Change the exported_pdu size from two to the full size of the tag
(including type and length fields) and limit the protocol length to just
the tags (without the PDU data).
Change-Id: I1c20740627ebd74c117bb1735ff4c189d2d750d6
Reviewed-on: https://code.wireshark.org/review/28470
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Fixed initial COL_INFO for associations. It used to 'append' instead of 'set'.
- Changed initial length check from tvb_reported_length() to tvb_captured_length()
- Heuristic Dissection:
o Modified registration, so it can be clearly identified in the Enable/Disable Protocols dialog
o Enabled by default
o Return proper data type
Tested heuristic vs. static on many DICOM captures
Change-Id: I0aa42b91e4f55a6d9fc834657710a6a92c8dadef
Reviewed-on: https://code.wireshark.org/review/27518
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
due to missing mapping from operation number to a string representation
wireshark displays '71' instead of 'CLONE'
Change-Id: Ic5da0a110d5475b2467d6110ea2896332f93288c
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/28447
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
As, fields are hidden items the discrepencies go unnoticed in the Wireshark
tree, however when printin in tshark the displayed fields are inccorect as the
wrong tvb is passed during dissection.
Bug: 14908
Change-Id: If06618b67040b631f153d3e2609583fecc56b5b2
Reviewed-on: https://code.wireshark.org/review/28445
Reviewed-by: Jeremy Martin <boardermartin@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
When dissecting USBIP packets, the transfer type is not known for every
packet like when dissecting usbmon captures. This patch lifs the
transfer type for the endpoint in the device descriptor and stores it in
the conversation. If the per-packet transfer type is unknown for a
transfer, it tries the one from the descriptor instead. This enables
bulk/iso payload dissectors to work on USBIP packets too.
Change-Id: If0a3e4f3b9598f586fa460d0d07032d22e203122
Reviewed-on: https://code.wireshark.org/review/28412
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Experiment with a generic way of adding values to the parent tree
Change-Id: I50dc44da3cafac79a0ac100121c83f8d0ff28457
Reviewed-on: https://code.wireshark.org/review/28395
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
If we know the information that belongs there, we should fill it in.
Otherwise, we should just pass a null pointer, meaning "we don't know
what this information is", and we should check for the null pointer and
not check the information in question.
Bug: 14894
Change-Id: I4f5249855330db65242d8b6eb6b5bda3af3a1925
Reviewed-on: https://code.wireshark.org/review/28404
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ibe10f172a9758afd5d38a78e2613f97b04d9c8ee
Reviewed-on: https://code.wireshark.org/review/28371
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See https://tools.ietf.org/html/rfc3118#section-5.2 (Authentication for
DHCP Messages) for more details.
Sample DHCPv4 authentication .pcap file can be found at,
https://wiki.wireshark.org/SampleCaptures
Without this patch, Wireshark shows "Expert Info (Error/Protocol):
length isn't >= 31" error message in the Authentication section of the
packet dissection.
Change-Id: I2af5c7d18f0497a131b1d2dc50ee6e4708c34e28
Signed-off-by: Dhiru Kholia <dhiru.kholia@gmail.com>
Reviewed-on: https://code.wireshark.org/review/28360
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fix in the computation of CRC + little change in the dissector - now it
shows the fields SMD and FRAG_COUNT in the tree correctly
Bug: 14610
Change-Id: I74982ff836f02803843f6b44a0955a4b20f48e43
Reviewed-on: https://code.wireshark.org/review/28286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously HTTP message bodies following a HEAD request in the same conversation
were not desegmented, resulting in spurious "Continuation" messages and failure
to reassemble HTTP bodies. Fix this by properly taking the current HTTP message
type (request or response) into account.
Bug: 14793
Change-Id: I1ffb052468cf414b73243447138466aca47db3e6
Reviewed-on: https://code.wireshark.org/review/28312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The tests assume an IPv4 address; check for IPv4 addresses. They're
always 4 octets long, so no need to check the length.
Change the XXX comment to ask whether the check for an IPv4 address is
even necessary.
Change-Id: Ic55d2c208d5472ec995aa0c150b09a2118f04a76
Reviewed-on: https://code.wireshark.org/review/28353
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC1035 there are limitations on the maximum length of DNS
names. The maximum length in the code was defined as 1025, this commit
changes it to 255. Also a new macro is introduced which holds the
minimum length of a DNS name.
Bug: 14041
Change-Id: Ic63b332b2a357e33728df183c05ab0e222faf13f
Reviewed-on: https://code.wireshark.org/review/28309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>