aboutsummaryrefslogtreecommitdiffstats
path: root/epan/packet_info.h
Commit message (Collapse)AuthorAgeFilesLines
* More 'char*' -> 'const char*' changes to fix warnings.Jörg Mayer2005-07-231-1/+1
| | | | svn path=/trunk/; revision=15015
* From Mike Duigou:Anders Broman2005-06-031-1/+4
| | | | | | | A few doxygen updates and an improved section on writing dissectors that don't use tcp_dissect_pdus(). svn path=/trunk/; revision=14537
* - Add support for libpcap files for MTP2 with a per packet headerMichael Tüxen2005-05-021-0/+6
| | | | | | | | indicating the direction, narrowband/broadband, and interface number. - Add support to display the direction and interface number. - Add support to packet-mtp2.c to use the broadband/narrowband indication. svn path=/trunk/; revision=14265
* Have GSS-API subdissectors supply a "data is encrypted" flag to theirGuy Harris2005-03-161-2/+7
| | | | | | | | | | | | | | | | callers, so that they can tell "no decrypted tvbuff because I couldn't decrypt it" from "no decrypted tvbuff because it's not encrypted in the first place". Set that based on the Kerberos seal algorithm field in the SPNEGO Kerberos 5 wrap dissector code. Use that to determine whether the GSS-API encapsulated data in LDAP is encrypted or not., rather than using a heuristic. Set the length of the SASL blob tvbuff based on the SASL length and the length of the tvbuff from which it's consstructed, rather than setting it to the SASL length. svn path=/trunk/; revision=13780
* add two nice defines for how to decrypt a GSSKRB tvbRonnie Sahlberg2005-03-101-1/+3
| | | | | | | | dce has slightly different padding and checksumming so we have to tell decrypt_arcfour() about it. svn path=/trunk/; revision=13689
* gssapi decryption nees a few new fields to pass the blobs from application ↵Ronnie Sahlberg2005-03-081-0/+14
| | | | | | layer dissector all the way down to spnego or friends and back. svn path=/trunk/; revision=13658
* Make the DCE transport type an "int" so that -1 is a valid value and theGuy Harris2005-02-251-1/+1
| | | | | | compiler doesn't say "that's unsigned, it can't possibly be equal to -1". svn path=/trunk/; revision=13526
* pinfo->private_data was a quite subptimal ideaRonnie Sahlberg2005-02-251-1/+2
| | | | | | | | change the decodeas for dcerpc so that it actually works again for dcerpc over smb svn path=/trunk/; revision=13515
* Add a field called "frame.protocols" which shows the protocols presentGerald Combs2005-01-191-7/+8
| | | | | | | | | in the frame. The filter "frame.protocols contains ip:icmp:ip" could be used to find any ICMP packets containing IP headers. Clean up whitespace. svn path=/trunk/; revision=13118
* Add the capability to chose to remap the fist two PPIDS in each SCTP packet ↵Michael Tüxen2004-09-061-0/+4
| | | | | | to a different dissector. svn path=/trunk/; revision=11912
* From Eric Wedel: backend things for "Decode As" of DCE-RPC interfacesUlf Lamping2004-09-041-0/+4
| | | | svn path=/trunk/; revision=11894
* Pull the address (and port and circuit type) stuff out ofGuy Harris2004-07-191-98/+1
| | | | | | | | | "epan/packet_info.h" and put it in "epan/address.h". Use the AT_ values from "epan/address.h" for address types in the interface lists rather than having our own FAM_ enums. svn path=/trunk/; revision=11427
* Set the svn:eol-style property on all text files to "native", so thatGuy Harris2004-07-181-1/+1
| | | | | | | | | they have LF at the end of the line on UN*X and CR/LF on Windows; hopefully this means that if a CR/LF version is checked in on Windows, the CRs will be stripped so that they show up only when checked out on Windows, not on UN*X. svn path=/trunk/; revision=11400
* Updates from Richard v d HoffRonnie Sahlberg2004-06-251-2/+3
| | | | | | IAX2 updates and a CRC16 routine svn path=/trunk/; revision=11233
* Add support for DLT_APPLE_IP_OVER_IEEE_1394.Guy Harris2004-03-231-4/+5
| | | | svn path=/trunk/; revision=10446
* From Jeff Morriss:Guy Harris2004-02-291-2/+3
| | | | | | | | | support the ISUP CIC as a circuit ID; add a preference option to control whether to put the CIC into the Info column or not. svn path=/trunk/; revision=10265
* Add a "saved_can_desegment" field to the "packet_info" structure, soGuy Harris2003-12-291-8/+18
| | | | | | | that dissectors for pass-through proxying protocols such as SOCKS can allow the subdissectors they call to ask that desegmentation be done. svn path=/trunk/; revision=9488
* Move the GSM SMS dissection to a dedicated subdissector (currently still withinOlivier Biot2003-12-231-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | packet-smpp.c). Now the higher-level protocols show up without the need of unfolding the SMPP dissector tree. Add a new address type AT_STRINGZ, and use it for GSM SMS message reassembly. Get rid of the different UDH IE subtrees, and replace them with one subtree for all UDH IEs. Add debug logging to SMPP and SMPP GSM SMS dissectors. Move the Short Message reassembly from the SMPP dissector to the SMPP GSM SMS dissector. Fix duplicated "reassembled in" header fields. Rename header fields that are now part of SMPP GSM SMS (including the dissector table name, so it has also been updated in packet-wsp.c and packet-wtp.c). Add an explicit "if (!tree) return" in the WSP add_headers() method. NOTE: it would be great if we were able to merge the existing packet-gsm_sms.c and the SMPP GSM SMS dissector. svn path=/trunk/; revision=9431
