use UTF-16 internally and GTK+ 2.x uses UTF-8, which means we have to
do a lots of conversions.
Add utf_8to16() and utf_16to8 convenience functions to strutil.c.
svn path=/trunk/; revision=17534
length_remaining could become -1 and if so the next tvb access (tvb_memcpy()) would cause an exception. not really an ethereal since it would have no ill effects in reality.
change !=0 to >0 to make it more clear what we actually test.
svn path=/trunk/; revision=17528
this if statement always evaluate to true since it is called from a single place that is only entered if the very same expression is also true there.
svn path=/trunk/; revision=17524
Update on dissector packet-scsi
* modepage processing for MMC
* support cmd Get Event Status Notification
* support cmd start stop unit for mmc
svn path=/trunk/; revision=17484
test this functionality by calling these vector insert/lookup tree functions from the nfs dissector for when filehandles are used as a key.
these vector functions could also be used to efficiently store conversations :
se_tree_key_t[6] = {
{ addr_len/4, &src_addr },
{ addr_len/4, &dst_addr },
{ 1, &src_port32 },
{ 1, &dst_port32 },
{ 1, &protocol32 },
{ 0, NULL }
}
(the nfs dissector needs a LOT of work. It is very painful to work with
very large nfs traces with all the memory it wastes (and eats) as well as how slow all the tables make it)
svn path=/trunk/; revision=17477
The M3UA I-G and -bis specify a couple of registration result codes that
the M3UA dissector doesn't currently understand. The attached patch fixes that.
svn path=/trunk/; revision=17476
Version 0.47a of eMule extends the eDonkey protocol to support files up to 256GB in length. This patch adds support for the new packet types, and changes to existing packets, used to support this.
In addition, it seems to be getting more common to use compression on the index server connection. The packets used are just like the uncompressed versions, except transmitted as a zlib compressed stream, so I've added dissection for the contents of those too.
Plus a couple of bugfixes to the UDP packet dissection.
svn path=/trunk/; revision=17475
Updated dissector packet-scsi to
* decode the device configuration mode page;
* decode the request sense response;
* fix a wrong lens print in several writeX(). this happens when one packet contains several iscsi pdu. one write data pdu will be explained as request with LEN extracted (but it is not a cdb so it was wrong).
* split the dissect_scsi_snsinfo() into 2 parts so the sense data decode part can be a subroutine shared by requestsense() and maybe more places.
svn path=/trunk/; revision=17460
There is error when ethereal dissects UMTS AMR codec info.
The "Initial Codec Mode" does not exist in 3GPP TS 26.103(v4.a.0)
but OM(Optimization Mode) is correct parameter.
svn path=/trunk/; revision=17458
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17452
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17451
I know nothing about iscsi , but try the attached patch. It fix the
wrong desegmentation and the ethereal bug isn't triggered anymore.
svn path=/trunk/; revision=17445
only call subdissectors for packets that are NOT keepalives nor zerowindowprobes.
keepalives only contain garbage anyway
and zerowindowproes just contain a single byte of incomplete data so whats the point trying to dissect it further.
svn path=/trunk/; revision=17443
Use "tvb_get_ephemeral_string()" to extract a counted string into an
ep_allocated null-terminated buffer.
Constify a variable that points to packet data.
svn path=/trunk/; revision=17435
(you don't have to worry about comments in #if 0'ed otu code), and it
also fixes an unclosed comment (the commenting-out ended with /* rather
than */).
Fix up some indentation as well.
svn path=/trunk/; revision=17434
fixes the following compilation warnings (and
potential problems that may otherwise follow).
packet-per.c(796) : warning C4047: 'function' : 'struct _proto_node ** '
differs in levels of indirection from 'struct _proto_node *'
packet-per.c(796) : warning C4024: 'dissect_per_boolean' : different
types for formal and actual parameter 7
packet-per.c(796) : warning C4700: local variable 'pi' used without
having been initialized
svn path=/trunk/; revision=17427
use proto_tree_add_[u]int[8,16,24,32,64]() instread of proto_tree_add_item()
since BER integers may well be encoded in less bytes than the type requires.
(i do not think the old code with proto_tree_add_item() could have handleded negative values very well or at all.)
svn path=/trunk/; revision=17425
This patch further tightens up testing for resent packets.
It now always compares the method. I've seen examples where the called
party hangs up, and chooses the same CSeq for the BYE as the calling
party chose for the INVITE.
svn path=/trunk/; revision=17408
a patch for the VoipCalls to fix a couple of issues:
- a problem with the RTP Events (RFC2833) not been handle correctly
- Display the RTP stream in time order when the setup frame is after the
RTP stream.
