an MTP3 PC in there (else we get a bus error on SPARC systems).
If we don't have MTP3 PC addresses hash on address_to_str(&pinfo->src). This
makes TCAP statistics work over SUA.
svn path=/trunk/; revision=23401
TRUE if the result of the operation has any bit set; that means that the
test should stop and return TRUE as soon as it finds two bytes that when
ANDed together are non-zero, and return FALSE if no such byte was found.
The other test functions don't have "_bytes" in the routine name; don't
put it into this one.
svn path=/trunk/; revision=23374
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
This uncomments the OID registration of pkixcmp and adds 2 Cryptlib OIDs
Changed to use oid_add_from_string for adding names.
svn path=/trunk/; revision=23316
Makes more fields searchable
Also fixes some typos and indentation errors
Fixes bug http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1802 for edonkey
dissector: every field defined by the dissector is now contained under the
PROTOABBREV=edonkey "root" key
svn path=/trunk/; revision=23315
nine or so packets are handled to accommodate authentication type none and
to allow cleaner future improvements. Includes a few touch ups to the
rest of the dissector as well.
svn path=/trunk/; revision=23310
- parameterized object class assignment
- octet string with extensible size constraint
- RELATIVE-OID type (still not supported in packet-per/ber)
packet-per
- octet string with extensible size constraint
more dissect_per_... functions exported from libwireshark.dll
PER dissectors regenerated
add forgotten packet-h323-template.h
fix svn properties for h323 files
svn path=/trunk/; revision=23309
This dissects the initial Connect-Initial and Connect-confirm pdus of
setting up t.125
The dissector needs to be enhanced to also decode the data payload so
that it can decode any furhter packets on the connection after these two
initial handshake packets
svn path=/trunk/; revision=23307
asn1 template file plus generated .[hc] files;
Note that the generated files include changes which are a result of previous
changes to snmp.cnf (SVN #23252) and of other changes (eg: svn 21145).
svn path=/trunk/; revision=23302
When doing TCP_SEQ analysis, if the packet is a SYN, then it's
not a lost packet but the tcp ports are being reused. This is often
seen in load-balanced environments where client ports are preserved
on the server-side.
This time it is fixed by creating a new conversation whenever a
new SYN is received for an existing conversation. This fixes the
following:
- bug 1680: Error in TCP Sequence number analysis
- TCP-conversation timestamps for new TCP-sessions with the addresses
and ports as a previous TCP-conversation in the trace-file.
svn path=/trunk/; revision=23299
According to http://www.iana.org/assignments/bootp-dhcp-parameters, suboptions
from 1 to 10 have been defined. 3 is reserved, and most of the others have
their own RFC. For a start I've attached a patch that decodes suboption 6 just
as 1 and 2, and also suboption 3. This might not be entirely correct, since
suboptions 1 and 2 are opaque values (RFC3046), while 6 is an ASCII text
string.
I added something for the other values as well...
svn path=/trunk/; revision=23293
The description of the most significant bit of the "Device Revision" byte of
the response to a "Get Device ID" is the wrong way round. 1 means "device
provides Device SDRs" and not the contrary according to IPMI specs 1.5 and 2.0.
Also, I noticed in that file that "Chassis" is spelled "Chasis".
svn path=/trunk/; revision=23292
Enhancement:
- TIPC is available in a new version (1.7), adding/removing fields while
keeping the same version number (2).
Minor bugs:
- In NAME_DISTRIBUTOR messages the origianting and destination node are
switched.
- The used size of BUNDLER messages payload is not calculated correctly when
size%4=0, this leads to the wrong assumption that the message would be
malformed.
svn path=/trunk/; revision=23291
The GIOP Fragment message type was added as of GIOP 1.1. However the Fragment
message header (containing a request id) was only added as of GIOP 1.2. The
GIOP Fragment dissector incorrectly attempts to process the request id for a
version 1.1 request.
To fix add a version check to the dissect_giop_fragment function in
packet-giop.c:
svn path=/trunk/; revision=23289
- Use a fast path for the most common use of tvb_get_xxx functions:
offset is >= 0 and tvb->real_data is set (this one is always true).
- match_strval() is a linear search, put the most common protocols
TCP/UDP/RDP first.
- fix gtk1 g_strlcat declaration Use g_strlcat
svn path=/trunk/; revision=23285
RFC3315 says that the vendor-specific information option must encapsulate each
option in the format code/length/value. The current dhcpv6 dissector does not
differentiate these fields, it just puts it all together as one option-data
field. Attached is a patch that addresses this issue.
svn path=/trunk/; revision=23284
Replace strncpy with g_strlcpy.
Add g_strlcat for GTK1 and don't use g_snprintf in GTK1 g_strlcpy
printf family is very slow.
svn path=/trunk/; revision=23273
(where the initial length isn't readily available when item is first added)
Note that this still won't work where an initial length of 0 is given for
the item that will later be extended using proto_item_set_len(), as the
pointer value part of the zero-length array will reamin NULL...
svn path=/trunk/; revision=23253
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
Removed some workaround code in the .cnf file.
There is still some code for handling an EXTERNAL (EXTERNALt) as the RTSE dissector has its own set of callbacks and consequently can't (currently) use the packet-ber.c functions.
svn path=/trunk/; revision=23242
Note that there is still a problem with 'Apply as filter' filters. They seem to remember the initial length of the item, and not the final length set using proto_item_set_len() (this is the case for groups of TBs/PDUs). Will investigate when time allows...
svn path=/trunk/; revision=23239
if we were given them; doing so when we weren't seems to change the
apparent group set in OS X 10.5 (and possibly 10.4 - the group set
manipulated by getgroups()/setgroups() isn't the full group set, and
changing your UID might cause the credential identity resolver daemon
not to give you your full group set).
svn path=/trunk/; revision=23234
sFlow datagrams can contain sampled headers from conversations on the network.
