aboutsummaryrefslogtreecommitdiffstats
path: root/packet-tcp.c
Commit message (Collapse)AuthorAgeFilesLines
* From Jason House, support for TAPping from TCP protocolRonnie Sahlberg2002-12-171-80/+75
| | | | svn path=/trunk/; revision=6792
* Don't cast away constness, and fix variable and structure memberGuy Harris2002-12-021-4/+4
| | | | | | | | | | | | | qualifiers as necessary to ensure that we don't have to. "strcmp()", "strcasecmp()", and "memcmp()" don't return booleans; don't test their results as if they did. Use "guint8", not "guchar", for a pointer to (one or more) 8-bit bytes. Update Michael Tuexen's e-mail address. svn path=/trunk/; revision=6726
* Check whether we got an overflow for the PDU length *before* we checkGuy Harris2002-11-271-12/+12
| | | | | | whether we have that much data. svn path=/trunk/; revision=6675
* Must use the proper proto_tree_add_... call for FT_NONERonnie Sahlberg2002-11-071-9/+9
| | | | svn path=/trunk/; revision=6577
* hf_index update for TCPRonnie Sahlberg2002-11-071-9/+9
| | | | svn path=/trunk/; revision=6576
* Fixed small bug in TCP seq/ack analysis. Forgot to check a pointer for NULL ↵Ronnie Sahlberg2002-11-021-2/+4
| | | | | | which caused crashes sometimes. svn path=/trunk/; revision=6546
* Three more things for TCP seq/ack analysis to check for and flag:Ronnie Sahlberg2002-11-011-13/+92
| | | | | | | | ZeroWindow: ZeroWindow segments are detected and flagged ZeroWindowProbe: detected and flagged ZeroWindowViolation: attempts to write >1 byte of data to a zerowindow is detected and flagged. svn path=/trunk/; revision=6543
* Update to TCP seq/ack analysis: tcp seq/ack analysis should now be able toRonnie Sahlberg2002-11-011-2/+74
| | | | | | detect suspected duplicate ACKs. svn path=/trunk/; revision=6542
* From Ronnie Sahlberg: use the frame number of a TCP segment, rather thanGuy Harris2002-10-171-6/+14
| | | | | | | | | | | | | its starting sequence number, as the "fragment ID" when reassembling, and include the source and destination port numbers in a "tcp_segment_key" structure and use that as part of the key in the hash table for segments, so that we don't get spoofed by segments in two directions in the same conversation, or by segments in two separate conversations between the same hosts, having the same starting sequence number (which is not unlikely to happen if relative sequence numbers are being used). svn path=/trunk/; revision=6443
* From Didier: bugfix for sequence number wrappingRonnie Sahlberg2002-09-181-5/+5
| | | | svn path=/trunk/; revision=6303
* fix for the fixRonnie Sahlberg2002-09-111-2/+2
| | | | svn path=/trunk/; revision=6274
* Tiny change to the tcp seq/ack analysis.Ronnie Sahlberg2002-09-111-12/+5
| | | | | | | If the addresses are equal, compare the ports with '>' instead of '-' since '>' will work regardless of whether the values are unsigned or not. svn path=/trunk/; revision=6268
* Removed trailing whitespaces from .h and .c files using theJörg Mayer2002-08-281-25/+25
| | | | | | | winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6117
* Properly display the window scale option.Guy Harris2002-08-221-2/+2
| | | | svn path=/trunk/; revision=6065
* "CMP_ADDRESS()" is not guaranteed to return 0, 1, or -1, it's justGuy Harris2002-08-221-6/+35
| | | | | | | | | | guaranteed to return 0, a positive number, or a negative number, based on the result of the comparison. Furthermore, if it returns 0, meaning the source and destination addresses are the same, we have to look at the port numbers to decide which side of the conversation the frame is from. svn path=/trunk/; revision=6064
* Create a subtree with an item "tcp.analysis.flags" to keep allRonnie Sahlberg2002-08-211-20/+35
| | | | | | | tcp sequence number analysis flags, such as retransmission , lost-segment, etc to make it easier to search for all these conditions. svn path=/trunk/; revision=6056
* Moved the generic true_false_string saying "Set", "Not set" intoTim Potter2002-08-211-8/+1
| | | | | | | | epan/packet.c It was cut and pasted into seven other dissectors! svn path=/trunk/; revision=6052
* Reverted part of the previous patch. It seemed we found a few too manyRonnie Sahlberg2002-08-171-2/+2
