tvb_reported_length_remaining(), not by tvb_length_remaining() -
tvb_length_remaining() shows only the amount of *captured* data
remaining, but the capture might have been done with a snapshot length
that cut the packet data short.
The payload length from the PPPoE header could legitimately be different
from the actual length of the PPPoE payload if there's not enough PPPoE
payload to avoid padding at the E(thernet) level. Only complain if
there shouldn't have been any padding.
Report an "expert" warning if the payload length looks wrong.
Update a comment to reflect current reality (as of many many years ago,
when we went all-tvbuff).
svn path=/trunk/; revision=22770
Fix for bug 1807. This patch corrects the decoding of the NotificationParameters.
I fuzz tested with these and other captures (Pass > 100).
svn path=/trunk/; revision=22766
not a lost packet but the tcp ports are being reused. This is often
seen in load-balanced environments where client ports are preserved
on the server-side.
We only want to report port reusage once, so the SYN/ACK is excluded
from TCP_SEQ analysis.
svn path=/trunk/; revision=22762
- Added ASN.1 integer values for StandardExtension, ExtensionAttributeType
and TokenDataType.
- Added expert info for unknown standard-extension, extension-attribute-type
and tokendata-type.
- Added expert info for unknown built-in content-type.
svn path=/trunk/; revision=22730
- As noted by Thomas Anders values are not added to the tree anymore. Move the calling of subdissectors to the end of the function, so that the value is added to the tree.
- add port 8161 to be decoded as SNMP (hey, it's on IANA's services file!)
UAT:
- do not have the uat reloaded.
OIDS:
- do not complain if renaming an OID to an identical name
svn path=/trunk/; revision=22704
rename dcerpc_smb_fetch_pol to dcerpc_fetch_polhnd_data and also make
it take an additional parameter to return the "type" of the policy
handle, if such a type was stored.
extend the pol_value structure used to track policy handles to also
store a type to represent what created the policy handle
types could be USER/ALIAS/CONNECT/... etc handles returned from the
SAMR interface
add a new helper function dcerpc_store_polhnd_type()
track policy handles between request/responses for dcerpc
update the samr.cnf file to make the samr dissectors for
SetSecurity/QuerySecurity dissect the specific bits for the security
descriptor correctly based on whether the policy handle refers to a
CONNECT/DOMAIN/USER/ALIAS or GROUP
svn path=/trunk/; revision=22703
- reimplement the "snmp.variable_oid" dissector table
- oids.[ch]
- get rid of keytype_implicit in oid_value_type_t we won't use it.
- have the windows base path for mibs be consistent to where we've put the mibs
- oid_get_from_encoded() and oid_get_from_string(): have the subids array being computed in a prior statement of where the side-effected argument is going to be used... worked on gcc, not on windows... I deserve "have daemons flying out of my nose" for that :-).
svn path=/trunk/; revision=22684
1. Priority field decode.
The 802.1q tag field of a frame is separated from its frame body in
a ERSPAN packet.
Current packet-cisco-erspan.c decodes only the vlan id field of the
802.1q tag.
This patch can also decode the priority field of the 802.1q tag.
2. Direction of a captured frame decode.
A ERSPAN packet includes the additional information of the direction
a captured frame as below.
If a caputred frame comes from outside to a switch port, this means an
'Incoming' frame. If a caputred frame goes out of a switch port,
this is an 'Outgoing' frame.
Added an extra unknown value for the bit between direction and spanid.
svn path=/trunk/; revision=22649
- Decodes all valid Restart Signaling CLVs
- The restart flags are now shown in a tree and have display filters for them
- The Remaining hold time field now has a display filter
- The Restarting Neighbor Id field is now decoded
- Corrected another CLV decoder that assumed the length of a system ID was 6
and hard coded that value instead of using the id_length variable
Rearranged the Restart Signaling Flags to show the most significant bit first
svn path=/trunk/; revision=22646
The MP_REACH_NLRI (and MP_UNREACH_NLRI) parser incorrectly increments a buffer
offset. Any attributes following will be skipped and/or parsed incorrectly.
