2) Support for RFC 3909 - cancelRequest extendedOperation
3) Support for RFC 3062 - passwordModify extendedOperation
4) Column information for ExtendedRequest, SearchResultRef and AbandonRequest
5) Column information for multiple LDAP operations in the same packet (uses " | " separator)
svn path=/trunk/; revision=24195
I have written the attached patch to improve the userfriendly-ness of the
summary displayed in the last column of the packet list for IGMP packets.
The current code only tells the user the type of packet (REPORT, LEAVE, QUERY),
but doesn't include any information about what multicast group is joined to or
left. Worse, for IGMPv3 Reports the user cannot tell quickly if the multicast
group is joined-to or left, without having to look at the inside of the packet
to know the type of report (include all, include none, exlude none, exclude
all, etc.).
svn path=/trunk/; revision=24190
Corrected display of attributes from previous patch (24165)
For V2, if field length was 0, do not display the empty field. This makes it
easier to read. I only did V2 as I do not have means to test V1.
svn path=/trunk/; revision=24189
The displaying of attribute-lists in an "Attribute Reply" (ATTRRPLY) seems to
be written to display some special non-conforming attributes. Conforming
attributes are either displayed wrong or not displayed at all.
When displaying an attributes-list in a "Service Registration" (SRVREG), the
attribute list is only displayed as a single string (and usually truncated).
While this is not wrong, it should be broken up into the comma separated
attributes as "Attribute Requests" tries to do.
svn path=/trunk/; revision=24163
When dissecting any message containing a "transport layer address", if the
address was NULL (which is valid), the offset pointer was not incremented by 1
and the remaining fields would not be dissected correctly.
svn path=/trunk/; revision=24162
Fix the bug related to Option template:
- System scope (check that options scope size is == 4, not <= 4)
- Interface scope (same)
Same fix for fields BytesExported PacketsExported FlowsExported.
Also fix some tabulations in a previous patch related to IPv6 Addresses.
svn path=/trunk/; revision=24138
This patch provides a new RTP Player preferences dialog. It allows one to
select the maximum number of visable channels in the RTP Player window. The
default is four (4) channels which is the maximum number of usable channels
that the RTP Player can display and still have access to the bottom row buttons
on a 1024*768 resolution display. Specifying a value less than 1 or greater than
10 will be result in the RTP Player displaying the default 4 channels.
svn path=/trunk/; revision=24112
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
Patch to add cdp Power_request and Power_available fields
This added the support for the 0x0019 and 0x001a power_request and power_available fields.
Submitted patch slightly modified to present summary line and make more robust.
svn path=/trunk/; revision=24074
The current dissection of GeneralizedTime in packet-ber does not consider all
the possibilities how this field can be constructed.
According to ITU-T X.680 this field can be encoded as
YYYYMMDDhhmmss([\.,]f{1,3})?(([+-]hhmm)|Z)?
This is a regex-like expression where each letter except the literal 'Z'
represents an ASCII encoded digit.
So far only the first 14 digits are dissected and the 15th character is put
into parentheses. This may not show all available information.
svn path=/trunk/; revision=24071
This modifications are for the new protocol support.
HSE protocol was defined at Fieldbus Foundation <http://www.fieldbus.org/>.
svn path=/trunk/; revision=24064
These packet-g*.c files all have display filter issues:
1) packet-gryphon.c: PROTOABBREV is "gryphon", but display filter fields are
prefixed with only "gryph".
2) packet-gmrp.c: PROTOABBREV is "gmrp", but display filter fields are prefixed
with "garp".
3) packet-gssapi.c: PROTOABBREV is "gss-api", but display filter fields are
prefixed with "gssapi".
4) packet-gvrp.c: PROTOABBREV is "gvrp", but display filter fields are prefixed
with "garp", most of which conflict with packet-gmrp.c's display filter fields.
svn path=/trunk/; revision=24058
dissector. This fixes Coverity CID 238 (as we *were* assuming it was
non-null in one statement, and then only checking it later).
Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's
supposed to be, not to a Boolean value, and explain the basis on which
it's being set.
svn path=/trunk/; revision=24055
Present the country code description gsmmap and SCCP.