| | | | | | packets to display the ACK data for. svn path=/trunk/; revision=6008
* Fixed bug not handling FIN pakcets properly.Ronnie Sahlberg2002-08-161-2/+9
| | | | | | | Fixed another tiny bug where it would forget to check ACKs outside the window sometimes. svn path=/trunk/; revision=6001
* Add sequence number wrap to tcp window checking.Jörg Mayer2002-08-031-8/+15
| | | | svn path=/trunk/; revision=5945
* Create the TCP protocol tree, and put the source and destination portsGuy Harris2002-08-031-21/+20
| | | | | | | | into it, as soon as we've extracted the source and destination ports from the packet, so that if we throw an exception fetching something else from the packet, we still have the protocol tree and ports. svn path=/trunk/; revision=5943
* Replace the types from sys/types.h and netinet/in.h by their glib.hJörg Mayer2002-08-021-12/+4
| | | | | | | | equivalents for the toplevel directory. The removal of winsock2.h will hopefully not cause any problems under MSVC++, as those files using struct timeval still include wtap.h, which still includes winsock2.h. svn path=/trunk/; revision=5932
* Two new options added to TCP.Ronnie Sahlberg2002-08-021-25/+603
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 1, Analyze TCP sequence numbers. This option will keep track of sequence numbers for all tcp sessions and flag the following: a, If a new segment is seen which is beyong the right edge this is an indication that the previous segment was lost and this will be flagged as previous segment lost. b, If a segment is seen which lies left of the right edge this is flagged as retransmission. c, if a keep-alive is seen (empty segment, seq==expected seq-1) this is flagged as a retransmission. d, if an ACK is seen which is beyond the right edge this is an indication that a segment has been lost and it will be flagged as segment lost. All ACKs which advance the left edge get the RTT displayed between the ACKed segment and the ACK itself. The ACK also gets an indication of WHICH segment it is an ACK for. 2, Relative sequence numbers. This option needs the first option to be selected as well. This option will as best as it can try to get ethereal to use relative sequence numbers instead of absolute ones. The patch does not handle sequence number wrapping and unexpected results can probably happen for such. svn path=/trunk/; revision=5931
* From Joerg Mayer:Guy Harris2002-07-171-5/+1
| | | | | | | | | | | | | | | dftest.c: Remove #if-0-ed includes packet-ieee80211.c, packet-wtls.c, packet-afp.c, packet-wsp.c, packet-wtp.c, ethereal_gen.py: Remove redundant include varargs (already in snprintf.h, and required only for snprintf.h) Remove unused include of snprintf.h from files not using "snprintf()". svn path=/trunk/; revision=5889
* Set pinfo->ptype, pinfo->srcport, and pinfo->dstport as soon as we'veGuy Harris2002-07-021-5/+8
| | | | | | | | fetched the source and destination port numbers, so that they're available to the "Follow TCP Stream" code even if we throw an exception dissecting the rest of the TCP header. svn path=/trunk/; revision=5811
* When looking for dissectors for the source and destination port numbersGuy Harris2002-06-081-4/+29
| | | | | | | | | | | | | | | | | | | | in TCP, UDP, and SCTP, try the lower port number first, and then the higher port number; this means that, for packets where a dissector is registered for *both* port numbers: 1) we pick the same dissector for traffic going in both directions; 2) we prefer the port number that's more likely to be the right one (as that prefers well-known ports to reserved ports); although there is, of course, no guarantee that any such strategy will always pick the right port number. Ignore port numbers of 0, as some dissectors use a port number of 0 to disable the port, and as RFC 768 says that the source port in UDP datagrams is optional and is 0 if not used. svn path=/trunk/; revision=5656
* Get rid of the "data_src" member of the "frame_data" structure; put itGuy Harris2002-06-041-3/+2
| | | | | | | | in the "packet_info" structure instead, as we don't need a pointer for every single frame in the capture file, just for each frame for which we currently have an open "epan_dissect_t". svn path=/trunk/; revision=5614