No security problem I see - the bounds are checked before parsing each attribute.
svn path=/trunk/; revision=22598
1. Moved all the network layer message type decodings under the network layer control bit check to prevent malformed packets.
2. Added the decoding of the optional network number for the Who-Is-Router-To-Network message type.
3. Added the decoding for the Establish-Connection-To-Network and Disconnect-Connection-To-Network network layer messages.
4. Corrected Initialize-Routing-Table and Initialize-Routing-Table-Ack decoding.
5. Added Network layer info under Column Info.
svn path=/trunk/; revision=22597
When LACP packets have the actor state or partner state fields set to 0x00,
wireshark prints the state like this (note the closing parenthesis):
Actor State: 0x00)
Since there are no flags set, this fields should be printed like this:
Actor State: 0x00
svn path=/trunk/; revision=22594
When a subdissector on top of TCP set ... DESEGMENT_UNTIL_FIN ... then
the subdissector should receive the whole reassembled TCP stream in tvb.
But the bug is it is missing the last payload from the FIN packet.
svn path=/trunk/; revision=22578
The following patch decode DHCP option 249 (Classless Static Route) used by
some Microsoft systems. Same decoding as option 121 (RFC 3442).
svn path=/trunk/; revision=22576
This patch set provides a an API for out of band signalling protocols to
register flows as SRTP/SRTCP using extended versions of the existing
rt(c)p_add_address functions. At present the encrypted portions of the payloads
are simply skipped, and the auth tags etc added as fields.
svn path=/trunk/; revision=22562
gsm_a :
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1754
SMS CP (gsm_a_dtap), RP (gsm_a_rp) and T-PDU (gsm_sms) protocol stacks are
decoded in Wireshark when called by BSSAP or RANAP.
Same protocol stack can be called by GPRS-LLC (sapi 7). Simple modification
needed in packet-gsm_a.c to add dtap dissector to llcgprs.sapi 7.
Me a comment in gprs-llc.
svn path=/trunk/; revision=22559
Fixed an offset for diagnostic in COL_INFO.
This file should really be rewritten to use more proto_tree_add_item's
instead of proto_tree_add_text's.
svn path=/trunk/; revision=22552
different ways, add a set of common conversion routines. Add a
"Frequency/Channel" column and fill it in where we can. Fix RSSI column
printing in PPI.
Fix up whitespace along the way.
svn path=/trunk/; revision=22538
Supports RC2, RC4 and 3DES with SHA1 Password-based Encryption using libgcrypt functions.
Password is provided as a preference, as is trying to decode with a empty/NULL password.
svn path=/trunk/; revision=22534
- s/ntohl/g_ntohl
- s/free/g_free
- Change some tvb_get_string()+g_free()'s into tvb_get_ephemeral_string()
- Change some tvb_fake_unicode()+g_free()'s into tvb_get_ephemeral_faked_unicode()
- Change some tvb_get_string() calls that were clearly memory leaks (like
atoi(tvb_get_string(...))) into tvb_get_ephemeral_string()
svn path=/trunk/; revision=22515
Minor problem in packet-gtp.c when decoding the PDP context Information
Element (7.7.29 in 29.060) The two uplink TEIDs are reversed in
packet-gtp.c, it should be control plane, followed by data.
Reworked the patch.
svn path=/trunk/; revision=22500
Please find enclosed a patch to update BA status code for PMIPv6
according to draft-ietf-netlmm-proxymip6-01 Section 8.5
svn path=/trunk/; revision=22499
Fro Stig Bjørlykke:
1. BER: Added support for empty indef SET
2. RTSE: Added fragment length in COL_INFO
3. IMF: Use correct hf_id for extension value
4. DOP: Fix typo in COL_INFO oid name
svn path=/trunk/; revision=22492
A new version of the IEEE1588/PTP dissector. This dissector now includes the
coming version 2 of the standard. It supports both IP/UDP and pure ethernet
frames.