Added small ASN1 bugfix - missing EXPORTS used by gsmmap.asn(Handle older ver).
svn path=/trunk/; revision=24048
Wireshark decodes a BACnet ReadRange Ack packet as malformed. The packet itself
is valid as checked with the BACnet 135-2004 specification.
svn path=/trunk/; revision=24039
"USSD-DataCodingScheme ::= OCTET STRING (SIZE (1))
-- The structure of the USSD-DataCodingScheme is defined by
-- the Cell Broadcast Data Coding Scheme as described in
-- TS 3GPP TS 23.038 [25]"
Partly in responce to
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2158
svn path=/trunk/; revision=24019
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015
- add ability to read server private key from encrypted PKCS#12 file
- use 0.0.0.0|any|ANY as a wildcard IP address (e.g. if one certificate is used in more servers)
svn path=/trunk/; revision=23995
After a new display filter macro (dfmacro) has been defined, the first attempt
to use the dfmacro will result in a crash of Wireshark when the closing "}"
character is entered into the "Filter:" text entry field.
svn path=/trunk/; revision=23969
value, so we have valid values to put in the VarBind entry. Include the error
note text as the label.
This should fix bug 2144.
svn path=/trunk/; revision=23962
Don't pass an argument if the argument is overwritten before being used;
make it a local variable instead.
Combine the header and contents of an object into a single tree, as per
a suggestion in bug 1870.
Clean up some flag displays, and put fields into the protocol tree in
the order in which they appear in the packet.
svn path=/trunk/; revision=23960
the support is only semiautomated as this feature does not occur very often
use this feature for the TBCD-STRING in the H.225 dissector
svn path=/trunk/; revision=23958
to some RFCS.
Get rid of an unused dissector table and unused dissector handle.
Add #defines for the object header length and the minimum lengths of
various objects.
Don't use DISSECTOR_ASSERT() to check the contents of a packet - it is
by definition a bug in a dissector if DISSECTOR_ASSERT() is called, and
making a dissector call DISSECTOR_ASSERT() if a value that could
conceivably appear in a packet does appear in a packet is introducing a
known bug into a dissector.
Add more length checks - and use checked lengths for items rather than
updating lengths incrementally.
Clean up indentation and a bunch of other stuff.
svn path=/trunk/; revision=23955
Based on the analysis from Jim Young added some DISSECTOR_ASSERT calls to make sure
the dissection will procede through the packet data.
svn path=/trunk/; revision=23951
DHCPv6 dissector is pretty old, i.e., it needs some updates (provided in the patch).
For instance, RFC 5007 (leasequery) is not taken into account.
svn path=/trunk/; revision=23950
In packet-gsm_sms.c, in function dis_field_ud_iei, it is assumed that the UDHL
must be greater than 2 (because it is expected that IEIa and IEIDLa will be
one byte each and the rest will be IEIDa).
However, there are some cases in which UDHL can be 2. For example, in 3GPP 23.048.
svn path=/trunk/; revision=23945
In our communication systems, we make use of the RTP header extension to encode
signalling information in the form of a bit mask. To improve our debugging, we
extended the default RTP dissector to call back any subdissector registering
for a particular RTP payload type string. This allows to render the value of
the header extension in a different, more flexible way compared to the default
numeric representation, such as in form of a subtree.
svn path=/trunk/; revision=23943
When parsing nfsv4 GETATTR reply in attribute fs_location wireshark displays incorrect content for the attribute value. It looks like instead of parsing as rpc arrays, value gets parsed as
rpc linked list. This patch which fixes the problem
I also noticed that FATTR4_MOUNTED_ON_FILEID attribute is not getting parsed, so I added parsing for that as well.
svn path=/trunk/; revision=23917
have them use least some of the radio-information fields, so that the
same field name can be used for multiple radio header types. The AVS
header can supply the data rate in bits/second, so have that field be in
those units, and make it 64 bits to leave room for the future, Just In
Case. Display it as Mb/s, however.
svn path=/trunk/; revision=23911
During a regular Wireshark trace of UCP packets running over ethernet, I noted
that Wireshark said the login packet was malformed, even though it looked OK
and the server responded correctly. After looking at the UCP protocol, it
became clear that Wireshark was parsing a type 60 message which only has one
Reserverd field (RES1) and expecting it to have two Reserved fields (RES1 and
RES2) like a type 61 message. This is because it is using the same function to
parse both messages, and does not have a conditional for the type 60 field.
svn path=/trunk/; revision=23903
The attached patch checks sll_hatype field type and if suggest capture on GRE
interface, the packet will be dissected using GRE dissector table. Also prints
physical addresses with length 4 as IPv4 addresses.
