- implement "ether" attribute;
- parse "abinary" attribute [uses existing radius_abinary()]
Also: add a comment in packet-radius.h about the meaning of the encrypt flag.
svn path=/trunk/; revision=28952
This patch correctes serveral minor things.
1. Adds decoding of generic services to classes that have a separate dissect
function.
2. Adds new error codes.
3. Adds new CIP objects.
4. Extends the VendorID list.
svn path=/trunk/; revision=28951
In the RADIUS dissector, the function radius_register_avp_dissector() registers
vendors that are not already present in the dictionary hash-table. As far as I
can see, there are two problems with this:
1. The function does not set the number of type/length octets and the has_flags
variable for that AVP, which is required to correctly decode AVP/VSA values
2. In some situations, the function is called _before_ radius_load_dictionary()
is called (for example for the vendor 3GPP (ID: 10415))
Therefore, all vendor entries that are created by calling
radius_register_avp_dissector() leave their type_octets and length_octets un-initialized,
which causes incorrect decoding.
[Result: Radius dissector displays messages such as:
"Malformed Packet: RADIUS" and "Error/Malformed: Malformed Packet(Exception occurred)"]
The attached patch fixes this problem by assuming that the dictionary knows the
'ground truth' about the type/length octet and the has_flags information and allows it to
overwrite these values even for vendors that have already been loaded.
Also: (from Bill Meier): set the type/length octet and the has_flags variables to default
"standard" values (1,1,FALSE) in radius_register_avp_dissector().
Fixes Bug #3651 (and Bug #3635).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3651https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3635
svn path=/trunk/; revision=28937
The template cache contains pointers that are session-scope (only freed in
netflow_reinit()) but still we use g_malloc(). This patch changes that so we
now use se_alloc(). With this patch I'm able to reproduce the crash
("Per-session memory corrupted").
svn path=/trunk/; revision=28927
template, differentiate between Netflow v9 and IPFIX, which require
different interpretations. Add other minor fixes and comments.
svn path=/trunk/; revision=28911
rid of another, as the pointer in question is non-null in all calls (if
somebody adds another call with a null pointer, it'll crash when
dereferencing the pointer in any case).
svn path=/trunk/; revision=28900
which case it won't crash, or it will be null, in which case that just
trades one crash for another, and we should fix the crash.
svn path=/trunk/; revision=28898
Fixes crash reported in Bug #3578. [https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3578]
Essentially: CLEANUP_CALL_AND_POP wasn't being executed for certain error exits from
dissect_attribute_pairs() thus leaving a CLEANUP entry on the exception stack.
Also: vsa_buffer_table wasn't being destroyed if an exception occurred in dissect_attribute_pairs.
svn path=/trunk/; revision=28891
The previous check is incorrect when the first ldap frame in the capture is
selected and the filter is changed, or selecting "Follow TCP Stream".
Also removed check_col().
svn path=/trunk/; revision=28889
More packet decoding for Intellon powerline devices.
From me put proto_register_homeplug() last in the file and whitespace changes.
svn path=/trunk/; revision=28872
- Fix ncp2222.py and all the epan/dissectors/dcerpc dissectors. The
latter required changes to idl2wrs which used variadic macros (not supported in MSVC 6.0).
- Cleanup PIDL conformance files
svn path=/trunk/; revision=28856
Added: ESMC support as per G.8264 (Slow Protocol Subtype 0x0a).
* QL codes are dissected according to G.781 5.5.1.1 "Option I SDH".
Added: support for Timestamp entities in ESMC PDU as per WD56 proposal.
svn path=/trunk/; revision=28836
Cleanup hf_register_info declaration passed to llc_add_oui(). While there,
change the declaration to an array in order to be consistent with the rest
of packet-*.c files.
svn path=/trunk/; revision=28830
This patch attempt should more closely align with the Wireshark "layout" of using
a dissector rather than a "hack" to the packet-llc dissector.
svn path=/trunk/; revision=28823
The Bluetooth AMP Manager protocol was recently adopted by the Bluetooth SIG.
This protocol sits on top of L2CAP and requires a few changes in order to
accommodate the new move/create channel request.