* From Michael Lum: support an AT_SS7PC address type for SS7 point codes,Guy Harris2003-12-081-2/+3
| | | | | | | and set the direction in pinfo for SS7 packets based on source and destination addresses. svn path=/trunk/; revision=9209
* From Olivier Biot:Guy Harris2003-11-211-1/+2
| | | | | | | | | | | | | | | | * Add a "match_string" field to the "packet_info" structure, saving the string value that matched in a string dissector lookup, by analogy to "match_port" - this was required for dissection with token rendering of WBXML content when no public ID was given (e.g. Nokia/Ericsson OTA provisioning data). * Add support for textual content type based WBXML token mapping. * Add extra WBXML public identifiers. * Add the Nokia/Ericsson OTA provisioning (version 7) token definitions. * Inform the user when a content-type based token match is found. svn path=/trunk/; revision=9061
* From Dinesh Dutt:Guy Harris2003-10-301-3/+14
| | | | | | | | | | - Dissector for FICON - Dissector for FC-SP (Security Protocol for Fibre Channel) - Patches to correct the reassembly of FC fragments. - Support for new MDS Port Analyzer Adapters that carry the frame length for truncated frames. svn path=/trunk/; revision=8823
* Catch exceptions when dissecting a verifier, so we still dissect theGuy Harris2003-10-211-2/+1
| | | | | | | | | | | | | | | | stub data even if there's a problem dissecting the verifier. Show stub data as "Encrypted stub data" if it's encrypted, "Decrypted stub data" if it was encrypted but we decrypted it, and "Stub data" if it wasn't encrypted. Don't attempt to decrypt data unless it was encrypted (i.e., the authentication level is "Packet privacy". Get rid of "decrypted_data" member of "packet_info" structure - we don't need it any more. svn path=/trunk/; revision=8743
* Update to TCP to handle hints from dissectors where the next PDU may start.Ronnie Sahlberg2003-04-231-2/+28
| | | | | | | | | | | ONCRPC dissector updated to provide hint to TCP where the next RPCoverTCP PDU starts as example. Trivial updates to the other TCP based protocols required to amke them handle this as well. See the updates to packet-rpc.c as an example. This is enabled by activating tcp analysis and provides hints to TCP to know where PDUs starts when not aligned to the start of the segment. svn path=/trunk/; revision=7543
* Assume all AT_NONE addresses are the same, as they have no address dataGuy Harris2003-02-281-5/+15
| | | | | | to compare; based on a change from Laurent Meyer. svn path=/trunk/; revision=7222
* From Didier Gautheron: provide a mechanism to indicate why reassemblyGuy Harris2003-02-271-1/+2
| | | | | | | wasn't done, and, for TCP, use that mechanism if reassembly isn't done is an incorrect TCP checksum. svn path=/trunk/; revision=7212
* From Dinesh Dutt:Guy Harris2003-01-221-1/+4
| | | | | | | | | | | - A new decoder called MDSHDR which decodes the internal header of the Cisco MDS switch (this is different from the Boardwalk header). - Support for some more new columns as part of FC support. - Fixed the decoding of the Special Frame in FCIP. - Fixed the decoding of credit management type field in FLOGI/PLOGI frame in FC-ELS. svn path=/trunk/; revision=6974
* pointer spells with an oJörg Mayer2003-01-061-3/+2
| | | | svn path=/trunk/; revision=6857
* Update DCERPC so that for (NTLMSSP) PDUs that have been decryptedRonnie Sahlberg2003-01-061-1/+3
| | | | | | | | | we also call the proper DCERPC subdissector. With this change ethereal will call the SAMR dissector and dissect the decrypted SAMR packets in devins capture. svn path=/trunk/; revision=6855
* From Dinesh Dutt: Add Fibre Channel support, including FCIP, Basic FCGerald Combs2002-12-081-2/+8
| | | | | | header, Extended Link Service, Interswitch Link Service, FCP, and IPFC. svn path=/trunk/; revision=6757
* Allow more than one circuit with the same circuit ID; a circuit has aGuy Harris2002-11-081-3/+4
| | | | | | | | | | | | | | starting and ending frame number, and circuits with the same circuit ID are sorted by the starting frame number (the last circuit can have 0 as the ending frame number, meaning "unknown"), and, when looking up a circuit, we take a frame number as an argument and return the circuit that includes that frame. Add a new circuit ID type for X.25 virtual circuits, and use the circuit mechanism to keep track of the dissector for an X.25 virtual circuit rather than having a private mechanism. svn path=/trunk/; revision=6580
