Eric Wedel
Add a preference to RPC (default off) that will heuristically attempt to find
PDUs starting in the middle of a segment.
svn path=/trunk/; revision=15260
the length and object class items into that tree. Put the object class
item into the tree as a visible item, rather than as a hidden item and
as a text entry.
Add some additional length checks.
svn path=/trunk/; revision=15258
There's no need to build a list of all the options and then dissect them
individually; just have one loop that dissects them. (The full list
wasn't being freed, so we were leaking memory.)
Add some more sanity checks.
Clean up a bunch of other things.
svn path=/trunk/; revision=15255
Fix the sizes of some items to match what's in the I-D and what's being
fetched from the packet.
Check for the length of items before doing *anything* with the item,
including fetching the data from the packet. Just put a "bad length"
indication into the protocol tree; don't abort the dissection (we can
just move on to the next TLV).
svn path=/trunk/; revision=15254
user by crashing due to a null pointer dereference, punish the dissector
writer by saying he or she didn't bother providing an explanation of the
error.
The exception message isn't a const string any more; make the
"exception_message" argument to "show_exception()" a "char *", not a
"const char *".
svn path=/trunk/; revision=15251
message not be const (as we generate messages with "g_strdup_sprintf()",
which means they need to be freed; using a null message means that we
don't have to use a special string for exceptions with no message, and
don't have to worry about not freeing that).
Have THROW() throw an exception with a null message pointer. (This
means that you crash if you throw DissectorError with THROW(). Don't do
that - it means you don't get a more detailed explanation of the
dissector problem. Use the DISSECTOR_ASSERT, etc. macros in
epan/proto.h instead.)
Free the exception message for DissectorError, as it's mallocated.
svn path=/trunk/; revision=15250
"tvb_fake_unicode()" never returns a null pointer, so there's no need to
check for it; there's also no need to check that it's not an empty
string before freeing it, as it's always assigned a g_malloc()ed string.
It also takes as an argument the number of Unicode characters in the
string, not the number of bytes in the string.
Use "format_text()" when adding a string to the Info column, in case
it has non-printable characters.
Don't use "proto_tree_add_string_format()" if you don't have to.
svn path=/trunk/; revision=15239
transfer context; that way, we don't have to make "di->xfer" a "const"
pointer, and can thus pass it to "g_free()" (if non-null) without
the compiler whining at us.
Note that telling the user to "click on ASSOC request" is not the best
thing to do, unless we simply cannot determine the right ASSOC request
to click on.
svn path=/trunk/; revision=15238
_U_-ify some unused arguments, rather than assigning them to themselves.
Un-constify one variable that gets assigned a mallocated pointer.
Clean up indentation.
svn path=/trunk/; revision=15236
DissectorError. In packet-kerberos.c, restore pinfo->private_data if
we throw an exception, which keeps the SMB dissector from throwing
a DissectorError. Initialize variables in other places to squelch
valgrind warnings.
svn path=/trunk/; revision=15235
here are the highlights of what's fixed:
1) Decoding of vendor-defined types
2) Decoding of some event notification parameters (not all)
3) Decoding of ABSTRACT-SYNTAX&Type
4) Decoding of BACnetTimeStamp
5) Some problems with context-tagged values (like booleans)
6) Continuation segments - don't try to decode them since you can't
start mid-PDU
7) Removed some excessive levels of subtrees
svn path=/trunk/; revision=15226
Some changes that I made to flesh out GPRS message parsing. More information is displayed about the various frame formats. I have also added some code to parse XID parameters in the U frame. I have also fixed a couple of display bugs in the GSM and GPRS LLC parser.
svn path=/trunk/; revision=15224
"make distclean", even though they come with the distribution, and
make the one in plugins/xml/Makefile.nmake match the one in some other
files.
svn path=/trunk/; revision=15214
Among the improvements are:
- fixes to call-tracking (it's now less likely to confuse two separate
calls, for instance)
- improvements to Information Element dissection (clearer dissection,
dissects more IE types, easier to extend)
- you can now filter on the content of DTMF packets
- Analysis of timestamps (calculation of absolute timestamp, and packet
lateness).
- fixed a couple of assertion failures in subtle corner-cases.
negative relative times:
- get_timedelta()
- addtime()
- ftype-time.c:relative_val_from_unparsed()
I've also moved get_timedelta() and addtime() out of calldata.c into a
new file, epan/nstime.c, as I needed to use them in a dissector I'm
working on (and they therefore needed to go into libethereal).
svn path=/trunk/; revision=15201
the strings mmse got from tvb_get_string were never released anyway
so this would resolve significant memory leakage in mmse.
there are still memleaks in mmse but one step at a time
svn path=/trunk/; revision=15197
Unfortunately, this is *very* safe now as it will mark a lot of DCE/RPC packets as malformed, thus the reassembling code won't work with most packets :-(
I've replaced this with the correct check and used THROW(ReportedBoundsError) instead which is hopefully the right error in this case.
