epan/dissectors/packet-bacapp.c the BACnetErrorCode array contains incorrect
enumeration mappings for BACnet error codes. Attached is a version of the file
with the mappings straightened out.
svn path=/trunk/; revision=24435
- In proto_tree_set_uint and proto_tree_set_int use value adjusted for bitmask.
- Removed col_custom_set_fstr in proto_tree_set_boolean to get a correct
adjusted value in proto_tree_set_uint.
- Set a default column width shorter than COL_INFO.
svn path=/trunk/; revision=24417
surprised by, for example, "i" not comparing equal to "I" in Turkish
locales.
Make gMessageType local - it's not used as a global variable. Also,
make it a pointer to const, so that we don't have to cast away the
constness.
dissect_giop_fragment() doesn't use the "header" argument, so get rid of
it.
Clean up indentation a bit.
The first element of a value_string is the value, and the second
argument is the string; fix up the initialization of the table of code
set values.
Fix a proto_tree_add_text() call to match the format and the arguments.
svn path=/trunk/; revision=24411
GIOP reassembly fails when first packet of a PDU is received Out-of-Order
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1453
The patch changed to use value_string but not all values included in the current value_string.
svn path=/trunk/; revision=24410
This patch decodes the Civic Address Types (CATypes) for Civic Addresses
Configuration Information. This GEOCONF_CIVIC DHCP option number 99 is defined
in RFC 4776.
svn path=/trunk/; revision=24406
to override UAT entries from the command line, e.g.
-o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",\"0\",\"\",\"0\",\"\""
Fix up white space.
svn path=/trunk/; revision=24338
type: Custom) that were backed out in SVN revision 24309.
Changes since that revision include a reworking of the handling of the
cfile/cinfo variables in epan/column-utils.c, addition of three new
functions to libwireshark.def and a bug fix to prevent a crash when no
custom columns were not in use.
Compilation verified locally on MacOS X, Linux and Windows.
svn path=/trunk/; revision=24317
filter name in the description field and it will display that field in the
packet list if it occurs in that packet. Note that the more common fields
are implemented, but a number of them remain to be implemented in
epan/proto.c. I will work on these other fields as I have time.
svn path=/trunk/; revision=24308
type, not a "how do I format addresses?" type; declare it as such, and
remove the comment that pointed out that the type field had the wrong
(C) type.
svn path=/trunk/; revision=24297
add dissection of the 16 byte header prior to the NDR data when NDR is
transported as a blob ontop of !dcerpc
like the LOGON_INFO in the PAC in kerberos
svn path=/trunk/; revision=24289
Add a dissector for the Scripting Service Protocol provided as part of the
RSPLIB package. RSPLIB is an Open Source implementation of the upcoming
Reliable Server Pooling standard. The scripting service is an application
for load distribution, based on Reliable Server Pooling.
From me:
Shorten the protocol name to SSP.
svn path=/trunk/; revision=24276
1) update SDP dissector with new IDs from assigned numbers document
https://www.bluetooth.org/apps/content/default.aspx?doc_id=49709
2) decode attribute IDs in an "attribute ID list" parameter (previously it
showed raw number only)
3) removed some duplicate entries in vs_service_classes
svn path=/trunk/; revision=24267
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
L2CAP dissector is missing retransmission & flow control modes (these were
introduces in BT 1.2 specification)
Configuration commands were not fully decoded because of a bigend/littleend
issue
L2CAP commands had the wrong length set to the protocol tree by reading from
the wrong buffer offset
Also the dissect_options() function consumes all remaining data in the L2CAP
packet, which prevents decoding of other commands which follow a config
request/config response in the same packet.
From me:
Mark an unused parameter.
svn path=/trunk/; revision=24262
I was capturing an RTP stream the other day which contained JPEG images
streamed according to RFC 2435. However, Wireshark reported them as malformed.
After some debugging of the Wireshark code it turned out that the decoding of
JPEG images which contain a quantization table was incorrect. I have attached a
patch to correct the decoding.
svn path=/trunk/; revision=24246
The decoding of a SubscribeCOVProperty packet is not properly decoding the
Monitored Property Identifier field. It leaves a number of decoded bytes at the
end as data.
svn path=/trunk/; revision=24245
2) Support for RFC 3909 - cancelRequest extendedOperation
3) Support for RFC 3062 - passwordModify extendedOperation
4) Column information for ExtendedRequest, SearchResultRef and AbandonRequest
5) Column information for multiple LDAP operations in the same packet (uses " | " separator)
svn path=/trunk/; revision=24195
I have written the attached patch to improve the userfriendly-ness of the
summary displayed in the last column of the packet list for IGMP packets.
