| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
svn path=/trunk/; revision=586
|
| |
|
|
| |
svn path=/trunk/; revision=585
|
| |
|
|
|
|
|
| |
use END_OF_FRAME), so that they don't look at stuff in an IP datagram
past the end of the IP datagram (i.e., frame padding).
svn path=/trunk/; revision=584
|
| |
|
|
|
|
|
|
| |
This is set before calling dissect_packet() to let the proto_tree routines
whether or not it needs to go through the trouble of formatting strings.
The use of this dramatically decreases the number of calls to vsnprintf.
svn path=/trunk/; revision=583
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After a bad parse, instead of leaking this memory, the memory used for
those GNodes is now freed.
Added some memory-freeing "cleanup" routines for the dfilter and proto_tree
modules, which are called right before ethereal exits. Maybe once we get
a complete set of cleanup routines, we'll be able to better check if
memory is leaking.
svn path=/trunk/; revision=582
|
| |
|
|
| |
svn path=/trunk/; revision=581
|
| |
|
|
|
|
|
|
| |
filtered state. The display filter text entry widget is left in its
original state, so an ENTER can reset the packet list. The manpage has
been changed to mention this.
svn path=/trunk/; revision=580
|
| |
|
|
|
|
|
|
|
| |
to be just "fd->cap_len - offset", but it's now "pi.captured_len - offset",
which means that, for a protocol built atop TCP, like LPD, it'll take
into account the fact that the IP (and thus TCP) data in the packet may
end before the end of the frame.
svn path=/trunk/; revision=579
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add in the Identification and Time Remaining codes for LCP.
Add in a pile of other LCP options, albeit without anything more than
names for now.
Don't say "1 bytes", say "1 byte".
Don't use "dissect_data()" to dissect part of a *CP packet, and don't
dissect opaque data if there're zero bytes of it.
svn path=/trunk/; revision=578
|
| |
|
|
|
|
|
|
|
|
| |
Have a common routine to parse both LCP and IPCP, as IPCP is based on
LCP.
Have only one "value_string" array of PPP protocol types, with all the
types we know about.
svn path=/trunk/; revision=577
|
| |
|
|
|
|
|
|
| |
"dissect_payload_ppp()"; put it into a common routine, called by both
(which means we now dissect LCP and IPCP in PPP requests even if they
aren't inside PPPOE or GRE packets).
svn path=/trunk/; revision=576
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that it can pop up a message box; have it do so.
Make the "Can't open file" message boxes in "colors.c" include the
"errno" error message in the message they put up.
Don't complain about being unable to open the color filter file if it
doesn't exist (perhaps the user just never made one).
Make the message for a failure to open the preferences file resemble
that for a failure to open a color filter file.
svn path=/trunk/; revision=575
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetBIOS Datagram Service in NBTland; a capture Gilbert sent had a pile
of those packets containing what looked like SMB browser announcements,
which are sent out as broadcast datagrams. Label them as such, and
treat them as such.
Might packet type 2 be the equivalent of the NetBIOS Session Service -
both of them contain SMBs, but the former is a connection-oriented
service (LLC I frames, presumably, in NBF, and TCP in NBT), and the
latter is a datagram-oriented service (LLC UI frames, presumably, in
NBF, and UDP in NBT)? For now, we leave type 2 as "SMB (over NBIPX)",
but we might want to label it as "NetBIOS session" or whatever the
appropriate term is.
svn path=/trunk/; revision=574
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=573
|
| |
|
|
|
|
|
| |
them with "proto_tree_add_item()" rather than "proto_tree_add_text()"
when adding them to the subtree for a TLV item.
svn path=/trunk/; revision=572
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't treat the CDP header as an in-memory data structure; that might
cause problems if it's not aligned on a 2-byte boundary.
Make the type and length fields of a TLV unsigned.
Correctly check for the end of the (captured part of the) frame.
Show most TLVs as "expandable" entries, where they expand into type,
length, and data entries.
Dissect "unknown" TLVs.
svn path=/trunk/; revision=571
|
| |
|
|
| |
svn path=/trunk/; revision=570
|
| |
|
|
| |
svn path=/trunk/; revision=569
|
| |
|
|
|
|
|
|
|
|
| |
Fixed the default case in the packet-cdp while() statement to look for
non-zero offsets. I should fix the other cases where offset += length.
Meanwhile, however, I added cdp.tlv.type and cdp.tlv.len as two filterable
fields so that one can use "cdp.tlv.len == 0" as a display filter to
find the packet that was causing problems.
svn path=/trunk/; revision=568
|
| |
|
|
|
|
|
|
|
| |
routine, it's what we use elsewhere in Ethereal, all modern UNIXes have
it, and it's declared in <string.h>, unlike "index()" which isn't
necessarily declared there (and thus we get GCC warnings about "index()"
being undeclared).
svn path=/trunk/; revision=567
|
| |
|
|
| |
svn path=/trunk/; revision=566
|
| |
|
|
| |
svn path=/trunk/; revision=565
|
| |
|
|
| |
svn path=/trunk/; revision=564
|
| |
|
|
|
|
|
| |
'configure' can update the version automatically. That way we don't
have to update the spec file every time the version of ethereal changes.