This fixes bug 2105.
svn path=/trunk/; revision=23892
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
This patch adds a heuristic dissector to the ethernet trailer under the
keystring "eth.trailer". This allows for other protocol plugins which coopt
the ethernet trailer for their own devices to register for trailer traffic
without requiring any further changes to the executable.
svn path=/trunk/; revision=23880
capture file that were actually on the wire. The reassembly code waited for
the gaps to be filled in by retransmissions, which would never come.
With this fix all acknowledged data will be output with "[xxx bytes missing in
capture file]" inserted in every gap.
svn path=/trunk/; revision=23878
- NAL unit - Sequence parameter set
- NAL unit - Picture parameter set
for the trace I have and also dissect those NAL units in the RTP stream.
For "elements coded as ue(v), me(v), or se(v) are Exp-Golomb-coded" only ue(v) is implemented.
svn path=/trunk/; revision=23858
This dissector supports version 3.0 of the dlm (Distributed Lock Manager) protocol.
Actual implementation for the protocol is in linux kernel. See files under linux/fs/dlm/.
svn path=/trunk/; revision=23828
upset MSVC++ if the wrong code page is selected, and there's no
guarantee that all forms of output of dissected packets are in any
particular character encoding.)
svn path=/trunk/; revision=23819
When an ISOCHRONOUS URB was captured the packet-usb.c does not handle it.
Case URB_ISOCHRONOUS was added at two different places to handle it also.
svn path=/trunk/; revision=23817
Use G_GINT64_MODIFIER for gint64 and guint64 values. Use "u", rather
than "d", for unsigned values. Put whitespace in the proper place in
format strings.
svn path=/trunk/; revision=23762
null-terminated string that the format item used when scanning says it
is - i.e., 4 "char"s, including the null terminator.
(Thanks and a tip of the hat to "gcc (GCC) 3.3.5 (propolice)" on OpenBSD
4.2 for finding this.)
svn path=/trunk/; revision=23761
PRI[dux]64 use "ll", but gint64 and guint64 are "long" and "unsigned
long", not "long long" or "unsigned long long", and the compiler warns
about using "%ll[doux]" with "long" or "unsigned long". Use
G_GINT64_MODIFIER instead.
svn path=/trunk/; revision=23760
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
will traverse the entries in the lexical order of the key.
add a flag to lookup/insert for strings to specify whether a case
insensitive key should be used instead of a (default) case sensitive
key.
svn path=/trunk/; revision=23736
Shuffle the expert severities down, and note that we have only 8 bits
available for FI_ flags unless you shrink the set of event groups and
shuffle them and the expert severities up.
svn path=/trunk/; revision=23731
Move the expert information bits to the top of that field, to avoid
collisions (we had a collision with the 0x00000004 bit).
svn path=/trunk/; revision=23726
This simplifies the generation of dissectors for ROS-based protocols using the asn2wrs #.TABLE directive.
See the P7 dissector for an example.
svn path=/trunk/; revision=23706
There is a new check for the length, and the reported_length is added to the
offset, instead of the "theorical" length of the element.
This fixes bug 2052.
svn path=/trunk/; revision=23687
This patchs adds the
- requested check of tlv_len at top of the disection-loop
- length check for fields w/ variable length (expert_add_info_format)
svn path=/trunk/; revision=23673
(it makes easier change from GList to GTree as we have many modules now and GList implementation is slow for searching)
svn path=/trunk/; revision=23669
The Packet decoder for CFM has a couple of small bugs.
1) The frame rate for CCM's is wrong for rate=4, it's shown as 1ms and it should be shown as 1s.