The current code only tells the user the type of packet (REPORT, LEAVE, QUERY),
but doesn't include any information about what multicast group is joined to or
left. Worse, for IGMPv3 Reports the user cannot tell quickly if the multicast
group is joined-to or left, without having to look at the inside of the packet
to know the type of report (include all, include none, exlude none, exclude
all, etc.).
svn path=/trunk/; revision=24190
Corrected display of attributes from previous patch (24165)
For V2, if field length was 0, do not display the empty field. This makes it
easier to read. I only did V2 as I do not have means to test V1.
svn path=/trunk/; revision=24189
The displaying of attribute-lists in an "Attribute Reply" (ATTRRPLY) seems to
be written to display some special non-conforming attributes. Conforming
attributes are either displayed wrong or not displayed at all.
When displaying an attributes-list in a "Service Registration" (SRVREG), the
attribute list is only displayed as a single string (and usually truncated).
While this is not wrong, it should be broken up into the comma separated
attributes as "Attribute Requests" tries to do.
svn path=/trunk/; revision=24163
When dissecting any message containing a "transport layer address", if the
address was NULL (which is valid), the offset pointer was not incremented by 1
and the remaining fields would not be dissected correctly.
svn path=/trunk/; revision=24162
Fix the bug related to Option template:
- System scope (check that options scope size is == 4, not <= 4)
- Interface scope (same)
Same fix for fields BytesExported PacketsExported FlowsExported.
Also fix some tabulations in a previous patch related to IPv6 Addresses.
svn path=/trunk/; revision=24138
This patch provides a new RTP Player preferences dialog. It allows one to
select the maximum number of visable channels in the RTP Player window. The
default is four (4) channels which is the maximum number of usable channels
that the RTP Player can display and still have access to the bottom row buttons
on a 1024*768 resolution display. Specifying a value less than 1 or greater than
10 will be result in the RTP Player displaying the default 4 channels.
svn path=/trunk/; revision=24112
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
Patch to add cdp Power_request and Power_available fields
This added the support for the 0x0019 and 0x001a power_request and power_available fields.
Submitted patch slightly modified to present summary line and make more robust.
svn path=/trunk/; revision=24074
The current dissection of GeneralizedTime in packet-ber does not consider all
the possibilities how this field can be constructed.
According to ITU-T X.680 this field can be encoded as
YYYYMMDDhhmmss([\.,]f{1,3})?(([+-]hhmm)|Z)?
This is a regex-like expression where each letter except the literal 'Z'
represents an ASCII encoded digit.
So far only the first 14 digits are dissected and the 15th character is put
into parentheses. This may not show all available information.
svn path=/trunk/; revision=24071
This modifications are for the new protocol support.
HSE protocol was defined at Fieldbus Foundation <http://www.fieldbus.org/>.
svn path=/trunk/; revision=24064
These packet-g*.c files all have display filter issues:
1) packet-gryphon.c: PROTOABBREV is "gryphon", but display filter fields are
prefixed with only "gryph".
2) packet-gmrp.c: PROTOABBREV is "gmrp", but display filter fields are prefixed
with "garp".
3) packet-gssapi.c: PROTOABBREV is "gss-api", but display filter fields are
prefixed with "gssapi".
4) packet-gvrp.c: PROTOABBREV is "gvrp", but display filter fields are prefixed
with "garp", most of which conflict with packet-gmrp.c's display filter fields.
svn path=/trunk/; revision=24058
dissector. This fixes Coverity CID 238 (as we *were* assuming it was
non-null in one statement, and then only checking it later).
Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's
supposed to be, not to a Boolean value, and explain the basis on which
it's being set.
svn path=/trunk/; revision=24055
Present the country code description gsmmap and SCCP.
Added small ASN1 bugfix - missing EXPORTS used by gsmmap.asn(Handle older ver).
svn path=/trunk/; revision=24048
Wireshark decodes a BACnet ReadRange Ack packet as malformed. The packet itself
is valid as checked with the BACnet 135-2004 specification.
svn path=/trunk/; revision=24039
"USSD-DataCodingScheme ::= OCTET STRING (SIZE (1))
-- The structure of the USSD-DataCodingScheme is defined by
-- the Cell Broadcast Data Coding Scheme as described in
-- TS 3GPP TS 23.038 [25]"
Partly in responce to
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2158
svn path=/trunk/; revision=24019
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015
- add ability to read server private key from encrypted PKCS#12 file
- use 0.0.0.0|any|ANY as a wildcard IP address (e.g. if one certificate is used in more servers)
svn path=/trunk/; revision=23995
After a new display filter macro (dfmacro) has been defined, the first attempt
to use the dfmacro will result in a crash of Wireshark when the closing "}"
character is entered into the "Filter:" text entry field.
svn path=/trunk/; revision=23969
value, so we have valid values to put in the VarBind entry. Include the error
note text as the label.
