I did improve the OID management in the tcap dissector.
Now, when a tcap message is reveived, without upper layer, the ACN is saved in the TCAP context, and can be used for the next messages of the dialogue. It is used only when the upper layer session is opened with Tcap only messages.
svn path=/trunk/; revision=19414
numerous changes, most notably:
1) BACnetStatusFlags is bit string, not enum, in NotificationParameters
2) Fixes many places where enclosing context tags were not handled properly.
3) Simplify tag decoding logic. Change to explicit decoding in many
instances rather
than read tags in a loop and do a switch based on tag number. Looping
ignores out-of-order and other types of tagging errors.
svn path=/trunk/; revision=19410
few things to be fixed:
- // comments,
- not every hf_xxx used might be registered
some packages from the current h248 dissector are still missing.
svn path=/trunk/; revision=19407
- Indicate direction of DCH Data in info column
- Assume EDCH payload CRC if 2 bytes are left over (previous test was broken)
svn path=/trunk/; revision=19405
always register
itself on the port from the preferences (defaults to 0) upon launch.
This allows the user to right-click and use decode as.
svn path=/trunk/; revision=19403
Modifie the VNC dissector to desegment
the "server cut text" message type for cases where the cut text is in
the next tcp segment from the first part of the message.
svn path=/trunk/; revision=19402
account for this extra reserved byte in the ahs length so that the reconstructed cdb has the correct length and does not contain one extra byte at the end
svn path=/trunk/; revision=19387
This is used to display the field underlined and to allow the user to double-click on it (like FT_FRAMENUM) to open the URL in the configured browser.
Example usage in the x509ce and logotype certificate extensions.
svn path=/trunk/; revision=19383
iscsi: when iscsi transfers a cdb that is alrger than 16 bytes, the first 16 bytes are transferred in the normal place in the header and ther remainder of the cdb is transported inside the AHS.
reassemble these cdb into a proper tvb before passing it to the scsi dissector
svn path=/trunk/; revision=19376
add a test for (length > 0) in the dissector (dissect_xot_pdu), to avoid to
allocate a new tvb when the XOT decoded length is null.
svn path=/trunk/; revision=19365
Please find enclosed a patch about Mobile Network Prefix option in NEMO.
Following RFC3963 Section 4.3, lenght of this option is 18, not 16.
svn path=/trunk/; revision=19363
it is absolutely amazing that none of the iscsi implementors and users of wireshark had noticed this breakage and reported it. they apparently do not use wireshark.
svn path=/trunk/; revision=19362
various changes to the existing scsi dissector to start allowing different commandsets to be implemented in their own dissector files to prevent the scsi dissector to become as huge as the parlay dissector
svn path=/trunk/; revision=19360
- dissection of TIPCv2 internal messages now shows
all fields used according to the protocol spec
- there should be no issues with the current protocol
spec anymore
- the info column is more concise and gives more
details
- some code beautifications
svn path=/trunk/; revision=19354
I've two patchs for FMIPv6:
- FBU encapsulated in FNA are not correctly parsed;
- there is an error when parsing LLA Option.
svn path=/trunk/; revision=19351
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
svn path=/trunk/; revision=19350
This patch adds support for dissecting ontap's nfsv4 filehandle,
as well as some updates to nfsv3 filehandle as well in the nfs
dissector.
Alex.
checked in with minor changes
svn path=/trunk/; revision=19345
Here are some patches and a new module to introduce the notion of Tcap context for a Tcap transaction. For each Tcap transaction, several parameters, like session identifier, start time or OID, will be saved in a hash table, to keep these informations available for the next messages. This context is then given to the upper layer, and can be used, for example, to generate transaction-associated statistics.
Moreover, the Upper protocol, detected in the Begin of the TCAP transaction ( according to the OID ), is saved in the context, and will be reused for the next messages of the transaction. This help the decoding of SS7 messages, without any SSN configuration in the "wireshark preferences".
You will have too, the possibility to apply a filter to see only the messages related to a TCAP transaction. (tcap.srt.session_id=XXX)
To enable the use of the Tcap context, you have 2 new parameters in the preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been closed. This is mandatory with Wireshark, to have a clean display of the stats.
