it's an obvious duplicate; if the addresses are in the same domain, it's
almost certainly a duplicate; if the addresses are in different domains,
but one company bought some of the product line for another company, we
assume it's a duplicate (e.g., we presume Martijn Schipper moved from
Intersil to GlobespanVirata when Intersil sold the PRISM 802.11 chipset
lines to GlobespanVirata, although he now appears to be at Magna Carta).
This still leaves Joost Yervante Damad, Thomas Dreibholz, and Thomas
Palmer as duplicates - probably the same people, but I'll ask The Great
Gazoogle a few questions first.
svn path=/trunk/; revision=28631
Added support for Host Identity Protocol (HIP).
From me:
- Adjusted location of "Checksum" and "HIP Controls", as they seems to have
switched place in the bytes window
- Rewrote some proto_tree_add_uint -> proto_tree_add_item (some still remain)
- Rewrote to not use tvb_memcpy()
- Corrected some proto_tree_add_item's as the format seems to be big-endian
- Terminate ALL value_string's with { 0, NULL }
- No need to zero-terminate value_string strings.
- Removed call to check_col()
- Removed some prototypes
- Removed unused hf_hip_tlv_id, hf_hip_res and hf_hip_tlv_enc_iv (please check)
- Rewrote some C++ comments
svn path=/trunk/; revision=28596
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
* adding pydoc documentation to doc/README.python
* possible to access directly libwireshark via libhandle and raw_<tvb|pinfo|tree>
* transform some methods into properties
* update sample to reflect changes/features
* adding comments!!!
svn path=/trunk/; revision=28532
Add:
- FIX 4.0 to 4.4 fields, auto generated with XSLT stylesheets applied on
http://www.quickfixengine.org/ xml files (not included quickfixengine code is
BSD but xml files have no copyright).
- value_string functions for string keys, added to value_string.c.
- FIX desegmentation, it doesn't work well with malformed FIX PDU.
svn path=/trunk/; revision=28478
- Removed heuristic for find if is_request and used event_type
- URB_INTERRUPT don't goes in reverse direction... fixed
svn path=/trunk/; revision=28477
I've created a new bug rather than reopening 1181 as the scope is constrained
somewhat more.
Basically, when capturing from a named pipe the wireshark display lags by one
packet. This is especially frustrating when the packets arrive at low rates.
tshark is fine. But the packet count in dumpcap also lags by one.
Looking at the code, the problem appears to be in cap_pipe_select(). It
attempts to use WaitForSingleObject() on the named pipe but AFAICT this never
blocks.
I've attached a diff for some code that fixes the issue for me. The semantics
of overlapped IO in Win32 is quite different from the select/read model - hence
the other changes!
I've tested this fix on WinXP, 2k server and 2003 server. I've also checked
that my changes compile on a Freespire box that I have lying around.
From me:
Adapt the changes for dumpcap, which is where the affected code now lives.
svn path=/trunk/; revision=28452
When audio samples have to be dropped or silence samples inserted to reflect
the timestamp there is no indication of these problems on the display.
I propose that such problems be indicated on the waveform display by the use of
amber coloration and that the number of incorrect timestamps be listed
svn path=/trunk/; revision=28451
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
Attached please find a patch that enables to heuristically find VNC
traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item()
functions)
svn path=/trunk/; revision=28394
Add support for TightVNC extensions to the VNC dissector.
It has the following changes:
- Dissect TightVNC negotiation (tunneling, basic authentication, capabilities).
- Dissect X cursor encoding.
- Dissect POINTER_POS encoding.
- Dissect the general form of Tight rectangles.
- Dissect Tight image data (basic compression, JPEG, gradient).
- Handle LastRect encoding.
- Fix some always-true conditions.
- Some code cleanups.
svn path=/trunk/; revision=26825
Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
The decoded value of Size Packet shown as "From the calling DTE" is the value
of "From the called DTE".
