look for
non-zero offsets. I should fix the other cases where offset += length.
Meanwhile, however, I added cdp.tlv.type and cdp.tlv.len as two filterable
fields so that one can use "cdp.tlv.len == 0" as a display filter to
find the packet that was causing problems.
svn path=/trunk/; revision=568
|
| |
|
|
|
|
|
|
|
| |
routine, it's what we use elsewhere in Ethereal, all modern UNIXes have
it, and it's declared in <string.h>, unlike "index()" which isn't
necessarily declared there (and thus we get GCC warnings about "index()"
being undeclared).
svn path=/trunk/; revision=567
|
| |
|
|
| |
svn path=/trunk/; revision=566
|
| |
|
|
| |
svn path=/trunk/; revision=565
|
| |
|
|
| |
svn path=/trunk/; revision=564
|