There is 2 new timers in the preferences for the statistics, to tune the retransmission timeout, and messages lost timeout.
svn path=/trunk/; revision=19341
this protocol is not too interesting yet since only the function names of this interface is known but it is more that no dissection at all
svn path=/trunk/; revision=19333
- Remove the RFC 3261 attribution in the long text version of several headers (some of them I couldn't easily work out where the first non-obsoleted introduction of them is)
svn path=/trunk/; revision=19328
Add a new WERR error table to packet-windows-common so that PIDL generated dissectors can use this table instead of the DOS table.
To make this table as complete and accurate as possible and to avoid having to type all the values in by hand the table is generated from the samba doserr.h file and two small commandlines.
The commends in pakcet-windows-common.h explains how to regenerate the table from doserr.h
svn path=/trunk/; revision=19306
dont try dcerpc reassembly of fragments if we dont have the entire pdu
only call the heuristical dissectors once from smb/pipe as per guy(?)s comments about idempotence.
when doing reassembly, the dcerpc dissector is indeed not idempotent any more.
svn path=/trunk/; revision=19304
This patch makes the the maximum valid LDAP PDU size a preference. The default value for this new preference is 65535 for backwards compatibility.
svn path=/trunk/; revision=19288
The smb dissector displays lock requests in the "Locking AndX Request" as a vector of locks. It opens a tree branch
"Locks" and appends the locks to this branch. Instead of adding "Lock" objects to this branch it added "Unlock"
objects. Everything else is fine.
svn path=/trunk/; revision=19271
Add the ieee802a_add_oui function to libwireshark.def, and also adds the OUI that I am using to a couple of internal lists (in epan/oui.h and dissectors/packet-llc.c).
From me:
Resorted the oui lists, some witespace changes and added Ericsson OUI:s.
svn path=/trunk/; revision=19262
In dissect_geographical_description the longitude is multiplied by 260
and should be by 360(degrees).
Also it would be good to display to 5 decimal places.
svn path=/trunk/; revision=19260
I have put together a patch for YMSG packet dissector. This is based on my own code and service lists (this
should match Gaim and Kopete service lists). This new code should bring the code up to par to most of the
known services. Which should cover up to Yahoo 7.x or most of it.
I have also setup a new set of constants which are specific to YMSG packets. These are the types that I've
seen in miranda network logs and they should reveal more information. The other constants are mostly for buddy
statuses and need nor apply to the YMSG header. I have left them in the code (for now). These constants are
currently used in my own code.
svn path=/trunk/; revision=19255
"The decoder has some bugs:
* RTP redundancy field is decoded incorrectly.
* Timer TU3920 is displayed as being in seconds, but it is really in units of
100 ms."
svn path=/trunk/; revision=19247
once the private_data -> se_data conversion is complete we can plug quite a large number of memory leaks related to dcerpc
svn path=/trunk/; revision=19240
Fix for bug 1036
I looked at this today and found that in fact the PC stuff is pretty
hosed up in the SS7 dissectors. For example, MTP3 *looks* OK here (DPC is
4-5-6):
Routing label
DPC (4-5-6) (394500)
but 394500 == 0x60504 == 6-5-4. Something's not right.
I made a common PC dissector function for all the SS7 dissectors so as to
concentrate all this code in one place (something I've been wanting to do for a
while anyway) and fixed the reported problem as well as the above problem in
the attached patch.
svn path=/trunk/; revision=19231
the biggest problem in changing this is the dcv->private_data usage.
add a dcv->se_data which can keep data around from a request to a response and use this to change the LSA/OpenPolicy2 servername passing from request to response as a test pattern of moving all users of dcv->private data over to use dcv->se_data.
once all users are migrated over we can then change the dcv->private data pointer to be of ep scope and thus not need an explicit free (which is quite difficult and it is quite difficult in the old semantics to know WHEN we need to free this pointer)
this will eventually make the usage more clean and at the same time close down quite a few memory leaks.
eventually this will make dissect_ndr_nt_SID return a pointer to ep allocated memory that need not be explicitely freed.
svn path=/trunk/; revision=19226
> please find enclosed a patch to the CFlow dissector (packet-netflow.c)
> that enables it to decode IPFIX packet traces.
svn path=/trunk/; revision=19221
Hi folks,
We think we've found a bug in STANAG 5066 SIS layer dissector.
Problem is at S_EXPEDITED_UNIDATA_INDICATION S_Prim's parser
and occurs when we receive a U_PDU via expedited unidata channel.
