| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Fix a typo in the AUTHORS entry for Pasi Eronen, and add him to the list
of authors in the man page.
svn path=/trunk/; revision=3988
|
| |
|
|
|
|
| |
Who said that? I think I know ... F...
svn path=/trunk/; revision=3987
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.
Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)
Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.
svn path=/trunk/; revision=3986
|
| |
|
|
|
|
|
|
| |
Get rid of the "unknown-0xXX" entries in the "value_string" table for
SMB command codes - they make it much more painful to select one of them
in the filter-editing dialog box.
svn path=/trunk/; revision=3985
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
variable that holds it an "int" rather than a "guint16".
Further strengthen the heuristics the NBSS dissector uses to distinguish
NBSS messages from continuations of NBSS messages.
If an frame contains an NBSS continuation, put the protocol tree item
for the continuation data under an NBSS protocol tree item.
Have the TCP dissector supply information to subdissectors via a "struct
tcpinfo" pointed to by "pinfo->private"; move the urgent pointer value
from a global variable into that structure, and add a Boolean flag that
indicates whether the data it's handing to a subdissector is reassembled
data or not.
Make the NBSS dissector check for continuations only in non-reassembled
data.
Fix the computation, in the TCP dissector, of the offset into the tvbuff
handed to the subdissector of the first byte of stuff that needs further
reassembly, and fix the computation of the sequence number corresponding
to that byte.
svn path=/trunk/; revision=3984
|
| |
|
|
|
|
| |
"packet-udp.h", so it shouldn't #include them.
svn path=/trunk/; revision=3983
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DCE RPC protocol tree for the stub data.
Use the counts of context items and transfer syntax items when
dissecting a bind or alter context PDU.
In bind and alter context PDUs, create the conversation, attach the
context ID and interface to it, and put the interface information into
the Info column as soon as the first context item is dissected, so that
if we get an exception after that, we've still processed the context ID
and interface information.
Use the count of results when dissecting a bind ack PDU.
In bind ack PDUs, dissect the transfer syntax and syntax version fields,
and put the opnum and context ID information into the Info column as
soon as it's dissected.
When dissecting a connection-oriented request or response, don't make
the tvbuff the full fragment length if we don't have that much data in
the frame being dissected. (We should do TCP reassembly there,
eventually.)
In connection-oriented response PDUs, put the opnum and context ID
information into the Info column as soon as it's dissected.
svn path=/trunk/; revision=3982
|
| |
|
|
| |
svn path=/trunk/; revision=3981
|
| |
|
|
| |
svn path=/trunk/; revision=3980
|
| |
|
|
| |
svn path=/trunk/; revision=3979
|
| |
|
|
| |
svn path=/trunk/; revision=3978
|
| |
|
|
|
|
| |
doesn't cover the payload.
svn path=/trunk/; revision=3977
|
| |
|
|
|
|
|
|
|
| |
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.
svn path=/trunk/; revision=3976
|
| |
|
|
|
|
|
|
|
| |
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.
svn path=/trunk/; revision=3975
|
| |
|
|
| |
svn path=/trunk/; revision=3974
|
| |
|
|
|
|
|
|
|
|
|
| |
tvbuffified heuristic-dissector interface, but have it immediately turn
its arguments into an old-style buffer pointer and offset.
Register the SMB dissector as a heuristic NetBIOS dissector, and have
"dissect_netbios_payload()" just try the heuristics, as it no longer has
to call the SMB dissector explicitly.
svn path=/trunk/; revision=3973
|
| |
|
|
|
|
|
|
| |
only the NetBIOS payload, and have the NBSS dissector construct tvbuffs
of that sort (i.e., stop at the end of the NBSS session message, not at
the end of the data handed to the NBSS dissector).
svn path=/trunk/; revision=3972
|
| |
|
|
|
|
| |
session messages with a zero byte count.
svn path=/trunk/; revision=3971
|
| |
|
|
| |
svn path=/trunk/; revision=3970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packets.
Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors. Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead. Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.
From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.
svn path=/trunk/; revision=3969
|
| |
|
|
| |
svn path=/trunk/; revision=3968
|
| |
|
|
| |
svn path=/trunk/; revision=3967
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"WordCount > 0".
Always put the byte count field into the protocol tree, regardless of
whether WordCount is 0 - it's not one of the word parameters counted by
WordCount, so it's present even if WordCount is 0.
Fix a "val_to_str()" call.
svn path=/trunk/; revision=3966
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
value being non-zero, not on whether the error code is zero. Don't
bother passing the error code to dissectors for particular SMBs, as they
don't need to use it.
In "get_unicode_or_ascii_string()", when aligning to an even boundary,
align to an even boundary in the SMB message, not in the packet as a
whole - there's no guarantee that there are an even number of bytes in
the frame before the SMB message.