BTW: could someone please add a description of the ReportedBoundsError vs. BoundsError to the code as I still don't get it.
In addition: Use a toplevel tree item to display the DCE/RPC defragmentation just as it's done in the TCP desegmentation code.
svn path=/trunk/; revision=15188
it should be declared in a header file, so that the plugins can #include
the header file rather than using a possibly-out-of-date private
declaration, and so that it's clearer that it shouldn't be static).
svn path=/trunk/; revision=15153
might be irrelevant in this case, but we might as well not throw them
out.
Clean up some code that sets "cdata->flags".
svn path=/trunk/; revision=15149
http://cvs.fedora.redhat.com/viewcvs/rpms/ethereal/FC-4/:
In the LPD dissector, make lpd_client_code a value_string so that we
don't segfault. Do the same for lpd_server_code, although it's not
strictly necessary.
Check to see if htmlview is installed, and use it as our HTML viewer.
The Fedora RPM has other patches, but I'm not sure if they should
be applied.
svn path=/trunk/; revision=15143
data dissector might be overkill, as it causes each of those chunks to
be dumped in hex in Tethereal output - along with whatever's done with
the data reassembled from those chunks.
svn path=/trunk/; revision=15141
dissector says "sorry, I need even more data in this packet", don't flag
that packet as being reassembled in that frame. Indicate that we should
perhaps do all the "partial reassembly" stuff in
"fragment_set_partial_assembly()", which would obviate the need for the
hack in the TCP dissector.
Clean up indentation.
svn path=/trunk/; revision=15139
that they are not longer than the reported length of the tvb.
this triggers some bugs since in packet-ber we are a bit too lax in setting reported_length of the tvb_new_subset() tvb.
this cause short kerberos packets to not be decoded at all and the same for other short asn based packets as well.
fix some of these instances.
svn path=/trunk/; revision=15127
hf_qos_buf_ac, hf_qos_buf_load and hf_qos_buf_state
but failed to add them to the hf_ array. Commented out their
use for now.
svn path=/trunk/; revision=15116
Additionally in dissectors/packet-ansi_map.c:
Flag unused parameters as such and remove dummy
param = param;
statements.
svn path=/trunk/; revision=15114
if some function takes, for example, a "char *" as an argument, but
you're passing it an "unsigned char *", you don't squelch the warning by
removing the include of the header that declares that function (you then
get warnings about the function not being declared, at least with some
compilers), you put in a cast (if the signedness doesn't matter) or
arrange that you pass a "char *".
svn path=/trunk/; revision=15110
a patch that adds support for
dissecting packets captured on ML-, LS- and AS PICs
using Multi-link PPP encapsulation,
running JUNOS 7.3 or higher;
additional there i did some clean-up in the
juniper dissector that makes future addition
of JUNIPER_DLTs easier;
svn path=/trunk/; revision=15081
The FC D_id and S_id fields in teh FC frame encapsulated inside iFCP unfortunately has "undefined" (semi-random) values so we can not use th S_/D_id matching in FC when transported atop iFCP.
Change iFCP to call a new fc_ifcp handler instead of the fc handler.
Add a new handler to FC specific to iFCP.
Only set the pinfo->src/dst fields to the S_id/D_id fields IFF the FC frame was NOT transported ontop of iFCP.
Othervise we just use the TCP/IP values that are already stored there.
Some Hosts use RelativeOffset fields for FC. We can only dissect the RelOff field with offset 0.
Change FC to only call the FCP subdissector if offset==0 when relative offsets are used.
Some hosts when using relative offsets do not specify a proper value for rxid in teh commands instead htey lkeave it as 0xffff
Change the FCP conversation matching to ignore RXID when searching for a conversation.
svn path=/trunk/; revision=15076
- bug fixes to the dissectors for the GENERALIZED_UNI and
LABEL objects
- improved dissector of flag field for the ERROR object
- improved LABEL_SET object dissector
- support for the new (proposed) ASSOCIATION object (see
draft-ietf-ccamp-gmpls-recovery-e2e-signaling).
