Here is a patch for gsm_map dissector that adds USSD string decoding (mainly used in processUnstructuredSS-Request, UnstructuredSS-Request, UnstructuredSS-Notify). For now, it assumes that it will be GSM 7 bits.
It re-use packet-gsm_sms.c "gsm_sms_char_7bit_unpack" and "gsm_sms_char_ascii_decode" functions, as well as packet-smpp.c "smpp_handle_dcs" function.
svn path=/trunk/; revision=17739
With a change :
#ifdef HAVE_LIBCRYPT
#define __USE_LIBGCRYPT__
#endif
>> > finally, I have updated my dissector using libgcrypt.
>> > It does not use openssl anymore.
>> > If gnutls is installed, all should work.
>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>> > encapsulations ...) :
>> >
>> > - NULL Encryption Algorithm
>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256
>> > bits.
>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>> > 32 bits will be used as nonce.
>> > - DES-CBC [RFC2405] : keylen 64 bits
>> >
>> > I also have added :
>> >
>> > - BLOWFISH-CBC : keylen 128 bits.
>> > - TWOFISH-CBC : keylen 128/256 bits.
>> >
>> > You have to indicate the Authentication algorithm even if all
>> > Algorithms since it uses 12 bytes in the Auth field should work
>> > (have a look to the README to understand why I put it
>> > ;-) ). If you consider I have to throw it away please tell me.
>> >
>> > HMAC-SHA1-96 [RFC2404]
>> > NULL
>> > AES-XCBC-MAC-96 [RFC3566]
>> > HMAC-MD5-96 [RFC2403]
svn path=/trunk/; revision=17734
a minor fix for 3GPP2 A11 Session Updat
From me:
a fix to packet-ppp.c to dissect the payload
and some changes in the gre dissector to display the 3GPP values.
svn path=/trunk/; revision=17733
for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
- to_str.c: add support of "AT_NONE" address type in address_to_str_buf (avoid the assert failed later on
when messages have address type of AT_NONE - which can be the case for an MTP2 capture with FISU messages)
- packet-isup.c: changed source and destination addresses from (net_src and net_dst) to (src and dst) so
that addresses taken into account in the statistics are the SS7 point codes
svn path=/trunk/; revision=17720
> I have improved the heuristics and the display tree building code in
> dissect_jxta_udp() and dissect_jxta_stream() to avoid this problem.
svn path=/trunk/; revision=17709
find attached the patch that reflects this interpretation of
> this field accordingly. It also fixes a few minor bugs associated with
> the handling of 'UNIX Secs' field and two field types
> (LAST_SWITCHED(21) and FIRST_SWITCHED(22)) in case of NetFlow V9.
svn path=/trunk/; revision=17698
Some cosmetic changes:
- when working out the application id description to show in the info
column, also consider vendor application identifiers
- make sure application ids and command codes are always shown as
decimal numbers
- a little whitespace tidyup
svn path=/trunk/; revision=17684
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681
of 16 bytes. Use "sizeof" for the size of e_guid_t's, and use structure
assignment to copy GUID values.
Make functions such as append_h225ras_call() and new_h225ras_call() take
pointers to e_guid_t's as arguments.
Define GUID_LEN in epan/guid-utils.h and use it as the length of a GUID
in a packet. (Note that "sizeof e_guid_t" is not guaranteed to be 16,
although it is guaranteed to be the size of an e_guid_t.)
When constructing a display filter that matches a GUID, use
guid_to_str() to construct the string for the GUID.
svn path=/trunk/; revision=17676
displayed by name in debuggers and so that switch statements can check
whether all types are handled.
Add a check for an unknown handle type, to squelch compiler warnings
(and to catch missing handle type code at run-time, if new handle types
are added).
svn path=/trunk/; revision=17671
BACnet schedules. Could someone please take care of this?
1) fDate - correctly handle wild card year
2) fTime - rename local variables cut-and-pasted from fDate
3) fCalendarEntry - do single-pass decoding rather than while loop since the structure cannot be repeated.
4) fDailySchedule - correctly handle enclosing context tags.
5) fWeeklySchedule - correctly handle enclosing context tags
6) fAcknowledgeAlarmRequest - fix function name spelling and tags 3 and 5 are timeStamp, not time.
7) fSpecialEvent - handle context tags correctly.
8) fReadRangeRequest - Add cases from 2004 spec
Dave Richards
svn path=/trunk/; revision=17667
- dissection of SIP headers containing credentials and challenges.
from me:
- add filter fields for some missing related parameters from RFC 3261
- improve calculation of parameter length.
This implements enhancement request (bug id 812)
svn path=/trunk/; revision=17660
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
This small patch will cause the current AVP dictionary to be freed and
repopulated when relevant preferences have changed.
svn path=/trunk/; revision=17635
Please find enclosed a patch for the BGP dissector.
A 0 length IP address is valid in NLRI dissection. It just means "0/0 address".
svn path=/trunk/; revision=17634
update it to dissect it as such and create new helpers for the new structure that takes one extra guint32 at the end of the previous structure.
svn path=/trunk/; revision=17632
The code assumes Template FlowSet contains only one Template Record, which is not necessarily true. Please find attached the patch to fix it.
svn path=/trunk/; revision=17630
> This patch:
> - adds a few filterable fields (currently there are only hidden
> boolean fields for request and response).
svn path=/trunk/; revision=17629
>>>This patch:
>>>- makes it possible to turn off use of the XML AVP dictionary (which
>>>relies upon the XML lib being installed). A failed load results in 3
>>>annoying dialogs popping up the first time a diameter packet is read.
>>>Default is previous behaviour.
svn path=/trunk/; revision=17628
and if the checksum is wrong
and if the checksum field is 0x0000
mark the packet as [Checksum Offloaded] and still allow reassembly of
tcp segmetns
since it is most likely just a tco checksum offload engine and not a real checksum error
svn path=/trunk/; revision=17612
(report luns with allocation length 8 for example)
Therefore it is a bit wrong to mark these packets as [malformed packets]
Since they are truncated by scsi and this is NOTY an error condition.
Add a new exception type : ScsiBoundsError
If this exception is caught by packet-frame, then print an appropriate message
instead of [malformed packet]
For SCSI, add helper macros TRY_SCSI_SHORT_PACKET and END_...
If the packet was not short in the normal sense (snaplen < packetlen) then intercept the exception for BoundsError and rethrow it as ScsiBoundsError instead.
svn path=/trunk/; revision=17611
added another command preventallowmediaremoval besides those 3.
> enhanced packet-scsi.c a bit to decode 3 more scsi commands
>
> getperformance
> setcdspeed
> readdiscstructure.
svn path=/trunk/; revision=17610
rename binding into assoc(iation) which is the AOC name.
move the definition of sccp_assoc_t to packet-sccp.h so that information regarding sccp associations it can be used by user protocols
svn path=/trunk/; revision=17590
(The macro GET_MSG_TYPE does propper bounds checking but coverity doesn't consider it (may not be able to resolve the ?: operator) )
svn path=/trunk/; revision=17581
- Display UUID for tag #97 (Client machine identifier)
- Display UNDI major and minor version for tag #94 (Client network
interface identifier)
- Use value strings for tag #93 (Client system architecture)
The byte ordering is messed up for the GUID though.
svn path=/trunk/; revision=17541
Anders Broman