* Improve a comment.Guy Harris2002-05-051-6/+8
| | | | svn path=/trunk/; revision=5399
* Make "tvb_ensure_length_remaining()" return a "guint" - it can't returnGuy Harris2002-05-051-10/+18
| | | | | | | | | | a negative value. Use "tvb_ensure_length_remaining()" in "tcp_dissect_pdus()", rather than checking the return value of "tvb_length_remaining()" ourselves, and make various variables and parameters in it "guint" as appropriate. svn path=/trunk/; revision=5396
* Make a "tcp_dissect_pdus()" with the standard loop for a TCP segment,Guy Harris2002-05-051-1/+136
| | | | | | | | | | | | | | | | | | | | | | | | | extracting PDUs from it and possibly doing reassembly. Make the COPS, DNS, DSI, Gryphon, and SCCP dissectors use it. Add "set_actual_length()", "tcp_dissect_pdus()", "decode_boolean_bitfield()", "decode_numeric_bitfield()", and "decode_enumerated_bitfield()" to the list of routines available to dissectors on platforms where routines in the main program aren't available to dynamically-loaded code. Declare routines in "to_str.h" as "extern"; as I remember, that's necessary to allow the "decode_XXX_bitfield()" routines declared therein to be made available to plugins as per the above. Note that new exported routines should be added to the end of the table if that's the only change being made to the table. Create a new "plugin_api_decls.h" header file, used to declare both the "p_" variables and the "p_" structure members in the routine-exporting mechanism; this reduces the number of places you have to change to change the list of exported routines. svn path=/trunk/; revision=5394
* Add the packet len to the protocol tree as well, since it is often not ↵Richard Sharpe2002-05-041-2/+2
| | | | | | visible in the summary display. svn path=/trunk/; revision=5379
* Add a hidden length fild for TCP, tcp.len. Also fixed a small type.Richard Sharpe2002-04-211-2/+13
| | | | svn path=/trunk/; revision=5210
* Do the "follow TCP stream" stuff before calling the subdissector, soGuy Harris2002-04-111-13/+14
| | | | | | | | that it gets done even if the subdissector throws an exception (and so that, if the subdissector modifies the addresses or ports, we still hand the right values to "reassemble_tcp()"). svn path=/trunk/; revision=5140
* Mark unused arguments as such.Guy Harris2002-03-311-2/+2
| | | | svn path=/trunk/; revision=5062
* In the protocol tree entries for lists of fragments/segments, make theGuy Harris2002-03-271-4/+5
| | | | | | | | top-level item correspond to the reassembled data, and make the item for each fragment/segment correspond to the part of that reassembled data that came from that fragment/segment. svn path=/trunk/; revision=5025
* Free all the stuff pointed to by elements in the "tcp_segment_table"Guy Harris2002-02-241-10/+16
| | | | | | | | | hash table before freeing the memory chunks for those elements. Destroy that hash table when we're done, and set the pointer to it to null so that we'll reallocate it. svn path=/trunk/; revision=4794
* For TCP segments that are reassembled into larger packets, show the dataGuy Harris2002-02-191-4/+19
| | | | | | | | as raw TCP segment data under the TCP protocol tree item, rather than as a top-level data item - and do so even for the last of the segments reassembled into that packet. svn path=/trunk/; revision=4754
* Add support for reassembling RPC-over-TCP fragments, and do that in bothGuy Harris2002-02-181-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | RPC and NDMP. Show the RPC-over-TCP fragment header as a tree with bitfields below it. Add a routine to show a reported bounds error as an "Unreassembled Packet" or a "Malformed Packet" depending on whether "pinfo->fragmented" is set, and have NBNS and RPC use that. Add "ett_ndmp_file_stats" to the list of ett_ values to be initialized (it wasn't in that list, and wasn't getting initialized). When freeing up various hash tables and memory chunks in the RPC dissector, zero out the pointers to them, just to make sure we don't try to free them again. Always destroy the TCP segment key and address memory chunks in "tcp_desegment_init()", regardless of whether TCP desegmentation is enabled - we don't *allocate* them if TCP desegmentation isn't enabled, but we should free them even if it's not enabled. Also, when we free them, set the pointers to them to null, so we don't double-free them. Supply to subdissectors called from the TCP dissector the sequence number of the first byte handed to the sub dissector. svn path=/trunk/; revision=4753