Moveover find also attached a patch to OSPF that fixes a line
of source code lost in the TNA TLV (the code compiled anyway).
svn path=/trunk/; revision=15066
FD_NOT_MALLOCED set, has to be copied - all FD_NOT_MALLOCED means is
that the fragment's data is part of the old reassembled data, rather
than a malloced chunk of its own (this happens if, after reassembly, the
dissector says more reassembly is necessary, as can happen, for example,
in the case of HTTP and other protocols where reassembly continues until
a terminator is seen). Not copying the data means that the reassembled
data is, in part, whatever random junk happens to be in the
newly-allocated buffer.
Back out the change not to copy the data, but add some sanity checks, in
the hopes of preventing the crash that caused the change not to copy the
data to be added, and in the hopes of discovering the ultimate source of
that crash and fixing it.
svn path=/trunk/; revision=15057
Call "dissect_attribute_value_pairs()" regardless of whether we're
building a protocol tree, so the EAP subdissector is always called.
"dissect_attribute_value_pairs()" is only called when the length of AVPs
in the packet is non-zero; don't bother checking for a zero length.
Don't put two items in for each AVP - one is sufficient.
Add some more length checks when processing AVPs. Don't require AVPs to
be at least 3 bytes long - they might have just a type and length; let
an exception be thrown if that's a problem.
Don't require that the entire AVP be available in the tvbuff before
processing it; let an exception be thrown as we're processing the AVP if
we don't have all the data, so the stuff before the end is processed.
Give the tvbuff for the AVP data a length that reflects the length of
data left in the tvbuff, so that the appropriate exception is thrown if
the packet was cut short by a snapshot length.
Don't have a fixed-length buffer for reassembled EAP messages; grow it
as necessary.
Don't special-case the initial part of the processing of EAP messages;
put in the standard length item, as well as, for fragments, an item for
the fragment data.
Check for non-consecutive EAP-Message attributes.
Set the columns non-writable while dissecting the EAP message, so
Protocol and Info reflect the RADIUS packet.
Doing the reassembly by gluing together all the consecutive EAP-Message
attributes means we don't need help from the EAP dissector, returning
the total length of the EAP message. Get rid of the no-longer-needed
eap_fragment dissector; just call the regular EAP dissector.
svn path=/trunk/; revision=15046
(presumably-)harmless-but-otherwise-unremovable const-to-nonconst
warnings.
In the TACACS dissector, clean up the variables used in option parsing
to avoid some const-to-nonconst warnings.
Clean up some white space.
svn path=/trunk/; revision=15043
Use correct offsets to decode bssid in all cases:
Depending on the packet type the header contains
up to 4 addresses but may contain less. The position/
definition of the bssid changes as a result of this.
svn path=/trunk/; revision=15038
- use ep_alloc for reassemling eap fragments instead of a static buffer
- use ep_strdup_printf() instead of a static buffe to return the cosine's VP/VC AVP label
- add few TODO comments
svn path=/trunk/; revision=15028
syntax-tree.c to syntax-tree.h.
This fixes some warning of type
sttype-integer.c:33: warning: no previous declaration for
'sttype_register_integer'
svn path=/trunk/; revision=15011
Collapsed the control and data protocols into dissector to cope with commands and data over the same TCP connection. I've also prettified things a bit and now decoded a few more command parameters.
svn path=/trunk/; revision=15001
This offesr memory allocation with a packet scope making memory leaks less likely and memory management faster.
Add initialization calls for both tethereal and ethereal.
Convert the ip_to_str() function to use this and avoid doing the silly rotating buffers thing it previously did.
We also need an equivalent set of functions for allocation with capture file scope (free when next capture is loaded) but i dont know where to put the free_all call.
svn path=/trunk/; revision=14984
- Make sure every function that has an "add_string" argument, make sure
it isn't NULL before we write to it.
a null "add_string".
- Use "_U_" instead of "add_string = add_string" to squelch compiler
warnings.
- Fix other compiler warnings.
In packet-uma.c, pass NULL instead of "" for the add_string argument to
de_mid(). Fixes bug 287.
svn path=/trunk/; revision=14971
as FT_INT32 shows a negative number if appropriate.
Is there a better way to solve this?
Does this problem occur in other places too?
svn path=/trunk/; revision=14970
default, but the Cisco Redundant Link Management protocol can also use
that port; RLM packets are 8 bytes long, so we use this to distinguish
between them.
svn path=/trunk/; revision=14950
read the RADIUS directory.