Dissector tries to parse first 2 bytes of U_PDU as a header size of type
21 s_prim (S_UNIDATA_INDICATION). But, this is not an wanted process on
that parser. Maybe, it was forgotten unchanged from
S_UNIDATA_INDICATION dissector while copying it. So it shows
data (U_PDU) 2 bytes short. Moreover, if data is just 1-byte, TCP datagrams
receive TCP checksum error.
Confirmed.
It was indeed a "copy-paste-did not edit correctly" bug.
While going over the code once more, I found:
1 - One bug in the heuristic. (Changed '&&' to '||')
2 - One to-do that was already done. (Removed the /* TODO */)
3 - One to-do that is now done. ;-)
svn path=/trunk/; revision=19210
Also, there is still an outstanding issue regarding the default use of
the "media" dissector. The way it is currently coded there is no way to
have a heuristic decoder when a content-type header is specified.
In this way if there is a decoder for a specific content-type then it
will be used, then the heuristic decoders have a chance, and finally the
default of either the media-type decoder of the http_payload decoder.
svn path=/trunk/; revision=19208
since source/dest/protocol/info is updated by the content of the payload it doesnt make sense to hide the actual payload inside esp/ah
it just would look confusing
svn path=/trunk/; revision=19206
windows in SYN and SYN+ACK packets are not scaled so dont apply window scaling to them when displaying them in the tree
svn path=/trunk/; revision=19186
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
as requested here is a patch in order to take into account Encryption
and Authentication keys for ESP in hexa.
You only have to write your key with 0x first. In this case if the key
is not in 8-bit unit, it will be considered as starting with a "0" (4 bits). Excepted this case, the key should be completely written, even if it
starts with "0x00".
svn path=/trunk/; revision=19181
- Display options in info column
- Only remember blksize from OACK packets
- Add some rfc numbers
- Move tftp_dissect_options in front of dissect_tftp
(I forgot to fix the forward decl once too often ;)
- Warning fixes
- Add expert error in case of tftp-error pdu
svn path=/trunk/; revision=19162
Actually, this was a feature request:
Store the value of the blksize option in the conversation data
and use that information to compare whether we have reached the
last packet.
Includes the cleanup ideas from Ronnie.
svn path=/trunk/; revision=19155
there were instances where the function dissect_nt_sid() would not fill in the return pointer for the sid string
causing callers that rely on that this string will ALWAYS be assigned try to access and g_free() an uninitialized pointer.
dissect_nt_sid() should be changed to use and return ep allocated memory instead of gmalloced memory
svn path=/trunk/; revision=19154
verify that stat_info->request_uri is non null before doing string manipulations on it
so that we dont try to dereference a null pointer further down the code
svn path=/trunk/; revision=19153
A patch to bring the VNC dissector almost to completion.
I have not had a chance to finish the server message type "frame buffer
update," which are the pixel values for screen rectangle updates.
Everything else is there - tracking the keys the user is pushing,
ringing a bell on the client, mouse button pushes/pointer movements,
etc.
svn path=/trunk/; revision=19145
This patch will add the following functionality to the H.248
dissector:
1. Dissection of properties from Annex C.11 SDP equivalents.
2. Dissection of EventNames and SignalNames from Annex E Basic
Packages.
3. Dissection of event and signal parameters from Annex E.9 Analog
Line Supervision Package.
4. Dissection of statistics from Annex E.11 Network Package and
Annex E.12 RTP Package.
svn path=/trunk/; revision=19136
First, the length of the header of a sub-frame may be miscalculated if
if the PID field is not present, but was present in a previous
sub-frame. The calculation of the header length will use the value from
the previous sub-frame.
Second, correct the typo "ength" to "length".
Third, the length of the current sub-frame was not passed as the
reported length to a sub-dissector. When the sub-dissector calls
tvb_reported_length(), the function returns the length of the complete
frame and not the length of the sub-frame to be dissected.
svn path=/trunk/; revision=19132
use call_dissector_only() which is new-style aware and not call_dissector() which is not.
this fixes a recent bug found on the heimdal list.
svn path=/trunk/; revision=19129
New protocol: epl v1
Hi,
in addition to the recently submitted dissector for the EPL v2 protocol,
this is the dissector for the first version of the EPL protocol.