This patch includes:
* a new Bluetooth AMP Manager Protocol dissector
* changes to L2CAP to handle the new move/create channel signals
* introduce a dissector table for fixed channel, allowing btamp dissector to
handle the BT AMP Manager Protocol channel
* Preliminary changes in L2CAP to support the new enhanced L2CAP modes
(enhanced retransmission/streaming mode)
svn path=/trunk/; revision=28819
Due to an incorrect offset setting in packet-icmpv6.c Wireshark cannot parse RA router-lifetime and RA flags properly.
svn path=/trunk/; revision=28818
add it to the tree, just call proto_tree_add_item. Fixes bug 3564.
Replace another tvb_get_ptr call with tvb_format_text.
svn path=/trunk/; revision=28815
Move header field info declarations into function scope.
This is the first step. Another patch will be submitted which actually scrubs
the header field info declarations (remove empty blurbs, etc.)
svn path=/trunk/; revision=28797
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
Recent glib versions always include signal.h in gbacktrace.h
On Linux PPC signal.h defines PT_R4 which is also defined by samba and
compilation fails.
svn path=/trunk/; revision=28727
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
Added support for Host Identity Protocol (HIP).
From me:
- Adjusted location of "Checksum" and "HIP Controls", as they seems to have
switched place in the bytes window
- Rewrote some proto_tree_add_uint -> proto_tree_add_item (some still remain)
- Rewrote to not use tvb_memcpy()
- Corrected some proto_tree_add_item's as the format seems to be big-endian
- Terminate ALL value_string's with { 0, NULL }
- No need to zero-terminate value_string strings.
- Removed call to check_col()
- Removed some prototypes
- Removed unused hf_hip_tlv_id, hf_hip_res and hf_hip_tlv_enc_iv (please check)
- Rewrote some C++ comments
svn path=/trunk/; revision=28596
* support the P3 protocol in addition to the P1 protocol; and
* reduce the number of changes to the ASN.1 modules (as asn2wrs now handles more of the ASN.1 constructs).
P3 is currently only supported over ROS (and not RTSE)
svn path=/trunk/; revision=28593
Add support for the DIS protocol dissector to more fully interpret the PDU
types "Data Query", "Data", and "Set Data". It should interpret the
originating and receiving entity IDs, request ID, number of fixed and variable
datum fields, and the ID and values of each datum field in the PDU.
svn path=/trunk/; revision=28583
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
The patch puts the function declarations for zbee_sec_ccm_decrypt() and
zbee_sec_key_hash() into a #ifdef HAVE_LIBGCRYPT guardian to avoid gcc from
complaining about functions that are declared as 'static' but never defined.
It additionally puts the function zbee_sec_make_nonce() (and its declaration)
into a #ifdef HAVE_LIBGCRYPT guardian to avoid gcc from complaining about a
defined but unused function, if libgcrypt is not used.
svn path=/trunk/; revision=28513
- Make some fcns & vars static
- hf[] blurbs: "" and repeated text --> NULL
- Move proto_register & proto_reg_handoff to end of source
- packet-catapult-dct2000: simplify proto_reg_handoff
- Use consistent indentation
svn path=/trunk/; revision=28488
Add:
- FIX 4.0 to 4.4 fields, auto generated with XSLT stylesheets applied on
http://www.quickfixengine.org/ xml files (not included quickfixengine code is
BSD but xml files have no copyright).
- value_string functions for string keys, added to value_string.c.
- FIX desegmentation, it doesn't work well with malformed FIX PDU.
svn path=/trunk/; revision=28478
- Removed heuristic for find if is_request and used event_type
- URB_INTERRUPT don't goes in reverse direction... fixed
svn path=/trunk/; revision=28477
This patch adds support for the I-TDM control protocol specified in PICMG SFP.1 chapter 3.12.
This control protocol is used to "automatically" initialize new I-TDM data flows.
svn path=/trunk/; revision=28468
The CoS Capability extended community has been changed to a transitive ext. community
and was reassigned an IANA type number. It has changed from 0x40 to 0x05.
see: http://www.iana.org/assignments/bgp-extended-communities
svn path=/trunk/; revision=28467
Some of the hard-coded 96 and 127 values representing dynamic payloads
were changed to use #defines from rtp_pt.h but not all.
svn path=/trunk/; revision=28466
In ISUP, if the redirecting or original called number parameters are present,
but have a zero length number in them, the dissector (incorrectly) marks them
as malformed packets.