- fix a init issue that caused the H245 packet to not been displayed
correctly.
svn path=/trunk/; revision=17385
a patch for the VoipCalls to fix a couple of issues:
- a problem with the RTP Events (RFC2833) not been handle correctly
- Display the RTP stream in time order when the setup frame is after the
RTP stream.
- fix a init issue that caused the H245 packet to not been displayed
correctly.
svn path=/trunk/; revision=17383
inside this expansion show
1, eth.addr so people can see that this field exists (i think it is futile to use "hidden" fields and expect people to search through the infinitely long list of fields, better show everything and they will see themself what fuields they can filter on)
2, bit 0x01 of the first byte to show if it is Multi or Uni-cast
3, bit 0x02 of the first byte to show if it is a locally administrated address or not.
I do use the (to laymen) more descriptive names "factory default" instead of LocallyAdminAddr in the true_false string though.
svn path=/trunk/; revision=17378
dont play games with lnk_t
If the preference is set to unconditionally dissect everything as docsis just call the docsis handler directly.
svn path=/trunk/; revision=17377
> The included patch fixes BFD version detection in the BFD packet
> dissector and extends it to correctly dissect version 1 packets. The
> Authentication Section part of the packet is still not dissected.
>
svn path=/trunk/; revision=17357
IEEE802.3ah-2004 (OAM) Errored Frame Seconds Summary Event TLV is not being
decoded properly. Per IEEE802.3ah-2004 section 57.5.3.4, item g, the Error
Running Total field should be 4-octets however Ethereal is trying to decode this
field as 8-octets which results in incorrect value reported for "Error Running
Total" and "Event Running Total".
svn path=/trunk/; revision=17351
Add the same workaround used in packet-ftam.c for the bad handling of the asn "IMPLICIT SEQUENCE", in the packet-gsm_map-template.c. This patch concerns Map V3 messages, not correctly decoded with the previous workaround "offset=offset+2".
Change a parameter for Provide Roaming Number decoding.
Add a decoding fonction for "Channel needed" parameter to avoid a decoding error for Paging messages
with a change to actually dissct channel needed.
svn path=/trunk/; revision=17350
pinfo->net_src and pinfo->net_dst where used to set up conversation, but
this fields are null on eap stream. use pinfo->src and pinfo->dst
instead.
The patch also enable strict checking in the 'follow ssl stream' dialog.
svn path=/trunk/; revision=17333
The attached patch should fix bug 742.
The issue is (at least, I think so...) in the packet-x509af dissector
A null pointer is passes as parameter of a " %s " format string.
svn path=/trunk/; revision=17317
Here's a tiny patch that will allow for dissecting of chunked coded HTTP
responses when there is an extension or trailing whitespace in the
Transfer-Encoding: header.
svn path=/trunk/; revision=17314
- enable the 'follow SSL stream' menu item only when a ssl packet is selected.
- when 'following' an ssl stream, show ssl decrypted data only for current conversation.
- fix a typo in ssl preference description.
svn path=/trunk/; revision=17301
- Improves ability of dissector to find conversations without seeing
whole stream.
- Fixes some issues with dissection of data which requires reassembly.
- Adds the ability to dissect jxta conversations from SCTP streams.
- Better handling of welcome message.
- Adds direct dissection of compressed SRDI data.
- Has been run through extensive fuzz testing.
- Fixes compiler warnings with previous patch 17141
svn path=/trunk/; revision=17282
the attached patch fix a couple of possible memory leak in the ssl
decryption code, add some indentation fix, more comments and add the
preference to select the debug output (missing in previous patch)
svn path=/trunk/; revision=17281
The attached patch cleanup the debug infrastructure for ssl dissector.
Debug messages are by default off and can be enabled via the ssl
dissector preference. Debug output can be directed to stderr or file.
svn path=/trunk/; revision=17253
The attached patch fix bug 732.
The problem was in the client key dissection. On ssl v3 the encrypted
data is the whole record data, on tls v1 the encrypted data is preceded
by the 2 bytes length of the encrypted data itself.
svn path=/trunk/; revision=17244
the Nettle library and specify a Pluto log file in the preferences.
The Pluto log MUST include the encryption key used in each phase.
Add filters for many fields (and get rid of a lot of
proto_tree_add_text()s in the process).
Fix up whitespace.
Sponsored by CableLabs.
svn path=/trunk/; revision=17229
attached a patch that supports filtering for
Juniper's meta information prepended
before packets (logical encapsulation, ifd index etc.)