Best Regards,
David
svn path=/trunk/; revision=19125
from 1 to 8 bytes, and not only handle 0-byte session IDs as special,
have it handle session IDs > 8 bytes as special as well.
svn path=/trunk/; revision=19115
we can add code to check that it looks sane (for better heuristics) when
we start adding GSS-KRB reassembly.
we need this for some transports such as SMB/SessionSetup that will transport GSS-KRB blobs inside multiple PDUs (multiple different SMB/SessionSetups) so we can reassemble the blobs before decoding them.
this probably only happens for SMB/SessionSetup but the design of that command is so "nice" that you can not tell whether the blob is fragmented or not or how big it is supposed to be by looking at the SMB layer itself, one needs to know the BER length field for the BER APPLICATION tag. :-(
to make things worse, the only way match multiple such fragments together one will need not just the fragments from the SessionSetup requests but also the UID that is returned in the response to the initial request.
perverse design.
lets assume that there will almost never be multiple sessionsetups on the same tcp session in real traces so to make things easier just ignore the UID for now when reassembling. (well reassembly is not added yet but will be)
svn path=/trunk/; revision=19112
we will need a conversation in more places once we start adding reassembly of gss-krb blobs that span multiple pdus (smb/sessionsetup)
svn path=/trunk/; revision=19110
patch to implement the decoding of the GPRS reference. The specific oid for the CAP-GPRS-ReferenceNumber is attached to a decoding function in the camel module.
svn path=/trunk/; revision=19108
File NCP2222.py:
1. Added NCP service type 0xffff = All types
2. Added evaluation of task states. (following bits are defined. 0=normal, 1 = TTS explicit transaction in progress, 2= TTS implicit transaction in progress, 4 = Shared file ste lock in progress)
3. Reversed the Volume Request Flags, this was backwards (s/b 0=do not return name with volume number, 1=Return name with volume number)
4. Fixed endianess of Creator ID in NetWare Information Struct.
5. File information structure incorrectly defined Current Block Being Decompressed.
6. Logical Lock Status structure incorrectly identified Task Number as a byte. It should be two bytes "word".
7. Fixed endianess of Modifier ID in NetWare Information Struct.
8. Fixed Name Space Information structure (was defined as Name Space, changed to Creator Name Space Number).
9. Fixed Semaphore Structure (Task Number was incorrectly defined as a byte, should be two bytes "word").
10. Added Task structure (Task Number, Task State)
11. Fixed Volume structure (incorrectly defined Volume Name)
12. Added VolumeWithName structure (This struct contains both volume number and volume name)
13. Added error 0x8901 - "No purgable files available"
14. Added error 0x8977 - "Buffer too small"
15. Added error 0x899c - "No more trustees found"
16. Added error 0x89d9 - "Queue station is not a server"
17. Added NCP connection status values (0=Ok, 1=Bad service connection, 10=File server is down, 40=Broadcast Message Pending)
18. Fixed error definitions for NCP 22/50.
19. Fixed reply packet for NCP 22/52 to properly display volume information depending on reply struct, Volume or volume with name.
