Improved AIM protocol dissector:
* Decodes more values acording to official Oscar spec
* Renamed clientautoresp to client_err (as written in spec)
* Fix decoding orror on rendezvous channel
* Other small improvements
svn path=/trunk/; revision=29953
Version 4.8.0 of collectd introduced two new data source types: DERIVE and ABSOLUTE.
With this patch support for the new data source types is added so they are displayed correctly.
svn path=/trunk/; revision=29947
for the MS Power Level and FPC in the L1 Information and MS Power IEs.
This should fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4017
(though I don't have a sample capture to verify the fix and that I didn't
break anything.)
svn path=/trunk/; revision=29944
This patch adds statistics information to the collectd dissector.
Changes by me:
- use ep_alloc for structures being handed to the tap(s) (instead of se_alloc)
- Capitalize the Statistics menu item to get it in the sorted list
svn path=/trunk/; revision=29915
Version 4.7 of collectd introduces cryptographic features for the network
protocol. The current version of the collectd dissector does not know how to
handle these segments and flags them as unknown.
The following two patches add simple support for the TYPE_SIGN_SHA256 and
TYPE_ENCR_AES256 segments. They display the plain text components of
these segments but do not try to verify the signatures or decrypt the encrypted
payload.
Changes by me:
- replace tvb_length_remaining() with tvb_reported_length_remaining()
- replace proto_tree_add_protocol_format() with tvb_tree_add_text()
svn path=/trunk/; revision=29913
Remove a call to checkcol();
Use tfs_set_notset instead of a local true_false_string defintion;
Use consistent indentation;
Adjust some spacing.
svn path=/trunk/; revision=29896
Remove a bunch calls to of check_cols();
Use tfs_set_notset from tfs.c instead of a locally defined tfs struct;
Use consistent indentation;
Adjust spacing on some lines and reformat a few long lines.
svn path=/trunk/; revision=29895
This patch adds support to Wireshark for dissecting UDP packets used by
collectd's network plugin in order to transmit data from ones host to another
host (e.g. centralized storage of statistics while data is collectd on
individual systems)
The current dissector understands the part types supported by collectd-4.5
series and gracefully processes future part types (flagging them as unknown).
In regard to protocol errors or bad packets checks are based on the various
length fields used, parts are marked with warning when length is unexpected;
marked with error when length breaks minimal rules.
svn path=/trunk/; revision=29887
but (since the patch no longer applied cleanly) essentially manually
re-implemented by me:
Rename "stun" to "classic stun" and "stun2" to "stun", to follow the usage
defined in draft-ietf-behave-rfc3489bis-18 section 2.
svn path=/trunk/; revision=29884
optimizations patch http://wiki.wireshark.org/Development/Optimization
'patch.29854.diff.gz"
- ei->protocol is a constant.
- Don't setup expert tap data if there's no tap.
svn path=/trunk/; revision=29873
Add a target ("x11-dissector") to build the X11 dissector.
Put the X11-related files (back) in the source distribution.
svn path=/trunk/; revision=29871
Put the git version of mesa and xcbproto in the generated header files.
From me: Don't use 'which' to find git--it wouldn't work on Windows.
svn path=/trunk/; revision=29865
This patch adds extension support to the X11 dissector.
I've removed the perl script from the make file, since the new one depends on
perl 5.10, xcbproto (at least git as of today), and mesa (at least the
mesa/src/mesa/glapi directory). It seemed easier to just add the generated
header files to svn directly.
svn path=/trunk/; revision=29854
Implementation of the IEEE 802.15.4 dissector ignores the Auxiliary Security
Header of the MHR (see IEEE 802.15.4-2006 specs p.138).
The attached patch, add two things :
1) Support for dissecting the Auxiliary Security Header
2) Add a preference option to force the dissection of
the FCS field as being in the TI CC24xx format
svn path=/trunk/; revision=29849
I'm reasonably sure that I introduced this bug and I apologize for the problems
with my previous patch. The problem is that I did not use all of the seen
keys, I used all except the first key, which in a case of one key is none.
The attached patch fixes the error.
svn path=/trunk/; revision=29843
struct _GString
{
gchar *str;
gsize len;
gsize allocated_len;
};
And:
struct _GArray
{
gchar *data;
guint len;
};
We only accessed the first two fields of the GString struct.
svn path=/trunk/; revision=29841
The attached patch improves NHRP dissection and encompasses the following
changes:
1) Now displays Request ID and CIE Reply code or Error code in Info column.
2) Added support for RFC 2520 and RFC 2735 extensions and error codes.
References:
-> http://www.ietf.org/rfc/rfc2520.txt?number=2520
-> http://www.ietf.org/rfc/rfc2735.txt?number=2735
Note: Cisco's NAT Address Extension conflicts with RFC 2735's published
Device Capabilities Extension. Both are assigned type 9. As such, I have had
to add some heuristics to differentiate between them. It should be reliable
though since the former carries a CIE with length > 8 bytes, and the latter a
fixed-length payload of 8 bytes.
3) A few fields previously not filterable now are: hf_nhrp_hdr_op_type,
hf_nhrp_hdr_version and hf_nhrp_error_code.
4) Added support for authentication and vendor-private extension header decode.
NOTE: The authentication extension has been added according to RFC 2332. In
practice, it seems that at least with certain Cisco equipment (I tested with
cisco 2851 IOS version 12.4(15)T), they use their own non-standard
authentication extension format. Because of this, Cisco's version of the
extension will likely either be displayed a little differently than one may
expect or be indicated as being mal-formed ... because in reality, it is.
5) Utilizes expert info in a couple more places to indicate mal-formed packets.
Cisco's Error Indication packet, for example, violates RFC 2332 Section 5.2.7
by including extensions in the Error Indication packet as well as by including
erroneous data following the End Extension. Both cases are reported via expert
info now. Previously, at least with the case of the erroneous data following
the End Extension, the packet would almost certainly have been marked
mal-formed anyway. I now just prevent Wireshark from even attempting to decode
the non-sensical mess.
svn path=/trunk/; revision=29833
We fill out the COL_DSTIDX column by using 'pinfo->dst_idx'. This member is only set by the MDS Header dissector based on 'mdshdr.dstidx'. So remove COL_DSTIDX and migrate to 'mdshdr.dstidx' custom column.
svn path=/trunk/; revision=29795
We fill out the COL_SRCIDX column by using 'pinfo->src_idx'. This member is only set by the MDS Header dissector based on 'mdshdr.srcidx'. So remove COL_SRCIDX and migrate to 'mdshdr.srcidx' custom column.
svn path=/trunk/; revision=29794
We fill out the COL_RXID column by using 'pinfo->rxid'. This member is only set by the Fibre Channel dissector based on 'fc.rx_id'. So remove COL_RXID and migrate to 'fc.rx_id' custom column.
svn path=/trunk/; revision=29793
We fill out the COL_OXID column by using 'pinfo->oxid'. This member is only set by the Fibre Channel dissector based on 'fc.ox_id'. So remove COL_OXID and migrate to 'fc.ox_id' custom column.
svn path=/trunk/; revision=29792
Jeff Morriss