On Tue, Apr 03, 2001 at 12:00:19AM +1000, Ronnie Sahlberg wrote:
> new patch for ethereal to add virtual packets, and defragmented ip packets
> to ethereal.
It needs to be updated for Ed Warnicke's changes in the current CVS
tree; you should probably do your development using anonymous CVS if
possible or, if that's not possible, use the nightly snapshots of the
anonymous CVS tree. See
http://www.ethereal.com/development.html
for information on anonymous CVS access, and links to the snapshots.
For example, the patch to "epan/packet.h" needs to be applied to
"epan/frame_data.h" instead.
That particular patch, however, raises the question "why is the
'new_frame' flag the patch adds different from the 'visited' flag that's
already there?" - or, rather, why is "new_frame" anything other than the
negatiion of "visited"?
You would also need to change some files to include "wiretap/wtap.h", as
the "frame_data" structure now has a "wtap *" as a member.
> Perhaps someone who knows how the widgetset works can add a button somewhere
> in the gui to toggle this behaviour on/off?
> Perhaps also a cmd-line switch?
You shouldn't - and don't have to - do anything whatsoever with the
widget set to do that; you merely have to add a preference item in the
dissector. This adds an additional item in the "IP" tab of the
"Edit->Preferences" dialog box, and also allows you to specify it on the
command line with the "-o" flag. See the attached patch to
"packet-ip.c".
However, if I then enable the "Reassemble fragmented datagrams" the new
preference item adds, and click "Apply" in the dialog box, it doesn't
reassemble anything - it just shows the first fragment as a fragment
rather than an Echo or Echo Reply packet.
If, however, I save the preferences, and then restart Ethereal, it does
reassemble the frames in question. Both of them, however, should work.
I tried modifying the places where "flags.visited" is cleared, when the
packets are rescanned and re-dissected, to set "flags.new_frame", but
that didn't seem to help. I've attached the patch to do that, in
"file.c", as well.
*** packet-ip.c.dist Mon Apr 2 23:00:12 2001
--- packet-ip.c Mon Apr 2 23:25:18 2001
***************
*** 315,321 ****
/*
* defragmentation of IPv4
*/
! int ip_defragment=0;
static GHashTable *ip_fragment_table=NULL;
--- 315,321 ----
/*
* defragmentation of IPv4
*/
! static gboolean ip_defragment = FALSE;
static GHashTable *ip_fragment_table=NULL;
***************
*** 1776,1781 ****
--- 1776,1785 ----
"Decode IPv4 TOS field as DiffServ field",
"Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field",
&g_ip_dscp_actif);
+ prefs_register_bool_preference(ip_module, "defragment",
+ "Reassemble fragmented datagrams",
+ "Whether fragmented IP datagrams should be reassembled",
+ &ip_defragment);
register_dissector("ip", dissect_ip, proto_ip);
}
*** file.c.dist Mon Apr 2 23:00:11 2001
--- file.c Mon Apr 2 23:39:13 2001
***************
*** 1072,1077 ****
--- 1072,1078 ----
* data (the per-frame data itself was freed by
* "init_all_protocols()"), and null out the GSList pointer. */
fdata->flags.visited = 0;
+ fdata->flags.new_frame = 1;
if (fdata->pfd) {
g_slist_free(fdata->pfd);
}
***************
*** 1103,1108 ****
--- 1104,1110 ----
until it finishes. Should we just stick them with that? */
for (; fdata != NULL; fdata = fdata->next) {
fdata->flags.visited = 0;
+ fdata->flags.new_frame = 1;
if (fdata->pfd) {
g_slist_free(fdata->pfd);
}