This should fix bug 2144.
svn path=/trunk/; revision=23962
Don't pass an argument if the argument is overwritten before being used;
make it a local variable instead.
Combine the header and contents of an object into a single tree, as per
a suggestion in bug 1870.
Clean up some flag displays, and put fields into the protocol tree in
the order in which they appear in the packet.
svn path=/trunk/; revision=23960
the support is only semiautomated as this feature does not occur very often
use this feature for the TBCD-STRING in the H.225 dissector
svn path=/trunk/; revision=23958
to some RFCS.
Get rid of an unused dissector table and unused dissector handle.
Add #defines for the object header length and the minimum lengths of
various objects.
Don't use DISSECTOR_ASSERT() to check the contents of a packet - it is
by definition a bug in a dissector if DISSECTOR_ASSERT() is called, and
making a dissector call DISSECTOR_ASSERT() if a value that could
conceivably appear in a packet does appear in a packet is introducing a
known bug into a dissector.
Add more length checks - and use checked lengths for items rather than
updating lengths incrementally.
Clean up indentation and a bunch of other stuff.
svn path=/trunk/; revision=23955
Based on the analysis from Jim Young added some DISSECTOR_ASSERT calls to make sure
the dissection will procede through the packet data.
svn path=/trunk/; revision=23951
DHCPv6 dissector is pretty old, i.e., it needs some updates (provided in the patch).
For instance, RFC 5007 (leasequery) is not taken into account.
svn path=/trunk/; revision=23950
In packet-gsm_sms.c, in function dis_field_ud_iei, it is assumed that the UDHL
must be greater than 2 (because it is expected that IEIa and IEIDLa will be
one byte each and the rest will be IEIDa).
However, there are some cases in which UDHL can be 2. For example, in 3GPP 23.048.
svn path=/trunk/; revision=23945
In our communication systems, we make use of the RTP header extension to encode
signalling information in the form of a bit mask. To improve our debugging, we
extended the default RTP dissector to call back any subdissector registering
for a particular RTP payload type string. This allows to render the value of
the header extension in a different, more flexible way compared to the default
numeric representation, such as in form of a subtree.
svn path=/trunk/; revision=23943
When parsing nfsv4 GETATTR reply in attribute fs_location wireshark displays incorrect content for the attribute value. It looks like instead of parsing as rpc arrays, value gets parsed as
rpc linked list. This patch which fixes the problem
I also noticed that FATTR4_MOUNTED_ON_FILEID attribute is not getting parsed, so I added parsing for that as well.
svn path=/trunk/; revision=23917
have them use least some of the radio-information fields, so that the
same field name can be used for multiple radio header types. The AVS
header can supply the data rate in bits/second, so have that field be in
those units, and make it 64 bits to leave room for the future, Just In
Case. Display it as Mb/s, however.
svn path=/trunk/; revision=23911
During a regular Wireshark trace of UCP packets running over ethernet, I noted
that Wireshark said the login packet was malformed, even though it looked OK
and the server responded correctly. After looking at the UCP protocol, it
became clear that Wireshark was parsing a type 60 message which only has one
Reserverd field (RES1) and expecting it to have two Reserved fields (RES1 and
RES2) like a type 61 message. This is because it is using the same function to
parse both messages, and does not have a conditional for the type 60 field.
svn path=/trunk/; revision=23903
The attached patch checks sll_hatype field type and if suggest capture on GRE
interface, the packet will be dissected using GRE dissector table. Also prints
physical addresses with length 4 as IPv4 addresses.
This fixes bug 2105.
svn path=/trunk/; revision=23892
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
This patch adds a heuristic dissector to the ethernet trailer under the
keystring "eth.trailer". This allows for other protocol plugins which coopt
the ethernet trailer for their own devices to register for trailer traffic
without requiring any further changes to the executable.
svn path=/trunk/; revision=23880
capture file that were actually on the wire. The reassembly code waited for
the gaps to be filled in by retransmissions, which would never come.
With this fix all acknowledged data will be output with "[xxx bytes missing in
capture file]" inserted in every gap.
svn path=/trunk/; revision=23878
Anders Broman