r35887 added ntp_to_nstime() to packet-ntp since a couple of dissectors had
their own versions. The version used was from packet-netflow; switch to the
version from packet-zep because that one's math works better: the fractional
time is actually shown.
svn path=/trunk/; revision=41045
The change made in r40742 turned out to not be portable (FreeBSD doesn't have
the timezone global variable), so use another method to determine the current
timezone.
Also fix a bug introduced by r40742's change to display this timestamp in UTC:
if the reported (by the message) time zone has a negative offset to UTC, shift
it forward (not backward) to get UTC (and the opposite for positive offsets).
svn path=/trunk/; revision=41044
the details of what in particular is unsupported; report it in TShark
and Wireshark.
Handle WTAP_ERR_RANDOM_OPEN_PIPE in TShark.
Handle WTAP_ERR_COMPRESSION_NOT_SUPPORTED in TShark, and have its error
message in Wireshark not speak of gzip, in case we support compressed
output in other formats in the future.
If we see a second section header block in a pcap-NG file, don't report
it as "the file is corrupted", report it as "the file uses a feature we
don't support", as that's the case - and don't free up the interface
data array, as the file remains open, and Wireshark might still try to
access the packets we were able to read.
svn path=/trunk/; revision=41041
distribution.
To do this, however, requires renaming that directory because automake can't
handle files with spaces in their names.
svn path=/trunk/; revision=41040
The Lua API does not have FT_*, it has ftypes.*, so use that in the
documentation. Also, list out each ft so the user knows what the available
options are.
svn path=/trunk/; revision=41035
Since his r41025 change to the HTTP dissector fixes the problem reported in
the subject bug, revert r41018 (whose check-in comment, BTW, should have
referenced this bug instead of 6817).
svn path=/trunk/; revision=41028
Remove tag_len parameter - it was redundant.
The length passed no longer contains the vendor id.
- add_tagged_field / TAG_VENDOR_SPECIFIC_IE:
Reorder so that the ieee "standard" vendor ids come fist,
after that the really vendor specific stuff.
svn path=/trunk/; revision=41027
-- HTTP/1.1":
Any HTTP/1.1 message containing an entity-body SHOULD include a
Content-Type header field defining the media type of that body. If
and only if the media type is not given by a Content-Type field, the
recipient MAY attempt to guess the media type via inspection of its
content and/or the name extension(s) of the URL used to identify the
resource. If the media type remains unknown, the recipient SHOULD
treat it as type "application/octet-stream".
To quote section "4. Encoding of Transport Layer" of RFC 2565, "Internet
Printing Protocol/1.0: Encoding and Transport":
HTTP/1.1 [RFC2068] is the transport layer for this protocol.
...
Note: even though port 631 is the IPP default, port 80 remains the
default for an HTTP URI. Thus a URI for a printer using port 631
MUST contain an explicit port, e.g. "http://forest:631/pinetree". An
HTTP URI for IPP with no explicit port implicitly reference port 80,
which is consistent with the rules for HTTP/1.1. Each HTTP operation
MUST use the POST method where the request-URI is the object target
of the operation, and where the "Content-Type" of the message-body in
each request and response MUST be "application/ipp". The message-body
MUST contain the operation layer and MUST have the syntax described
in section 3.2 "Syntax of Encoding". A client implementation MUST
adhere to the rules for a client described for HTTP1.1 [RFC2068]. A
printer (server) implementation MUST adhere the rules for an origin
server described for HTTP1.1 [RFC2068].
So, when choosing a subdissector for HTTP request bodies, search based
on the media type first, and only if we *don't* find a dissector for the
media type, do other stuff such as heuristics or choosing a subdissector
based on the port number.
This fixes a number of problems; in particular, it fixes bug 6765
"non-IPP packets to or from port 631 are dissected as IPP" without
requiring the IPP dissector to attempt to determine whether an entity
body looks like IPP. It also ensures that the default dissector for
HTTP entity bodies, the "media" dissector, will get the media type
passed to it in pinfo->match_string.
Don't use "!str*cmp()" while we're at it - it's valid C, but the "!" can
make it look as if it's checking for something not being the case when,
in fact, you're checking for equality rather than inequality. (The
str*cmp() routines don't return Boolean results.)
svn path=/trunk/; revision=41025
The Lua API does not have BASE_*, it has base.*, so use that. Also, list out
each base so the user knows what the available options are.
svn path=/trunk/; revision=41024
manually insert the fragment data to the tree (by calling show_fragment_tree());
doing both just means the fragments get added to the tree twice.
svn path=/trunk/; revision=41022
proto_tree_move_item(): that function will expects the item, not its parent.
This avoids dissector bugs such as the one reported in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6768 :
** (process:745): WARNING **: Dissector bug, protocol RTP, in packet 82:
proto.c:4273: failed assertion "fixed_item->parent == tree"
svn path=/trunk/; revision=41021
Make the IPP dissector a 'new-style' dissector that does not accept packets
which are clearly not IPP.
This is useful when a user points their web browser at a CUPS server--which
causes the CUPS server to spit out a nice looking web page from which you can
administer the server and/or printers but which up until this fix caused the
IPP dissector to mark the packet as malformed.
svn path=/trunk/; revision=41018
for (i = 1; i <= N; i++)
...
the type of "i" must have, as its maximum value, a value >= the maximum
value of N; otherwise, if N is equal to the maximum value that fits in
"i", the loop willnever terminate. (If that requires "i" to be larger
than you'd like, do the loop as
for (i = 0; i < N; i++)
...
which doesn't have that problem.)
Clean up the "i = 1" clause's white space in those for loops.
svn path=/trunk/; revision=41010
For WTAP_ENCAP_ERF files if we find an Extension and/or Multi-Channel header,
ensure that the size of the full pseudoheader is smaller than the packet size
to avoid an underflow and subsequent attempt to allocate a rather large amount
of memory.
svn path=/trunk/; revision=41008
"..." after it, as it pops up a dialog box to let you actually type in a
comment.
Add "Add or Edit Packet Comment" to the menubar's Edit menu.
svn path=/trunk/; revision=41005
could cause an unsigned length value to be reduced by more than its
value, turning it into a very large value.
I couldn't exactly reproduce bug 6833, but it was due to an attempt to
allocate 4294967110 bytes, and this bug caused remaining_len to equal
4294967110, and it would try to create a reassembled packet tvbuff of
that size, so I'm guessing this fixes 6833.
svn path=/trunk/; revision=41001
Jörg Mayer