In the Info column, mark the packet as a request or response based on
the request/response bit in the Flags field, not on the matched port -
for NBIPX, the source and destination ports (IPX sockets) may be the
same, so you may not be able to determine whether it's a request or a
response based on that.
svn path=/trunk/; revision=3965
|
| |
|
|
|
|
|
| |
WinPcap's installer (it dates back to May, meaning it may be a beta of
2.2 or may even be 2.1), so don't suggest that people go there.
svn path=/trunk/; revision=3964
|
| |
|
|
|
|
|
| |
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.
svn path=/trunk/; revision=3963
|
| |
|
|
| |
svn path=/trunk/; revision=3962
|
| |
|
|
|
|
| |
Mark interim responses as such in the Info column.
svn path=/trunk/; revision=3961
|
| |
|
|
|
|
|
|
|
|
|
| |
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.
When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.
svn path=/trunk/; revision=3960
|
| |
|
|
|
|
| |
as reported in the header, don't checksum the packet.
svn path=/trunk/; revision=3959
|
| |
|
|
| |
svn path=/trunk/; revision=3958
|
| |
|
|
| |
svn path=/trunk/; revision=3957
|
| |
|
|
|
|
|
|
|
| |
version is, as that's subject to change - just speak of the "latest
non-beta version".
Mention the mirrors for WinPcap and WinDump.
svn path=/trunk/; revision=3956
|
| |
|
|
|
|
|
|
|
| |
when wpcap.dll couldn't be loaded more detailed, in the hopes that it'll
reduce the chances that somebody will see that message and not know what
to do. Also, mention the Wiretapped.net mirror of the WinPcap site, as
the WinPcap site is all-too-often down due to networking glitches.
svn path=/trunk/; revision=3955
|
| |
|
|
| |
svn path=/trunk/; revision=3954
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.
It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does
n += snprintf (buf + n, BUF_LENGTH - n, ...);
may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.
The "capabilitiesStart" variable in "add_capabilities()" in the WSP
dissector is an offset into the PDU data; there's no guarantee that said
offet is < 256, and, even if there were, there's no point in making it
an 8-bit variable.
Add some additional buffer overflow checks to the WSP dissector.
svn path=/trunk/; revision=3953
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.
It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does
n += snprintf (buf + n, BUF_LENGTH - n, ...);
may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.
svn path=/trunk/; revision=3952
|
| |
|
|
|
|
|
|
|
| |
8-bit value), and the raw data of an SSID parameter is the
interpretation, so the buffer into which we put the interpretation must
be at least 256 bytes long; it's an array of size SHORT_STR, so boost
SHORT_STR to 256.
svn path=/trunk/; revision=3951
|
| |
|
|
|
|
|
| |
tcpdump patch is all about, and note that a future version of libpcap
may render it irrelevant.
svn path=/trunk/; revision=3950
|
| |
|
|
| |
svn path=/trunk/; revision=3949
|
| |
|
|
|
|
|
|
|
|
| |
versions of these commands in file_wrappers.c. This allows us to
compile successfully even on platforms where X has an older zlib built
in.
Removed this restriction from acinclude.m4
svn path=/trunk/; revision=3948
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If "get_hex_uint()" supplies a "next_offset" equal to the offset fed
into it, it found no hex digits; don't put the value into the tree if
that's the case.
If "get_unquoted_string()" or "get_quoted_string()" returns NULL, the
string separator/terminator wasn't found; don't put the value into the
tree if that's the case.
svn path=/trunk/; revision=3947
|
| |
|
|
|
|
|
|
| |
1. simplified and shorter names
2. fixed problem with filtering (consequence of 1st point)
3. added more charging tickets
svn path=/trunk/; revision=3946
|
| |
|
|
| |
svn path=/trunk/; revision=3945
|
| |
|
|
| |
svn path=/trunk/; revision=3944
|
| |
|
|
|
|
|
|
|
|
| |
Make the default for NBSS and ONC RPC-over-TCP desegmentation "on",
rather than "off"; the default for desegmentation in general is "off",
so this won't change the default behavior, but it lets you turn
desegmentation on by flipping only one switch (and turn it off for
particular protocols if you desire).
svn path=/trunk/; revision=3943
|
| |
|
|
|
|
| |
generated file.
svn path=/trunk/; revision=3942
|
| |
|
|
|
|
|
| |
Rename the "cap_len" argument to "dissect_dns_common()" to "msg_len", as
it's just the length of the DNS message being dissected.
svn path=/trunk/; revision=3941
|
| |
|
|
|
|
|
|
|
| |
shell. (This also arranges that the source to "idl2eth" - which is now
"idl2eth.sh" - not be deleted by "make clean").
Add "doc/idl2eth.pod" to the list of files in a source tarball.
svn path=/trunk/; revision=3940
|
| |
|
|
|
|
|
| |
on it and check whether it returned EISDIR, not whether it returns 0 -
EISDIR means it's a directory, 0 means it isn't.
svn path=/trunk/; revision=3939
|