* Don't give tvbuffs names; instead, give data sources names, where aGuy Harris2002-02-181-4/+4
| | | | | | | | | | | | | | | "data source" has a name and a top-level tvbuff, and frames can have a list of data sources associated with them. Use the tvbuff pointer to determine which data source is the data source for a given field; this means we don't have to worry about multiple data sources with the same name - the only thing the name does is label the notebook tab for the display of the data source, and label the hex dump of the data source in print/Tethereal output. Clean up a bunch of things discovered in the process of doing the above. svn path=/trunk/; revision=4749
* From Ricardo Barroetave�a: support dissectors that are handedGuy Harris2002-02-031-60/+115
| | | | | | | | | | reassembled TCP data being able to indicate that they need still more reassembly, so that, for example, a dissector can indicate that it needs reassembly in order to dissect a header that says how long the PDU is and, when that reassembly is done and it dissects the header, it can then indicate that it needs more reassembly to get the entire PDU. svn path=/trunk/; revision=4694
* Get rid of an extra space.Guy Harris2002-02-031-2/+2
| | | | svn path=/trunk/; revision=4693
* Include files from the "epan" directory and subdirectories thereof withGuy Harris2002-01-211-4/+4
| | | | | | | | | | | | | "epan/..." pathnames, so as to avoid collisions with header files in any of the directories in which we look (e.g., "proto.h", as some other package has its own "proto.h" file which it installs in the top-level include directory). Don't add "-I" flags to search "epan", as that's no longer necessary (and we want includes of "epan" headers to fail if the "epan/" is left out, so that we don't re-introduce includes lacking "epan/"). svn path=/trunk/; revision=4586
* Allow a length of -1 to be specified when adding FT_NONE and FT_PROTOCOLGuy Harris2002-01-201-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | items to the protocol tree; it's interpreted as "the rest of the data in the tvbuff". This can be used if 1) the item covers the entire packet or the remaining payload in the packet or 2) the item's length won't be known until it's dissected, and will be then set with "proto_item_set_len()" - if an exception is thrown in the dissection, it means the item ran *past* the end of the tvbuff, so saying it runs to the end of the tvbuff is reasonable. Convert a number of "proto_tree_add_XXX()" calls using "tvb_length_remaining()", values derived from the result of "tvb_length()", or 0 (in the case of items whose length is unknown) to use -1 instead (using 0 means that if an exception is thrown, selecting the item highlights nothing; using -1 means it highlights all the data for that item that's available). In some places where "tvb_length()" or "tvb_length_remaining()" was used to determine how large a packet is, use "tvb_reported_length()" or "tvb_reported_length_remaining()", instead - the first two calls indicate how much captured data was in the packet, the latter two calls indicate how large the packet actually was (and the fact that using the latter could cause BoundsError exceptions to be thrown is a feature - if such an exception is thrown, the frame really *was* short, and it should be tagged as such). Replace some "proto_tree_add_XXX()" calls with equivalent "proto_tree_add_item()" calls. Fix some indentation. svn path=/trunk/; revision=4578
* Add an option to turn off TCP checksum checking (and to *allow*Guy Harris2002-01-181-45/+82
