find attached the patch that reflects this interpretation of
> this field accordingly. It also fixes a few minor bugs associated with
> the handling of 'UNIX Secs' field and two field types
> (LAST_SWITCHED(21) and FIRST_SWITCHED(22)) in case of NetFlow V9.
svn path=/trunk/; revision=17698
Some cosmetic changes:
- when working out the application id description to show in the info
column, also consider vendor application identifiers
- make sure application ids and command codes are always shown as
decimal numbers
- a little whitespace tidyup
svn path=/trunk/; revision=17684
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
of 16 bytes. Use "sizeof" for the size of e_guid_t's, and use structure
assignment to copy GUID values.
Make functions such as append_h225ras_call() and new_h225ras_call() take
pointers to e_guid_t's as arguments.
Define GUID_LEN in epan/guid-utils.h and use it as the length of a GUID
in a packet. (Note that "sizeof e_guid_t" is not guaranteed to be 16,
although it is guaranteed to be the size of an e_guid_t.)
When constructing a display filter that matches a GUID, use
guid_to_str() to construct the string for the GUID.
svn path=/trunk/; revision=17676
displayed by name in debuggers and so that switch statements can check
whether all types are handled.
Add a check for an unknown handle type, to squelch compiler warnings
(and to catch missing handle type code at run-time, if new handle types
are added).
svn path=/trunk/; revision=17671
BACnet schedules. Could someone please take care of this?
1) fDate - correctly handle wild card year
2) fTime - rename local variables cut-and-pasted from fDate
3) fCalendarEntry - do single-pass decoding rather than while loop since the structure cannot be repeated.
4) fDailySchedule - correctly handle enclosing context tags.
5) fWeeklySchedule - correctly handle enclosing context tags
6) fAcknowledgeAlarmRequest - fix function name spelling and tags 3 and 5 are timeStamp, not time.
7) fSpecialEvent - handle context tags correctly.
8) fReadRangeRequest - Add cases from 2004 spec
Dave Richards
svn path=/trunk/; revision=17667
- dissection of SIP headers containing credentials and challenges.
from me:
- add filter fields for some missing related parameters from RFC 3261
- improve calculation of parameter length.
This implements enhancement request (bug id 812)
svn path=/trunk/; revision=17660
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
This small patch will cause the current AVP dictionary to be freed and
repopulated when relevant preferences have changed.
svn path=/trunk/; revision=17635
Please find enclosed a patch for the BGP dissector.
A 0 length IP address is valid in NLRI dissection. It just means "0/0 address".
svn path=/trunk/; revision=17634
update it to dissect it as such and create new helpers for the new structure that takes one extra guint32 at the end of the previous structure.
svn path=/trunk/; revision=17632
The code assumes Template FlowSet contains only one Template Record, which is not necessarily true. Please find attached the patch to fix it.
svn path=/trunk/; revision=17630
> This patch:
> - adds a few filterable fields (currently there are only hidden
> boolean fields for request and response).
svn path=/trunk/; revision=17629
>>>This patch:
>>>- makes it possible to turn off use of the XML AVP dictionary (which
>>>relies upon the XML lib being installed). A failed load results in 3
>>>annoying dialogs popping up the first time a diameter packet is read.
>>>Default is previous behaviour.
svn path=/trunk/; revision=17628
and if the checksum is wrong
and if the checksum field is 0x0000
mark the packet as [Checksum Offloaded] and still allow reassembly of
tcp segmetns
since it is most likely just a tco checksum offload engine and not a real checksum error
svn path=/trunk/; revision=17612
(report luns with allocation length 8 for example)
Therefore it is a bit wrong to mark these packets as [malformed packets]
Since they are truncated by scsi and this is NOTY an error condition.
Add a new exception type : ScsiBoundsError
If this exception is caught by packet-frame, then print an appropriate message
instead of [malformed packet]
For SCSI, add helper macros TRY_SCSI_SHORT_PACKET and END_...
If the packet was not short in the normal sense (snaplen < packetlen) then intercept the exception for BoundsError and rethrow it as ScsiBoundsError instead.
svn path=/trunk/; revision=17611