Often it is convenient to have wireshark dissect these payload headers, but
doing so can also have undesirable side effects. Dissected payload headers may
match filters looking for header fields that also happen to occur in the
payload. This can cause surprising results.
Also TCP analysis will almost always flag errors on sampled headers. They are,
after all, just a sample and many sequence numbers are sure to be missing.
There is probably a more general way to resolve these issues, but adding
preferences to enable/disable tcp analysis and dissection of sampled headers
will be a good start. This will make it possible to examine the details of
sampled headers if desired or to disable dissection if the side effects of
dissecting sampled headers cause issues.
svn path=/trunk/; revision=23230
H.225
- change RysMessage_vals to h225_Rasmessage_vals
- use #.PDU directive for H323-UserInformation and RasMessage instead of implementing it by hands
- register RasMessage_PDU as "h225.ras" dissector for calling it from H.460
asn2wrs make PDUs exportable
svn path=/trunk/; revision=23226
- Generic Extensible Framework helper
- Annex M1 (QSIG over H.323)
- Annex M4
- Annex R
H.225/H.245 support for Generic Extensible Framework (GEF)
H.235 register MIKEY into new H.225/H.245 GEF tables
regenerate H.225,H.245,H.235,H.450,H.450-ROS,T.35 from new makefiles
svn path=/trunk/; revision=23216
When a SYN/ACK is missing in the capture, the base_seq used in
relative sequence numbers was not set correctly. I made the
setting of fwd->base_seq and rev->base_seq a little more solid.
svn path=/trunk/; revision=23213
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
Author :
Richard Kuemmel <r.kuemmel[AT]beckhoff.de>
Updates and bugfixes:
Peter Johansson <peterjohansson73[AT]gmail.com>
svn path=/trunk/; revision=23174
I would like to submit the dissector that will add support for dissecting CFM
packets with the ethertype 0x8902 defined by the IEEE proposal for 802.1ag
Draft 8.1. This code has been tested using the CFM feature implemented on a
pre-GA build of the Spirent TestCenter, and the Alcatel-Lucent 7330 ISAM
product. Code has been reviewed and tested by the design team at
Alcatel-Lucent in the Access Network Department (AND).
I have also added some elements for the ITU proposal Y.1731, where it will
recognize all additional opcodes for that proposal, and it will fully dissect
the AIS PDU.
Fuzztest has been performed and has passed.
svn path=/trunk/; revision=23170
This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1888
There are new versions of CMP (v2) in RFC4210 and CRMF (v2) in RFC4211. The
right to exist of CRMF is bound to CMP so I don't split that into two bug
reports.
I'll upload the new (slightly handmassaged) ASN.1 files for both protocols,
along with patches for the respective cnf files, where I also added new
#.REGISTER statements.
Additionally I had to export some definitions from pkix1explicit (Attribute,
Time, UniqueIdentifier and Version) and from pkix1implicit (KeyIdentifier).
I'll also upload a patch for that.
I uploaded a CMPv2 sample (with errors in the protocol!) to the wiki.
svn path=/trunk/; revision=23082
LocalIdentifier when problems with the GlobalDomainIdentifier.
- Initialize global pointers to avoid potential crashes.
svn path=/trunk/; revision=23080
- Added generated entry for total missing sequence numbers
- Added expert info on invalid ack info length
- Added count of ack in info column
svn path=/trunk/; revision=23079
This patch adds support for IMPS 1.3 protocol dissection and also
updates IMPS 1.2 protocol to approved release version.
From me:
- Updated vals_wbxml_public_ids table.
- Reindented file.
svn path=/trunk/; revision=23078
1) IPFIX port (4739) should be configurable without recompiling
2) It should be possible to specify more than one port to be dissected as
Netflow and/or IPFIX
3) Netflow should recognize UDP ports 2055 and 9996 (Both are common)
Also (from me):
- make Netflow a "new style" dissector: return 0 if it doesn't appear to be a
valid netflow packet
- register the old preference (cflow.udp.port) as obsolete so users don't see
warnings about it not being valid
svn path=/trunk/; revision=23075
- COL_REL_CONV_TIME which is used to display the time relative to the first frame that was seen in the conversation
- COL_DELTA_CONV_TIME which is used to display the delta time from the previous frame of the conversation
It also adds the function "col_set_time()" to "epan/column-utils.[ch]" which can be called from within a dissector to set either of these two columns to the appropiate time.
Last but not least, it lets the tcp-dissector make use of these two columns.
svn path=/trunk/; revision=23058
packets that doesnt look like valid radius.
verify that a packet is radius by checking that the command code is
known and also that the length is between 20 and 4096 bytes
move the tap data to be ep_allocated instead of a static global variable
dont use tvb_memcpy() to read a structure off the wiredata
use tvb_get_... to unmarshall the fields explicitely
this fixes bug 1634
svn path=/trunk/; revision=23039
address_to_str_buf() does now take COL_MAX_LEN as a parameter.
Add support for AT_URI to col_expr for addresses in col_set_addr(). The field names are "uri.src" and "uri.dst".
svn path=/trunk/; revision=23017
nothing really in the header to identify it reliably as silly
vendor specific encapsulation
10000 is actually registered by iana for ndmp so it makes no sense for
a lazy vendor to use it by default.
make it check if the packet is ndmp first before assuming that anything
that goes to port 10000 must be some lazy vendor specific protocol
grrr
svn path=/trunk/; revision=23009