The RDM protocol has been accepted as ANSI standard E1.20-2006. The following patch updates the decoder to that spec.
At the same time it is promoted to a build-in dissector.
svn path=/trunk/; revision=19596
and replace it with an "enable_decryption" preference.
Instead of forcing the user to specify how many WEP keys we have,
figure it out for ourselves by parsing the key list. When decrypting,
don't worry about the key index specified in the header (which resulted
in trying to decrypt using the same key twice); simply try each key in
order (which we were doing anyway).
In hex_str_to_bytes(), handle a null hex string.
Update the release notes.
svn path=/trunk/; revision=19592
this is a wrapper protocol to store SCSI frames inside usb bulk data transfers
the dissector is far from complete but does
track ITL and ITLQ structures and will also call the SCSI dissector to
dissect the SCSI CDB.
what is still missing is handling of data in/out and scsi responses
at least it will now display the SCSI CDB and dissect it. woohoo
svn path=/trunk/; revision=19589
add tracking so that when we find an interface descriptor which tells us the device class we also create a conversation for each and every endpoint for that interface and also let all conversations (one for each endpoint) share the same usb conversation info structure.
store the device type inside this conv_info structure
add the required code to manage BULK data pdus and have it for now only display what kind of bulk data is contained (interface class as snooped from the descriptors)
we now only need a class dissector table we can fork off into from the bulk dissector in usb and then an external usb_masstorage dissector that registers itself as a mass storage device and we should be all set to dissect the scsi layer being transported atop usb
svn path=/trunk/; revision=19575
ansp provide the desired port/endpoints in the call to get/create a conversation so that we later when we see the a descriptor that says Endpoint X is using class Y
we need tis to register that certain endpoints are used for mass storage
(or other applications)
svn path=/trunk/; revision=19573
Please apply the attached patch to improve the WLCCP dissector. I have
also finished merging in packet-cisco-wireless.c, so it can be deleted.
svn path=/trunk/; revision=19572
start introducing conversations to the usb dissector so that we can start tracking requests/responses
which we need to in order to dissect for example the data returned by a device to a GET DESCRIPTORS call
svn path=/trunk/; revision=19539
this fixes a regression caused by the recent scsi data in/out reassembly code which made the scsi dissector fail to dissect data in/out over ndmp correctly if scsi reassembly was enabled
svn path=/trunk/; revision=19525
put "reassembled in" in the summary line
put the fragment list at the top of the tree instead of down inside the SCSI expansion
svn path=/trunk/; revision=19523
and also (if reassembly is disabled) only dissect the initial (offset==0) data pdu.
dissect_scsi_payload() does not yet use this parameter.
now that we have both data offset and expected data length/bidir expected data length and also the read/write flags availabe we have what we need to reassemble data in/out pdus (modulo overflow/underflow but those are so rare we can worry about them later).
ndmp: ndmp conceptually always has a data in and a data out phase and never fragment the data into smaller pdu's os that dissector always report offset as 0.
svn path=/trunk/; revision=19511
decode this field as relative offset and also store it in the fc_hdr structure so that FCP can pick it up and pass if to the SCSI payload data in/out dissector later
svn path=/trunk/; revision=19510
pass conversation form the transports up to the scsi layer
add tracking of conversation specific info to scsi osd
add tracking of conversation+lun specific info to scsi osd
for scsi osd add tracking of PARTITIONS and display in which frame they were created/removed
svn path=/trunk/; revision=19505
The attached patch fix parsing of the setup header in the usb dissector.
Currently the size of the field specified into proto_tree_add_item call
was wrong.
svn path=/trunk/; revision=19503
or Unicode, and use tvb_get_ephemeral_faked_unicode() to get Unicode
strings; this fixes problems I've seen in captures, where the string
isn't being processed correctly.
svn path=/trunk/; revision=19494
so that the two scsi transports FCP and ISCSI can provide the expected data transfer lengths to SCSI to allow SCSI reassembly.
NDMP does not really need these hints since for NDMP (and also iscsi-lite) there is conceptually always both data in and data out phases and there is never any fragmentation.
svn path=/trunk/; revision=19493
pretty horrible hack to store an ntlmssp blob inside an ldap string
the info column is not entirely pretty but the payload is at least decoded
svn path=/trunk/; revision=19490
An enhancement to the PPP multiplexing protocol
dissector in protocol-ppp.c. There are two changes:
The protocol id field of the multiplexed sub-frame is added
to the protocol tree using a header field. This allows
filters to select the protocol as is the case when it is not
multiplexed. I think this fixes a small bug as the ability to
filter for a protocol should not depend on the lower level
protocol.
When the protocol id of the subframe is not present, the
appropriate default protocol is displayed with the standard
indication that Wireshark generated the value.
svn path=/trunk/; revision=19488
from the 802.11 dissector. Use a #define for the maximum number of
WEP keys. Use AirPcap's if we have it (64). Rename find_module()
prefs_find_module() and make it public.
svn path=/trunk/; revision=19467
This patch fixes a transposition of the orders of
Set Attribute Number
Set Attribute Length
In the page oriented get and set attributes CDB parameters format
Ref SCSI-OSD T10/1355-D Revision 10 section 5.2.2.2
svn path=/trunk/; revision=19460
packet-cisco-wireless.c is actually trying to dissect WLCCP:
I have attached a dissector I wrote from scratch for the
frames that I'm seeing. It has #defines for the field offsets and
lengths so it should be easier to merge. I also attached a sample
capture with one of the frames that I'm seeing. There are more fields
in the frame I haven't yet figured out, hopefully your dissector has
those that I'm missing.