20. Fixed error definitions for NCP 22/52
21. Fixed NCP 23/26 reply packet to properly return internet address and display correctly.
22. Fixed NCP 23/27 Reply packet structure to properly repeat connection numbers array.
23. Fixed error definitions for NCP 23/33
24. Fixed NCP 23/114 Request (improperly defined Charge Information as a long value, s/b word)
25. Fixed NCP 23/120 Reply (Improperly defined Job Number as a long value, s/b word)
26. Fixed error definitions for NCP 23/123
27. Fixed error definitions for NCP 23/124
28. Fixed error definitions for NCP 23/131
29. Fixed error definitions for NCP 23/132
30. Fixed error definitions for NCP 23/135
31. Fixed error definitions for NCP 23/137
32. Fixed error definitions for NCP 23/138
33. Fixed NCP 23/205 Reply (User Login Allowed incorrectly defined as long value, s/b byte value)
34. Fixed NCP 23/234 Reply (Reply structure incorrectly defined based on old NCP documentation. Corrected per new docs)
35. Fixed endianess of NCP 23/237 Reply on value Number of Locks.
36. Fixed endianess of NCP 23/238 Reply on value Number of Locks.
37. Fixed error definitions for NCP 30
38. Fixed error definitions for NCP 36/6
39. Fixed error definitions for NCP 86/2
40. Fixed error definitions for NCP 86/3
41. Fixed error definitions for NCP 86/4
42. Fixed error definitions for NCP 86/5
43. Fixed error definitions for NCP 87/1
44. Fixed error definitions for NCP 87/4
45. Fixed error definitions for NCP 87/5
46. Fixed error definitions for NCP 87/10
47. Fixed error definitions for NCP 87/11
48. Fixed error definitions for NCP 87/12
49. Fixed error definitions for NCP 87/17
50. Fixed error definitions for NCP 87/18
51. Fixed NCP 87/20 Reply to properly decode multiple entries returned. This used to only dissect the first entry.
52. Fixed error definitions for NCP 87/30
53. Fixed NCP 87/33 Reply to properly utilize the request flags to dissect the reply packet NetWare Info Struct
54. Fixed error definitions for NCP 87/33
55. Fixed error definitions for NCP 88/22
56. Fixed error definitions for NCP 89/1
57. Fixed error definitions for NCP 89/10
58. Fixed NCP 89/11 Request packet structure
59. Fixed error definitions for NCP 89/11
60. Fixed NCP 89/20 Reply to properly decode multiple entries returned. This used to only dissect the first entry.
61. Fixed error definitions for NCP 104/5
62. Added undefined NCP 112
63. Fixed NCP 123/11 Reply to properly dissect FileName, Name, and copyright.
64. Fixed NCP 123/17 Reply to properly display NCP Network Address values.
65. Fixed NCP 123/24 Reply to properly display Driver Board Name, Driver Short Name, and Dirver Logical Name.
66. Fixed error definitions for NCP 123/33
67. Fixed NCP 123/60 to properly display Set Command Name and Set Command Value.
68. Fixed error definitions for NCP 123/70
69. Fixed NCP 123/71 Reply to utilize new File Information Struct
70. Fixed error definitions for NCP 123/71
71. Fixed error definitions for NCP 123/72
72. Added NCP 123/249
73. Added NCP 123/251
74. Added NCP 123/252
75. Added NCP 123/253
76. Added NCP 123/254
77. Added NCP 123/255
78. Fixed error definitions for NCP 131/1
79. Fixed error definitions for NCP 131/2
File packet-ncp2222.inc
1. Added new NCP preference setting to tell Wireshark to decode the NetWare information structure as new or old style.
2. Set default NCP preference settings of echo connection and echo file to FALSE.
3. Added NDS verb 2 Request Flags (0=retain old object, 1=delete old object)
4. Fixed problem where NDS fragmentation could not be reassembled on reload. (fragment array needed to be re-initialized on reload)
5. Fixed NCP service types 1111, 5555, bbbb, and 1111/LIP to reflect real type number. (Was defined as 0xf1, 0xf2, 0xf3, etc... Now defined as 0x1, 0x5, 0xb, etc)
6. Fixed function build_expert_data to parse subtree memory structures to acquire NCP request value records
7. Fix NDS attribute type Boolean to byte value and properly aligned.
8. Fixed attribute zendmSearchOrder to display properly regardless of number or order of value entries.
9. Added check of length of packet prior to attempting to defragment
10. Added for Request packets logic to abort if NCP type isn't found.
11. Added logic to store packet length and then manually decode NCP function 123 based on length.
12. Added logic to manually dissect NCP 87/20 and 89/20 reply packets.
13. NDS resolve name replies with remote entry as the specifier should not store the EID returned (0x00000000)
14. Added logic to trap and echo to expert tap when connection status flags indicate an error.
15. Added manual dissect of NCP 23/26 replies
16. Added logic to Capture the EID returned form NCP 22/51 "Get vol info".
17. Fixed NDS verb 0x2a
18. Fixed NDS verb 0x2b
File packet-ncp.c
1. Fix offset for packet signature. (This used to automatically set the offset to account for packet signature if it could not determine the correct NCP type. But for some failed fragment packets, retransmissions, etc, this would be wrongly identified. So first we check to see if we can read a valid type at the offset before we just automatically assume that packet signature is being used)
2. Register the new NCP preference for old/new NetWareInfoStruct.
File packet-ncp-int.h
1. Add extern declaration for ncp_newstyle setting.
2. Add length, req_mask, and req_mast_ext to ncp_req_hash_value structure
File packet-ncp-sss.c
1. Fix SecretStore request verb Write App Secrets, Client Put Data, to evaluate packet length.
svn path=/trunk/; revision=19073
- register H.225.0 over TLS (configurable port 1300)
- register SIP over TLS (fixed port 5061)
- new function proto_tree_get_root()
svn path=/trunk/; revision=19059
ethernet IG/LG bit changes with minor modifications
(only dissect LG if it is a unicast address
put a hint what locally administered means in the dissect tree
)
svn path=/trunk/; revision=19033
this patch adds support for MPEG2 transport stream packets in RTP (type
MP2T). It currently dissects the headers of the MPEG2 packets
svn path=/trunk/; revision=19023
I found a loop in the q2931 dissector, whereas I was dissecting Ranap
Traces with a bad wireshark configuration.