* Discard the WTAP_ENCAP_LAPD encapsulation type in favor of aGuy Harris2002-10-311-2/+3
| | | | | | | | | | | | | | | WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header giving the direction (user-to-network or network-to-user) and the channel number. Add a new circuit type, using the ISDN channel number as the circuit ID. Add an ISDN dissector to put the direction and channel number into the protocol tree and to call the appropriate dissector for the payload based on the channel (LAPD for the D channel; V.120, PPP, or data for B channels, based on some heuristics). svn path=/trunk/; revision=6521
* Add in a notion of "circuits", which are for virtual circuit-orientedGuy Harris2002-10-221-1/+10
| | | | | | | | | | | | | protocols (where there's a virtual circuit ID of some sort in packets) what conversations are for protocols ultimately running atop connectionless network layers. Have circuit type and ID values in the "packet_info" structure. Have the Frame Relay dissector set the circuit type and ID values, and have the Wellfleet compression protocol set up circuit information and store compression information with the circuit. svn path=/trunk/; revision=6469
* The Frame Relay DLCI is a virtual circuit identifer, not a source orGuy Harris2002-10-191-2/+1
| | | | | | | | destination address, so yank out the AT_DLCI stuff. Clean up indentation. svn path=/trunk/; revision=6455
* Add an AT_ARCNET address type for ARCNET addresses, and have the ARCNETGuy Harris2002-10-181-2/+3
| | | | | | dissector set the source and destination link-layer addresses. svn path=/trunk/; revision=6452
* Add a new port type, PT_IPX, for IPX socket numbers; set "pinfo->ptype",Guy Harris2002-10-151-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "pinfo->srcport", and "pinfo->destport" appropriately in the IPX dissector. Add support for PT_IPX port types in display columns. Have an "spx.socket" dissector table, similar to the "ipx.socket" dissector table, and have the SPX dissector use that, with the IPX socket numbers from "pinfo->srcport" and "pinfo->destport", so that dissectors for protocols that run atop SPX can register with particular socket numbers. (Think of it as similar to what would have been the case had the IP header had 16-bit source and destination port numbers, and had TCP and UDP used those port numbers rather than having port numbers in their headers.) Also, have the SPX dissector dissect subprotocols regardless of whether we're building a protocol tree or not. Use the dissector handle for the IPX message dissector for both IPX socket numbers; there's no need to create separate handles for both registrations. Have NDPS register as a subdissector of the SPX dissector, using "spx.socket", and get rid of the duplicate SPX dissection in the NDPS dissector. Make the NDPS dissector set the columns regardless of whether a protocol tree is being built, and clean up the dissector (fixing some bugs). Get rid of unneeded includes in "packet-ndps.c". svn path=/trunk/; revision=6424
* Removed trailing whitespaces from .h and .c files using theJörg Mayer2002-08-281-4/+4
| | | | | | | winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6116
* Fix the comment before "CMP_ADDRESS()" to reflect reality ("memcmp()"Guy Harris2002-08-221-3/+3
| | | | | | | | | isn't guaranteed to return 0, 1, or -1, it returns *some* positive number, not necessarily 1, if the first argument is greater than the second, and *some* negative number, not necessarily -1, if the first argument is less than the second). svn path=/trunk/; revision=6063
* Fix small typoRonnie Sahlberg2002-07-311-2/+2
| | | | svn path=/trunk/; revision=5920
* Adding a new macro CMP_ADDRESS similar to ADDRESS_EQUAL but this one will returnRonnie Sahlberg2002-07-311-1/+15
| | | | | | | -1,0,1 as the xxxcmp() functions will instead of just true/false. Useful if you not only want to check for equality but also if you want to have a way to order the elements. svn path=/trunk/; revision=5917
* From Didier Gautheron: move port number from AppleTalk addresses toGuy Harris2002-06-281-2/+3
| | | | | | | separate column, and put in hidden fields for AppleTalk source and destination addresses. svn path=/trunk/; revision=5778
* Get rid of the "data_src" member of the "frame_data" structure; put itGuy Harris2002-06-041-1/+2
| | | | | | | | in the "packet_info" structure instead, as we don't need a pointer for every single frame in the capture file, just for each frame for which we currently have an open "epan_dissect_t". svn path=/trunk/; revision=5614
* Move the pointer to the "column_info" structure in the "frame_data"Guy Harris2001-12-101-1/+2
| | | | | | | | | | | | | | | structure to the "packet_info" structure; only stuff that's permanently stored with each frame should be in the "frame_data" structure, and the "column_info" structure is not guaranteed to hold the column values for that frame at all times - it was only in the "frame_data" structure so that it could be passed to dissectors, and, as all dissectors are now passed a pointer to a "packet_info" structure, it could just as well be put in the "packet_info" structure. That saves memory, by shrinking the "frame_data" structure (there's one of those per frame), and also lets us clean up the code a bit. svn path=/trunk/; revision=4370