2) The flags display for a LTM packet has the wrong title for bit 7. It should be UseFDBonly, not RDI.
svn path=/trunk/; revision=23649
The startup timeout on Win32 is reduced to 80% without assembler and to 50% with assembler usage (which is optional)
proto.c
- do not look up in filed tree and inserts in two steps but do it at once
- next few small speedups
- some often called elementary functions can be optionally implemented in assembler
- dispart some functions to see more exact result from profiling
packet-tpnc.c
- do not reallocate memory for each filed
svn path=/trunk/; revision=23643
In capture_sync.c: Don't clobber the DLT value.
In packet-cops.c (modified by me): Instead of adding an item as a static,
mis-cast FT_UINT16 to the tree, add it as an FT_NONE.
In packet-802.11.c: Add the right address to the tree.
svn path=/trunk/; revision=23624
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
shorter integral type. Fixes bug 2027.
Rename the "bytes" pointer to "octetstring", and initialize it in a
fashion that makes it clearer that it points to the first of the basic
types, to make it clearer that it's for OctetString.
svn path=/trunk/; revision=23615
used by the mpeg-audio dissector: instead keep the data inside the wiretap
module and add accessor functions. I think this should fix
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677 and anyway it's
cleaner.
svn path=/trunk/; revision=23612
* change expert group from PI_MALFORMED to PI_CHECKSUM (as it should be!!!).
* set item hf_udp_checksum_[good|bad] as generated
svn path=/trunk/; revision=23599
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587
It looks like in dissect_nfs_open_claim_delegate_cur4() instead of dissection
stateid we are doing something wierd and dissecting uint64 instead(remnants of
rfc3010 where stateid was 64 bit number?). We already have function for
dissecting stateids, so just a matter of making a different call.
From me:
Also deleted the hf_nfs_stateid4_delegate_stateid entry.
svn path=/trunk/; revision=23571
Add basic support for NFSv4.1, as of about draft 13 of the current spec.
The protocol is not completely finished yet, and future patches will be
needed to bring it up to date.
From me:
- Add a check for valid pointers in nfsv4_operation_ett
- Always increase offset when calling dissect_nfs_devices4
- Added a default case in dissect_rpc_secparms4
svn path=/trunk/; revision=23570
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
This bugfix is focused only in the Sender ID TLV segment of code. This was to
address the possibility that the Sender ID TLV may not have a Management
Address Domain, and/or a Management Address. This bug was discovered when
testing the dissector using CFM-enabled Netopia modems.
svn path=/trunk/; revision=23534
to the conversation lists. Move the "copy" button down to the button bar
in order to free up some real estate. Add an nstime_cmp() function. Clean
up code in a few places.
svn path=/trunk/; revision=23516
text fields (data & sqlstatement). Also fix the options on the FT_STRINGZ
items - change them to FT_STRING and change BASE_DEC to BASE_NONE.
svn path=/trunk/; revision=23505
Adds const declarations to req_resp_hdrs_do_reassembly() and re-orders some actions to occur after tests which may decide that the actions were not required.
svn path=/trunk/; revision=23504
them with an expert info (PI_WARN).
Change "Duplicate TSN" expert info to "Retransmitted TSN" and make it PI_NOTE
instead of PI_WARN.
Change "More than 100 TSNs gap-acked" expert info to PI_WARN (from PI_NOTE).
Frame numbers (and count of retransmissions) are unsigned, display them that way.
svn path=/trunk/; revision=23502
Added a dissector assert on inconsistent data.
Do not align retransmission or duplicate acknowledgement data in COL_INFO.
Removed several _U_ for used variables.
Re-indented some if-blocks.
svn path=/trunk/; revision=23492
http://www.wireshark.org/lists/wireshark-dev/200711/msg00228.html
Only a single (private) capture file is currently available which contains only a few of the P7 operations, so testing has been minimal.
General attribute types, containing information from the X.400 envelope, are also included.
svn path=/trunk/; revision=23479
on the first fragment of a fragmented message. This allows us to continue
dissecting chunks even if one of the first chunks in the frame was fragmented.
(It's useful to keep doing this partial dissection just so we have some idea
what's in that chunk.)
(One could rightfully argue that you should only see a fragmented chunk
bundled with another chunk when retransmitting but, well, I'm staring at
traces of an implementation--to remain nameless to protect the guilty--which
is sometimes fragmenting and then bundling the fragments into one packet.)
svn path=/trunk/; revision=23471
Graeme Lunt