svn path=/trunk/; revision=563
|
| |
|
|
|
|
| |
debug printf's in there.
svn path=/trunk/; revision=562
|
| |
|
|
|
|
| |
will get overridden in any case).
svn path=/trunk/; revision=561
|
| |
|
|
|
|
| |
get overridden in any case).
svn path=/trunk/; revision=560
|
| |
|
|
|
|
|
|
| |
and the info field an indication of whether it's Ethernet II, raw 802.3,
or (LLC-atop) 802.3 (which will be overridden by other protocols, if we
know the protocol inside the frame).
svn path=/trunk/; revision=559
|
| |
|
|
|
|
|
|
| |
In the summary display for FDDI frames, make the protocol FDDI and the
info field the description of the frame control field (which will be
overridden by other protocols, if the frame is an async LLC frame).
svn path=/trunk/; revision=558
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
|
| |
|
|
|
|
| |
Boolean indicating whether the frame has any payload to dissect or not.
svn path=/trunk/; revision=556
|
| |
|
|
|
|
|
|
| |
if the SAPs are SNAP, based on their ethertype are I frames and UI
frames; others don't have payload to be dissected as belonging to other
protocols.
svn path=/trunk/; revision=555
|
| |
|
|
|
|
| |
don't need to.
svn path=/trunk/; revision=554
|
| |
|
|
|
|
|
|
|
|
|
| |
temporary file with mode rw-------, so we won't assume that all UNIXes
will do so; instead, we set the umask to 0077 to take away all group and
other permissions, attempt to create the file, and then put the umask
back (puts into "try_tempfile()", called by "create_tempfile()" to
create temporary files, the "umask()" calls that Gilbert put into
"capture.c" to deal with the same problem).
svn path=/trunk/; revision=553
|
| |
|
|
|
|
|
| |
on different flavors of BSD are - even worse than I thought, now that
I've seen the BSD/OS <net/bpf.h>.
svn path=/trunk/; revision=552
|
| |
|
|
|
|
|
|
|
|
| |
1) OpenBSD and NetBSD might use the same value;
2) BSD/OS uses the same value;
so maybe FreeBSD is the only outlier.
svn path=/trunk/; revision=551
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
not using the structure members so declared, anyway; instead, put in a
comment to note that the data follows, in a certain format.
Use "guint8", "guint16", and "guint32" instead of "unsigned char",
"unsigned short", and "unsigned long", as per the rest of Ethereal; the
first two pairs are equivalent, but "unsigned long" is *not* necessarily
a 32-bit data type (it's not a 32-bit data type on most 64-bit
platforms, for example).
svn path=/trunk/; revision=550
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
necessary nor sufficient if you're using "struct tm" (on many, perhaps
most, perhaps even all modern UNIXes, <sys/time.h> includes <time.h>,
which declares "struct tm", but that's not necessarily the case on
non-UNIX systems).
Include <time.h> in "file.c", to declare "struct tm".
Don't use PCAP_ERRBUF_SIZE to declare a message string buffer - that
won't work if you don't have "libpcap".
svn path=/trunk/; revision=549
|
| |
|
|
|
|
|
| |
with "-W" unless we actually support "libpcap", as "fork_mode" isn't
defined unless HAVE_LIBPCAP is defined.
svn path=/trunk/; revision=548
|
| |
|
|
| |
svn path=/trunk/; revision=547
|
| |
|
|
|
|
|
|
|
|
|
| |
Have the code that opens "libpcap" files for writing check to make sure
that the Wiretap encapsulation can be written to a "libpcap" file, and
return -1 and supply a new WTAP_ERR_UNSUPPORTED_ENCAP error code if it
can't.
Handle that new error code in "wtap_strerror()".
svn path=/trunk/; revision=546
|
| |
|
|
|
|
|
|
|
|
|
|
| |
code supplied by a Wiretap routine (whether a positive UNIX "errno" code
or a negative Wiretap error code), and returns an error message
corresponding to it.
Use that to construct the message Ethereal put up in a message box for
those errors for which we don't have Ethereal put up a message of its
choice.
svn path=/trunk/; revision=545
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of WTAP_ENCAP_NONE; replace it with WTAP_ENCAP_UNKNOWN, which
means "I can't handle that file, it's using an encapsulation I don't
support".
Check for encapsulations we don't support, and return an error (as is
already done in "libpcap.c").
Check for too-large packet sizes, and return an error (as is already
done in "libpcap.c").
Print unsigned quantities in Wiretap messages with "%u", not "%d".
svn path=/trunk/; revision=544
|
| |
|
|
|
|
|
|
|
| |
4.4-Lite), but they use different values for AF_INET6; define and handle
both of them.
Add AF_ISO as well.
svn path=/trunk/; revision=543
|
| |
|
|
| |
svn path=/trunk/; revision=542
|
| |
|
|
|
|
| |
message from "libpcap".
svn path=/trunk/; revision=541
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
|
| |
|
|
|
|
| |
were printed in the wrong byteorder.
svn path=/trunk/; revision=539
|
| |
|
|
|
|
| |
it's set before we dissect continuations.
svn path=/trunk/; revision=538
|
| |
|
|
| |
svn path=/trunk/; revision=537
|