Wireshark did crash, after eating all the memory.
Make other loop checks more paranoid.
svn path=/trunk/; revision=18992
This patch provide a correction for the element "Channel Needed" in the Paging message. and some improvements for the display of AUTH,SRES,RAND etc..
With some further changes to APDU and LSA Identifier dissection.
svn path=/trunk/; revision=18985
make mms bitstrings easier to read
--
Hi, this is my new mms with some changes in order to display some data in
binary instead of hex.
Excuse me because is not a diff from the repository, but I don't know how to
create a diff.
I also have the compiled packet-mms.c and packet-mms.h if you want it only
mail me.
svn path=/trunk/; revision=18974
use tcp_dissect_pdus() which works insterad of trying to do the pdu tracking and signalling for reassembly manually.
This makes ldap pdu tracking and reassembly work properly for cases when hosts are streaming lpad over tcp and there is little or none alignlemt of pdus to the start of a segment
svn path=/trunk/; revision=18965
new protocol: veritas low latency transport
---
Attached is a patch file that adds a new dissector for the LLT protocol
(Veritas Low Level Transport, used for server clustering). They use
ethertype 0xCAFE even though it isn't assigned to them :(. There are
other fields and possibly other message types directly between servers
it does not yet dissect as no one outside of Veritas knows what they
are. This dissector understands the one people will run across most -
multiple servers broadcasting these heartbeats all over the place. I
figured out these fields through many Internet searches.
I will add the protocol to the Wiki after it is committed.
Thanks,
Steve
svn path=/trunk/; revision=18944
the attached patch removes the
redundant "Cisco Discovery Protocol" from the info column:
Before:
Cisco Discovery Protocol Device ID: myswitch.domain.com Port ID: GigabitEthernet3/17
After:
Device ID: myswitch.domain.com Port ID: GigabitEthernet3/17
svn path=/trunk/; revision=18941
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
most of the relevant code moved to guid_utils
lot of corresponding code cleanup in packet-dcerpc.c
still using GHashTable
still not using a manuf like file
svn path=/trunk/; revision=18939
As per RFC 4090, In the FAST_REROUTE Object, Include-any starts
at the 12th byte and Exclude-any starts at the 16th byte.
Ethereal has inter-changed these two fields in its display.
*Ethereal* bug 1043.
svn path=/trunk/; revision=18938
I think I've changed all corresponding appearances from FT_STRING to FT_GUID, so assert the FT_ type as it should only be a FT_GUID now.
Add a generic implementation in guid_utils.h to have a way to store data about GUID to name resolving (something like value_string for e.g. int). It might be better to have a single registry for all GUID's of all dissectors and implement the GUID name resolving into the proto_tree_add... functions.
svn path=/trunk/; revision=18935
is disabled by default, and can be enabled by setting AIRPCAP_CONFIG
in config.nmake. The code is currently limited to Windows, but should
be adaptable to other platforms.
The official announcement won't come until next week, so you'll have to
read the source for details. :)
svn path=/trunk/; revision=18928
when files are opened using NTCreateAndX and if we recognize the type set the type field to either FILE, DIR or PIPE
This is useful to know when dissecting things like security descriptors since it tells us how to dissect the specific bits of the access mask.
Only do this for NTCreateAndX for now. It is trivial to add similar tracking to some of the older obsolete calls used to open fids but no clients ever use those old calls any more.
svn path=/trunk/; revision=18922
I made a small change in packet-bacapp.c to fix the following:
1. Corrected Signed value decoding for a one octet value.
2. Corrected Priority values to decode as Unsigned values.
svn path=/trunk/; revision=18918
A very tiny patch that corrects decoding of the Next Payload field in
the IKEv2 header. RFC 4306, Sec 3.2 says that a payload type of 0
means "No Next Payload" and not RESERVED. The patch just uses the
same string the dissector uses for IKEv1, namely, "NONE".
svn path=/trunk/; revision=18914
The enclosed patch updates the set of mime types for line oriented text
data per RFC 2046.
Me:
Remove application/postscript, as it may be binary.
svn path=/trunk/; revision=18913