When the size packet to negotiate has any of 512, 1024, 2048 or 4096 bytes, the
value shown decoded is erroneus.
The patch attached also includes new decoded facilities:
- Extended CUG selection.
- Extended access outgoing CUG selection.
- Extended RPOA selection.
- NUI selection.
- Charging info selection.
- Call dureation.
- Segment Count.
- Monetary Unit.
svn path=/trunk/; revision=24932
This plugin implements a dissector for Infiniband. It is released
under the GPL v2.
Rather than using say libpcap to capture raw (unframed) IP packets
from near the top of an IPoIB stack, this plugin dissects link level
Infiniband frames.
Infiniband trace files can be read from Endace ERF format trace
files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND
records. There is currently no native DLT_INFINIBAND in libpcap.
Each record contains a hardware timestamp, capture metadata such as
port Id, and a complete link level Infiniband frame starting from
the Local Route Header.
svn path=/trunk/; revision=24628
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
This is a new dissector plugin for Hilscher analyzer frames.
These frames are generated by Hilscher analyzer products and are identified via
their unique source MAC address (this is a reserved MAC from Hilscher-range and
will never be used by another network device). Most likely these frames are
only generated on a virtual network interface or the generating device is
attached directly via patch cable to a real network interface, but not routed
through a network. The Ethernet-header (destination MAC, source MAC and
Length/Type) is not displayed in the protocol tree for these frames as this is
overhead-information which has no practical use in this case.
Note:
This is a heuristic Ethernet dissector which means it gets called for every
Ethernet frame. So as to not cause a performance hit for most Wireshark users
it has a preference which, by default, disables the dissector.
svn path=/trunk/; revision=24495
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
Add a dissector for the Scripting Service Protocol provided as part of the
RSPLIB package. RSPLIB is an Open Source implementation of the upcoming
Reliable Server Pooling standard. The scripting service is an application
for load distribution, based on Reliable Server Pooling.
From me:
Shorten the protocol name to SSP.
svn path=/trunk/; revision=24276
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
Fix the bug related to Option template:
- System scope (check that options scope size is == 4, not <= 4)
- Interface scope (same)
Same fix for fields BytesExported PacketsExported FlowsExported.
Also fix some tabulations in a previous patch related to IPv6 Addresses.
svn path=/trunk/; revision=24138
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
Error message when capturing too short WTAP_ENCAP_USB_LINUX type packets
contains a copy-paste typo.
From me:
Fix some addresses in AUTHORS.
svn path=/trunk/; revision=23882
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
This patch adds support for IMPS 1.3 protocol dissection and also
updates IMPS 1.2 protocol to approved release version.
From me:
- Updated vals_wbxml_public_ids table.
- Reindented file.
svn path=/trunk/; revision=23078
found by desktop-file-validate:
wireshark.desktop: warning: value "" for key "Path" in group "Desktop Entry"
does not look like an absolute path
wireshark.desktop: warning: value "GNOME;Application;Network;" for key
"Categories" in group "Desktop Entry" contains a deprecated value
"Application"
wireshark-root.desktop: warning: key "Encoding" in group "Desktop Entry" is
deprecated
wireshark-root.desktop: warning: value "" for key "Path" in group "Desktop
Entry" does not look like an absolute path
wireshark-root.desktop: warning: value "GNOME;Application;Network;" for key
"Categories" in group "Desktop Entry" contains a deprecated value
"Application"
svn path=/trunk/; revision=23034
- reassembling of fragmented TIPCv2 messages
- calling of heuristic subdissectors
- multicast upper+lower bound header fields are now shown
- corrects few typos in the comments in packet-tipc.c
svn path=/trunk/; revision=22889
When LACP packets have the actor state or partner state fields set to 0x00,
wireshark prints the state like this (note the closing parenthesis):
Actor State: 0x00)
Since there are no flags set, this fields should be printed like this:
Actor State: 0x00
svn path=/trunk/; revision=22594