The error string from "radius_load_dictionary()" is g_malloced; free it,
and g_strdup the "Could not find the radius directory" error, so we
don't have to worry about constant vs. g_malloced strings.
svn path=/trunk/; revision=14937
(the values are const because nobody's supposed to modify them once
they've been allocated, but they *can* be freed - by us - when we're
done with them).
svn path=/trunk/; revision=14936
- asn2eth was updated to support new PER helper functions for SET/SEQUENCE OF
- #.FN_PARS implemented for SET/SEQUENCE OF and REAL
- PER SET/SEQUENCE OF field can be FT_UINTxx to display number of items
- PER dissectors regenerated
svn path=/trunk/; revision=14921
make dissect_dcerpc_uuid_t() accept eitehr FT_STRING (old style) and FT_GUID (new style) hf fields. once all dissectors are modified to use FT_GUID we can remove the FT_STRING support here.
regenerate the DRSUAPI interface with the new FT_GUID support.
svn path=/trunk/; revision=14912
A patch to the AIM dissector to support Client Auto Response messages. I still don't know the meaning of all the fields as they weren't all mapped but this patch decodes all the important ones.
svn path=/trunk/; revision=14911
files as not all make implementation work with this.
Found by running
grep '^ ' `find . -name "Makefile.am" -o -name "Makefile.common"`
Gerald: Maybe adding this to the buildbot would be a good idea after all.
svn path=/trunk/; revision=14904
returned quite a list of files. Add them to MAINTAINERCLEANFILES.
Whitespace changes (replace multiple spaces by TABs, in a few cases this
needed to be done at the beginning of Makefile lines.
svn path=/trunk/; revision=14891
calculate RTO as the delta between the retransmitted frame and the last previous frame seen for this session (in the same direction).
while this is technically not the RTO this delta is in most cases more important/useful than the tru RTO anyway since this measure represents the amount of thiime that the link went idle while waiting for an RTO.
It would be nice with a statistics tap for TCP where one couls see, seeion by session :
Length in time of the session.
Total bytes transferred
Number of retransmissions
Time spent waiting for an RTO
Time spent waiting for an RTO in % of the total time.
svn path=/trunk/; revision=14890
pointers either "void *" or "guint8 *", to reduce the level of compiler
warnings (the data in question is largely binary in those cases).
svn path=/trunk/; revision=14886
current signature ("class" is a "gint8 *", not a "guint8 *", and "tag"
is a "gint32 *", not a "guint32 *"). Re-generate the dissectors from
the ASN.1 and the .cnf files in the cases where the arguments were fixed
in a .cnf file.
Give some dissectors the right svn:keywords and svn:eol-style settings.
svn path=/trunk/; revision=14885
making pointers to byte data be "guint8 *" rather than "char *",
and making buffers holding byte data arrays of "guint8" rather
than arrays of "char";
making pointers to text strings "char *" rather than "guchar *";
appropriately casting pointers (cast to "guint8 *" when passing
to routines expecting "guint8 *" or when assigning to "guint8
*");
making port-number preferences "guint";
making enum preferences "gint";
making hf_ variables "int".
Clean up white space.
svn path=/trunk/; revision=14884
address an array of guint8 - that squelches some compiler warnings.
Use -1 rather than tvb_length(tvb) to make the item for LWAPP go to the
end of the tvbuff.
svn path=/trunk/; revision=14883
the handle, rather than finding it every time we need it.
Just make a guint8 array with the BitTorrent magic string length
followed by the string, and use "tvb_memeql()" to test against that - it
handles checking to make sure there's enough data in the tvbuff (if
not, it returns -1 as a "no match" indication) and then checks all of
the first 20 bytes in one operation.
Clean up white space.
svn path=/trunk/; revision=14882
hand.
Use "g_strdup()" rather than duplicating its functionality by hand.
Make the magic number an array of "guint8", as "tvb_memeql()" expects a
pointer to "guint8".
svn path=/trunk/; revision=14881
set but not used). (Leave "pi" around so the warning acts as a reminder
that the tap structure stuff needs a cleanup - currently, the tap
structures aren't freed; perhaps the new memory allocation scheme
proposed by Ronnie could be used for tap structures.)
Have "ac_istrace()" return NOT_ACTRACE for apparently non-actrace
packets and return the packet type for actrace packets, so that we don't
need a global variable for the packet type.
Make "actrace_udp_port" unsigned to squelch a signed vs. unsigned
warning.
Use "col_set_str()" rather than "col_add_str()" when setting the
Protocol column.
We don't recognized packets as CAS packets unless they're 48 bytes long,
so we don't need to test whether they're 48 bytes long in the CAS packet
dissection code.
Use the reported length, not the captured length, when doing length
checks.
svn path=/trunk/; revision=14874