Me: - Commented in wlccp over udp as well, it works most of the time.
- Leave the file packet-cisco-wireless.c in for the time being to
copy over knowledge until no usable info is left in the file.
svn path=/trunk/; revision=19447
The expression (BGP_OSPF_RTYPE_EXT ||BGP_OSPF_RTYPE_NSSA) will always
evaluate to 1. As well, neither of these constants are defined as flag
values, so a bitwise op was probably not intended either.
svn path=/trunk/; revision=19444
Remove preferences stuff
Use stringz for variable length names
Media address size independant
Removed generated item
Set actual length of packet
Make info column work without coloring rules or filters
svn path=/trunk/; revision=19435
dissector for Enea's LINX protocol?
A protocol spec is available at <http://www.enea.com/templates/Extension____8947.aspx>. The source of the kernel module could be obtained from Enea by sending a request to "linx at enea dot com".
Currently they use ethertype 0x9999 which is not registered at IEEE.
svn path=/trunk/; revision=19430
I did improve the OID management in the tcap dissector.
Now, when a tcap message is reveived, without upper layer, the ACN is saved in the TCAP context, and can be used for the next messages of the dialogue. It is used only when the upper layer session is opened with Tcap only messages.
svn path=/trunk/; revision=19414
numerous changes, most notably:
1) BACnetStatusFlags is bit string, not enum, in NotificationParameters
2) Fixes many places where enclosing context tags were not handled properly.
3) Simplify tag decoding logic. Change to explicit decoding in many
instances rather
than read tags in a loop and do a switch based on tag number. Looping
ignores out-of-order and other types of tagging errors.
svn path=/trunk/; revision=19410
few things to be fixed:
- // comments,
- not every hf_xxx used might be registered
some packages from the current h248 dissector are still missing.
svn path=/trunk/; revision=19407
- Indicate direction of DCH Data in info column
- Assume EDCH payload CRC if 2 bytes are left over (previous test was broken)
svn path=/trunk/; revision=19405
always register
itself on the port from the preferences (defaults to 0) upon launch.
This allows the user to right-click and use decode as.
svn path=/trunk/; revision=19403
Modifie the VNC dissector to desegment
the "server cut text" message type for cases where the cut text is in
the next tcp segment from the first part of the message.
svn path=/trunk/; revision=19402
account for this extra reserved byte in the ahs length so that the reconstructed cdb has the correct length and does not contain one extra byte at the end
svn path=/trunk/; revision=19387
This is used to display the field underlined and to allow the user to double-click on it (like FT_FRAMENUM) to open the URL in the configured browser.
Example usage in the x509ce and logotype certificate extensions.
svn path=/trunk/; revision=19383
iscsi: when iscsi transfers a cdb that is alrger than 16 bytes, the first 16 bytes are transferred in the normal place in the header and ther remainder of the cdb is transported inside the AHS.
reassemble these cdb into a proper tvb before passing it to the scsi dissector
svn path=/trunk/; revision=19376
add a test for (length > 0) in the dissector (dissect_xot_pdu), to avoid to
allocate a new tvb when the XOT decoded length is null.
svn path=/trunk/; revision=19365
Please find enclosed a patch about Mobile Network Prefix option in NEMO.
Following RFC3963 Section 4.3, lenght of this option is 18, not 16.
svn path=/trunk/; revision=19363
it is absolutely amazing that none of the iscsi implementors and users of wireshark had noticed this breakage and reported it. they apparently do not use wireshark.
svn path=/trunk/; revision=19362
various changes to the existing scsi dissector to start allowing different commandsets to be implemented in their own dissector files to prevent the scsi dissector to become as huge as the parlay dissector
svn path=/trunk/; revision=19360
- dissection of TIPCv2 internal messages now shows
all fields used according to the protocol spec
- there should be no issues with the current protocol
spec anymore
- the info column is more concise and gives more
details
- some code beautifications
svn path=/trunk/; revision=19354
I've two patchs for FMIPv6:
- FBU encapsulated in FNA are not correctly parsed;
- there is an error when parsing LLA Option.
svn path=/trunk/; revision=19351
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
svn path=/trunk/; revision=19350
This patch adds support for dissecting ontap's nfsv4 filehandle,
as well as some updates to nfsv3 filehandle as well in the nfs
dissector.
Alex.
checked in with minor changes
svn path=/trunk/; revision=19345
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
this protocol is not too interesting yet since only the function names of this interface is known but it is more that no dissection at all
svn path=/trunk/; revision=19333
- Remove the RFC 3261 attribution in the long text version of several headers (some of them I couldn't easily work out where the first non-obsoleted introduction of them is)
svn path=/trunk/; revision=19328