Very cool. Needed minor changes for current cvs, but other than that,
seems to work nice.
Some thoughts - you might want to make it an option to have the
timestamp of the virtual packet be the timestamp of the last frame used
in that virtual frame. (So the timestamp column sort works reasonably.)
Also, would be nice to have some way of indicating what frames
contributed to a given virtual frame, i.e. when I click on the virtual
frame, have it highlight all of the contributing frames somehow.
Also, it does appear to segfault on one of my afs captures...
#0 0x403b54a7 in memcpy () at ../sysdeps/generic/memcpy.c:64
#1 0x80a6e1a in ip_fragment_add (tvb=0x83195cc, pinfo=0x825ad00,
id=42749,
floff=8192) at packet-ip.c:530
#2 0x80a7ec8 in dissect_ip (tvb=0x83195cc, pinfo=0x825ad00, tree=0x0)
at packet-ip.c:1214
ipfs_i->data is null when I checked it in the debugger. I can get you
the capture if you like, but it's a 600k gzipped, so send me a note if
you want it.
-- Nathan
Ronnie Sahlberg wrote:
>
> Hi list,
> Could please the maintainers have a look at the patch and possibly check it
> in, if you are happy with it?
> If not, please tell me what problems exist in the patch and what i should do
> to change it.
>
> attached is a diff against the cvs tree two days ago.
> It contains the diff to get ethereal to support three new features:
> * virtual packets : packets created inside ethereal (in a dissector?). These
> packets are virtual in the sense
> that they were not read from any file nor were they received from an
> interface.
> They just exist inside ethereal to make debugging of some other packets
> easier.
> * IPv4 defragmentation : ip defragmentation will defragment the ip packets
> in the dissector and when an
> entire ip packet has been defragmented, it will be displayed as a
> non-fragmented virtual ip packet.
> Virtual ip packets are the defragmented packets with some small exceptions:
> virtual ip packets have no checksum displayed or checked. IP-flags and
> fragment offset are also
> ignored for these packets.
> * in file.c there is now an api : register_file_cleanup_func( void
> (*func)(void) ) which will take as argument
> a function to call before a new file is read or a new capture is started.
> This is now used by packet-virtual/packet-ip
> to clean up persistent data between invokations of the dissectors.
> This is a generic api that can be used by anyone who wants some special
> cleanup to be performed
> prior to read/capture new data in ehtereal.
>
> All memory allocated inside ethereal for these functions are kept track of
> and deallocated properly.
> It should not leak memory (at least this stuff in this patch should not
> leak)
>
> IP defragmentation is controlled by global variable ip_defragment
> ==0 : old original behaviur, no changes.
> ==1 : ip fragments will be reassembled and the defragmented packet will be
> shown as a virtual packet.
>
> Could please the maintainers have a look at the patch and possibly check it
> in, if you are happy with it?
> If not, please tell me what problems exist in the patch and what i should do
> to change it.
>
> Perhaps someone which knows how the widget toolkit works could add a button
> "[x] IP Defragment" somewhere in the
> GUI? Perhaps also a cmdline flag? Like how nameresolution on/off works...
>
> Have fun.
>
> ------------------------------------------------------------------------
> Name: ethereal.diff
> ethereal.diff Type: unspecified type (application/octet-stream)
> Encoding: quoted-printable
> Download Status: Not downloaded with message
>
> Name: A995.cap
> A995.cap Type: unspecified type (application/octet-stream)
> Encoding: base64
> Download Status: Not downloaded with message
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216