* Update from Ronnie Sahlberg:Guy Harris2001-11-291-2/+7
| | | | | | | | | | | | | | | | | | | | | | | 1. Changes how can_desegment works so that can_desegment is only != 0 for whichever dissector is running immediately on top of whoever offers the can_desegment service. Thus DCERPC needs no special handling to see if it can trust can_desegment (which is currently only available ontop of TCP and not ontop of tcp->nbss->smb). 2. Changes fragment reassembly of transaction smb to only show the defragmented packet for the transaction smb holding the first fragment. To see why, test it with a transaction SMB containing a ~60kb PDU or larger. The old behaviour had approximately quadratic behaviour regarding runtime for dissecting such PDUs. (example: NetShareEnum is a command which can grow really really large if the number of shares and comments are large) svn path=/trunk/; revision=4296
* Remove the global packet_info called "pi". Dissectors now onlyGilbert Ramirez2001-11-211-5/+1
| | | | | | | | | | | | | | | | access their own "pinfo". A packet_info is stored in epan_dissect_t, which is created for the dissection of a single packet. GUI functions which need to access the packet_info of the currently selected packet used to use "pi"; now they use cfile.edt->pi. cfile's "edt" member is the epan_dissect_t of the currently-selected packet. The functionality of blank_packetinfo() was moved into dissect_packet(), as that's the only place that called blank_packetinfo(), after a spurious call to blank_packetinfo() was removed from packet_list_select_cb(). svn path=/trunk/; revision=4246
* Get rid of the "len" and "captured_len" members of the "packet_info"Guy Harris2001-11-201-3/+1
| | | | | | structure; they're no longer used. svn path=/trunk/; revision=4236
* Get rid of NullTVB, the "compat_top_tvb" member of the "packet_info"Guy Harris2001-11-151-2/+1
| | | | | | | | structure, the check for a null tvbuff pointer in "alloc_field_info()", and the "tvb_create_from_top()" macro; they're no longer needed, as there's no non-tvbuffified dissector code remaining. svn path=/trunk/; revision=4205
* Rename the "private" member of the "packet_info" structure toGuy Harris2001-11-031-2/+2
| | | | | | "private_data", to keep C++ compilers from getting heartburn. svn path=/trunk/; revision=4130
* Have a flag in the "packet_info" structure, which indicates whether theGuy Harris2001-10-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | stuff currently being dissected is part of a packet included in an error packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not bother doing reassembly if the TCP segment is part of an error packet, rather than an actual TCP transmission; other dissectors might want to treat those packets specially as well. Add to the "tcpinfo" structure a flag indicating whether the URG flag was set, rather than having the zero or non-zero value of the urgent pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent pointer value isn't useful, as it means "the stuff before this segment is urgent", but it's certainly possible to put onto the wire a TCP segment with URG set and a zero urgent pointer.) Don't dissect the TCP header by grabbing the entire header with "tvb_memcpy()" and then pulling stuff out of it - extract stuff with individual tvbuff calls, and put stuff into the protocol tree and the Info column as we extract it, so that we can dissect a partial header. This lets us, for example, get the source and destination ports from the TCP header of the part of a TCP segment included in a minimum-length ICMPv4 error packet. svn path=/trunk/; revision=3986
* TCP desegmentation support, and changes to the ONC RPC and NBSSGuy Harris2001-09-131-1/+4
| | | | | | | | | | dissectors to use it, from Ronnie Sahlberg, with additional changes to handle the case where a frame contains messages that don't run past the end followed by one that does and where a reassembled chunk has, at the end, a message that runs past the end of that chunk (because the reassembly was for an earlier message). svn path=/trunk/; revision=3923
* Replace the protocol-specific data in the "packet_info" structure with aGuy Harris2001-08-041-10/+2
| | | | | | | | | | "void *" that a dissector can set to point to such a structure; that means that the stuff in the epan directory doesn't have to know anything about the protocol-specific private data one dissector passes to another, and that structure doesn't have to be changed if a dissector wants to pass some new type of data to another dissector. svn path=/trunk/; revision=3818
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 06:06:48 +0000