I've done some minor changes:
LL suffix doesn't work on Win32, used G_GINT64_CONSTANT instead - as described in doc/readme.developer
removed ETHERTYPE_PTP definition, already defined in etypes.h
removed some duplicated "if (tree)"
svn path=/trunk/; revision=22472
"white space" in the Content-Type field before the semi-colon.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1716
Still does not work correctly as packet-multipart.c seems to have got broken.
svn path=/trunk/; revision=22470
there is a mistake in the assigned number of the update request and update
ack shim6 control message. Accordingly to draft-ietf-shim6-proto-08 the
update request has a value of 64 and the update ack 65.
svn path=/trunk/; revision=22438
Correct bug in TCAP statistics when read filter is used.
Rename the TCAP decoding functions to show which are ITU vs. ANSI.
Don't unregister an ITU SSN if it's used by an ANSI subdissector.
svn path=/trunk/; revision=22421
RFC 4627 defines "The application/json Media Type for JavaScript Object Notation (JSON)"
application/json is a text based type used by JavaScript applications and web pages.
svn path=/trunk/; revision=22420
- add support of session management for tcap ANSI.
(In fact, this support already exist for ANSI MAP subdissector, but as our
simulators can reuse the tcap transaction Id, the decoding of the response
may be wrong)
- move the code related to asn1 in tcap.cnf, and update tcap.cnf
- move the code related to the session management in tcap-persistentdata
- add a compilation option to free the entry in the hashtable for a closed
transaction. This is used only for tshark statistics generation, with huge file.
- cleanup and add some comments
Add Id tags to epan/tcap-persistentdata.{c,h}
svn path=/trunk/; revision=22415
- modify subtypes for individual TCMessage/ansi... fields instead of switching based on hf_index inside common TransactionPDU type
svn path=/trunk/; revision=22411
_want_ what's currently in the INFO column (usually a more generic message
type from a lower level dissector) replaced (usually with a more
specific--higher level--message type from the currect dissector). Add a
comment there not to change it back and to explain the use of col_set_fence()
in case someone finds data there that they _don't_ want replaced.
svn path=/trunk/; revision=22409
- add a subtree to the ApplyChargingXX Report
- add a subtree to ReleaseCall and ReleaseSMS
- synchronize Unix and Windows makefile.
svn path=/trunk/; revision=22396
last draft, draft-ietf-behave-rfc3489bis-07. Changelog:
* My employer is now sponsoring this work, so added a copyright line.
* Added a comment for each method/attribute with the RFC/I-D where is
it defined, so it will be easier to add new STUN usages.
* Removed the SHARED-SECRET method.
* Removed the PASSWORD and REFRESH-INTERVAL attributes.
* Changed "Response" to "Success Response".
* Changed "Error Reason Phase" to "Error Reason Phrase".
* Added reassembly for TCP segments on STUN2.
* Updated STUN acronym expansion.
* Renamed STUN2_ERROR to ERROR_RESPONSE.
* Changed the value of attribute FINGERPRINT from 0x8025 to 0x8028.
* Display if an unknown attribute is comprehension-optional or
comprehension-required.
* Reorganized order of attributes in the dissector code.
* The message length is now displayed in decimal.
svn path=/trunk/; revision=22383
This is a major re-write of the WLCCP version 0xc1 dissector. It now is
able to dissect many more WLCCP message types and the TLVs that may be
included in a message. Placeholders are left for message types and
TLV types that we do not currently have enough data to engineer a
dissector.
svn path=/trunk/; revision=22330
The work is still incomplete (anything but strings and numbers appears as bytes) but I want others to start testing it.
TODO:
builders and decoders for:
- (ntp) timestamps
- addresses
- diameteruris
- diameteridentities
- ipfilterrules
- qosfilterrules
- mipregistrationrequests
svn path=/trunk/; revision=22318
Jaap Keuter