Also, the precedence decoder is very terse (Doesn't even display the precedence
level correctly)
svn path=/trunk/; revision=28448
- replace C++ comments by C-style comments (or #if 0...#endif);
- Chnage all hf[] "" blurbs to NULL;
- Fix some spelling;
- Remove two unused handles.
svn path=/trunk/; revision=28439
- prefs registration not req'd (no prefs);
- move hf[] & ett[] to be local to proto_register;
- use std dissector format: move proto_register & proto_reg_handoff to end;
- if (proto == -1) in proto_register not req'd;
- if (! initialized) not req'd in proto_reg_handoff since no prefs callback.
svn path=/trunk/; revision=28437
FCS; this handles protocols where there's no length field, so that the
"is there a trailer and/or an FCS?" heuristic can't work.
svn path=/trunk/; revision=28432
The attached patch file adds dissectors for the ZigBee protocol stack,
which runs atop the IEEE 802.15.4 dissector. Also included is the
dissector for the ZigBee Encapsulation Protocol (packet-zep.c), used by
the Exegin Q51 protocol analyzer.
From me:
Fix a bunch of gcc (the compiler, not me) warnings.
svn path=/trunk/; revision=28429
e_ip->ip_ttl is currently always set to 0, in attachment fix.
I also (in same patch, sorry) submit cleanup to use ep_alloc() instead
of static e_ip buffers, I didn't test it, but I hope it's ok.
There's note about static buffers in doc/README.tapping, which should
also be updated, but I don't feel so good with my English :)
From me:
Rename e_ip to ws_ip. Update the static buffers note in README.tapping.
svn path=/trunk/; revision=28425
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
Attached please find a patch that enables to heuristically find VNC
traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item()
functions)
svn path=/trunk/; revision=28394
Not much, just a little bit of fine tuning:
- Spelling
- Added expert_add_info() for status responses with warning & error level
- Added command details in info column (optionally)
Also plugging memory leak.
svn path=/trunk/; revision=28392
use.
Rename some variables to reflect the names they have in the IGRP
document.
Don't treat being called with a non-IPv4 address as a dissector bug - we
can't prevent ourselves from being called from the IPv6 dissector. This
fixes bug 3466.
Clean up indentation.
svn path=/trunk/; revision=28390
The attached patch updates wireshark to the radiotap RX flags leaving the
non-standard option to dissect bit 14 as "FCS in header".
Merge the patch by hand in a couple of places to avoid conflicts with
r26861.
svn path=/trunk/; revision=28385
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2824
I have added the SCM header to the wlccp dissector. This header is present in
packets of base message type 0x01. You can find the specification in the
following document, when you search for "The table below shows the fields for
an SCM Advertisement Reply Message.":
http://www.freepatentsonline.com/y2005/0220054.html
It seems like the header structure in the document is wrong regarding the "SCM
Node ID" (MAC address) field. From looking at the hexdumps I found out that the
node id shows up in the header before the "Instance Age" field. There is also a
2 byte field between the node id and the instance age, which is always zero. I
have named this field wlccp.scm_unknown_short, because I don't know what it is
for.
Me:
Fix two bugs that came up during testing but were present before the patch,
both involving wrong length handling triggering dissector assert and malformed
packet messages.
svn path=/trunk/; revision=28376
support for vendor-specific IEs. Fix variable-length record handling. Add
conversation tracking to the UDP dissector and add process flow
information to TCP and UDP conversations.
This lets us run process flow collectors on one or more machines and
have the process username, PID, command name, etc. show up in the TCP
and UDP protocol trees.
svn path=/trunk/; revision=28366
Adjust some spacing;
Replace tab in string by a space;
Use #if 0... #endif instead of /* ... */ to comment out some code.
svn path=/trunk/; revision=28296
An NHRP extension offset of 0 is not an error - it means there are no
extensions.
Start using the address family number to determine the type of
link-layer addresses in NHRP. Don't fetch IPv4 addresses and add them
to the tree - just use proto_tree_add_item().
svn path=/trunk/; revision=28286