| | | | | | | | | | | | desegmentation even though we don't know whether the checksum is valid). I've seen packets with bad TCP checksums in Solaris network traces, but the traffic appears to indicate that the packet *was* received; I suspect the packets were sent by the host on which the capture was being done, on a network interface to which checksumming was offloaded, so that DLPI supplied an un-checksummed packet to the capture program but a checksummed packet got put onto the wire. svn path=/trunk/; revision=4571
* Mark un-reassembled TCP segments as (possibly) being un-reassembled, byGuy Harris2002-01-171-2/+10
| | | | | | | | | | | setting the "pinfo->fragmented" flag. If a ReportedBoundsError occurs, flag the frame as being an unreassembled packet, not an unreassembled fragmented packet, as it may have been segmented across TCP segment boundaries rather than being part of an IPv4/IPv6/CLNP/etc. fragmented/segmented packet. svn path=/trunk/; revision=4558
* As per a comment from Ronnie Sahlberg, display TCP sequence numbers inGuy Harris2002-01-101-4/+4
| | | | | | | | | | the list of segments in a desegmented PDU as unsigned, rather than signed. Fix some other displays of unsigned quantities with "%d" while we're at it. svn path=/trunk/; revision=4516
* Move the pointer to the "column_info" structure in the "frame_data"Guy Harris2001-12-101-38/+38
| | | | | | | | | | | | | | | structure to the "packet_info" structure; only stuff that's permanently stored with each frame should be in the "frame_data" structure, and the "column_info" structure is not guaranteed to hold the column values for that frame at all times - it was only in the "frame_data" structure so that it could be passed to dissectors, and, as all dissectors are now passed a pointer to a "packet_info" structure, it could just as well be put in the "packet_info" structure. That saves memory, by shrinking the "frame_data" structure (there's one of those per frame), and also lets us clean up the code a bit. svn path=/trunk/; revision=4370
* Attach a descriptive name field type and base to dissector tables; thatGuy Harris2001-12-081-2/+3
| | | | | | | | | | | | | | specifies how the selector values used as keys in those tables are to be displayed, and the title to use when displaying the table. Use that information in the code to display the initial and current entries of various dissector tables. Have the dissector for BACnet APDUs register itself by name, and have the BACnet NPDU dissector call it iff the BAC_CONTROL_NET bit isn't set, rather than doing it with a dissector table. svn path=/trunk/; revision=4358
* Support for reassembly of DCERPC over SMB, from Ronnie Sahlberg.Guy Harris2001-12-051-1/+4
| | | | svn path=/trunk/; revision=4335
* Get rid of the lists of conversation dissectors; instead, have aGuy Harris2001-12-031-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dissector table contain both a hash table, to use to look up port numbers to find a dissector, and a list of all dissectors that *could* be assigned to ports in that hash table, to be used by user interface code. Make the "Decode As" dialog box code use that. Also make it *not* let you choose whether to set the dissector for both the UDP and TCP versions of a port; some protocols run only atop TCP, some run only atop UDP, and even those that can run atop both may have different dissector handles to use over TCP and UDP, so handling a single merged list would be a mess. (If the user is setting the dissector for a TCP port, only those protocols that Ethereal can handle over TCP should be listed; if the user is setting the dissector for a UDP port, only those protocols that Ethereal can handle over TCP should be listed; if the user is setting a dissector for both, only those protocols that Ethereal can handle over *both* TCP *and* UDP should be listed, *and* there needs to be a way to let the "Decode As" code get both the TCP handle *and* the UDP handle and use the right ones. If somebody really wants that, they need to implement all of the above if they want the code to be correct.) Fix the code that handles setting the dissection for the IP protocol number to correctly update the lists of protocols being dissected as TCP and as UDP; the code before this change wasn't updating the single such list to add new protocols. svn path=/trunk/; revision=4311
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-27 08:44:53 +0000