Me:
declare juniper_ext_get_tlv_value static
svn path=/trunk/; revision=17226
This is a simple patch to the Netflow v9 dissector, that let it decode
Netflow v9 MPLS-Aware, a feature of Cisco 12000 IOS 12.0.24S and above
on Cisco 12000, 7500 and 7200 that is very useful for MPLS-VPN networks.
svn path=/trunk/; revision=17225
the attached patch clean a bit the ssl decryption related code, removing
a macro I used when the code was still for an external plugin.
svn path=/trunk/; revision=17217
if the secblob starts with 'NTLMSSP' call the ntlmssp handle directly and not the gssapi one
ntlmssp:
dont change offset when dissecting a client_time, offset will be changed properly later outside the switch.
svn path=/trunk/; revision=17215
Packet-g723.c - B0 and B1 should be treated together.
packet-tipc.c - Change desgementation code to handle more than 2 segments.
svn path=/trunk/; revision=17204
>There is still an issue into the HAVE_LIBGNUTLS macro definition. I'm
>fixing it and cleaning a bit the windows side configuration. I hope to
>post soon the fix.
The attached patch should fix the issue. I missed to modify the
config.win32 file and I misstyped a few macros name.
svn path=/trunk/; revision=17200
If the P bit is NOT set, then flag the PID field as "(not valid)"
Sicne the TID might be undefined/0 in the response to a "pending" read
we cant use that solely to determine if a read was for a named/pipe (==dcerpc)
Assume that only NamedPipe reads can be STATUS_PENDING and thus have the P bit set and assume it IS dcerpc if the P bit is set.
svn path=/trunk/; revision=17197
Set up to build on Windows if we have GNU TLS.
Define "ssl_data_set()" regardless of whether we have GNU TLS or
not, as it's used in either case.
Get rid of an extra #include of epan/gnuc_format_check.h.
svn path=/trunk/; revision=17177
I have developed an external plugin to enable ssl decryption in
ethereal.
Me
- Remove unnecessary $Id$ from acinclude.m4
- Added packet-ssl-utils.h to Makefile.common
- Fixed a few warnings
TODO
- Lots of warning fixes (see separate mail)
- Reformat function headers to read like the others do
(return value<newline>function-name...)
- Test on Windows platform
- Review the patch to packet-ssl.c and new files packet-ssl-utils.[hc]
svn path=/trunk/; revision=17156
the choice dissector didnt sometimes use the correct next_tvb.
based on a bogus variable 'first_pass' that was added as a qad solution to some weird CMIP problem.
svn path=/trunk/; revision=17142
epan/dissectors/ncp2222.py - Fixes the NCP group values for all NCP's. Also fixes some additional return values and cleanup.
gtk/ncp_stat.c - Fixes the NCP group values for SRT.
gtk/service_response_time_table.c:
The SRT is broken if you hit the reload button or apply a filter. The table isn't cleared so each item in the list is duplicated and the second entries remain with initial values. This patch clears the GTK_CLIST so that the redundant entries no longer appear.
svn path=/trunk/; revision=17139
This patch shows (as extra, generated fields) what the address and port will be after XORing again with the transaction ID. I've done IPv4, but don't have any IPv6 captures to test with...
svn path=/trunk/; revision=17126
list of address families) and the list of strings in afn.c, and use them
in packet-lldp.c instead of having it define its own.
svn path=/trunk/; revision=17114
i have tested it with many captures but this used to be fragile and delicate code so there might be some regressions that will need to be addressed once identified.
svn path=/trunk/; revision=17107
This file uses SEH which AFAIK is only available for MS Visual-C.
I build using MingW/gcc, so the attached patch is needed.
svn path=/trunk/; revision=17102
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
headers.
Fix capture_radiotap() to check for padding between the 802.11 header
and the 802.11 payload and to call different capture routines depending
on whether it's present or not, and create capture_ieee80211_datapad()
to handle the case where it's present.
Fix capture_radiotap() to convert the Radiotap header length from
little-endian, and to do some sanity checking of that length.
Fix capture_ieee80211_common() to use the offset supplied to it to fetch
the frame control field, as that offset isn't necessarily 0.
svn path=/trunk/; revision=17083
1. Fix a bug in caclulating the 802.11 header length for QoS
data frames (way bad regression from previous code).
2. Add support for packets w/ data padding between the 802.11
header and the payload (as indicated in the radiotap flags).
3. Add support for handling FCS indication in the radiotap
flags.
4. Fix display of TSF (previous code was not byte swapping).
5. Update ieee80211_mhz2ieee in radiotap.c to handle more
channels.
6. Nuke some #if 0 code I left in radiotap.c a while back.
Also, clean up the various macros that extract stuff from 802.11 header
fields or define bitfields within those header fields:
group them by the fields from which they extract and the values
they extract, or the header fields to which they belong;
get rid of some of the COOK_ in the names - COOK_ really doesn't
indicate anything useful, such as the field from which they're
extracting (we should get rid of the rest);
put in some more comments explaining what they do;
get rid of some unused macros;
get rid of some values that aren't flag values - they're values
to test whether something's a data frame with a particular byte
set in the subtype field, but they're only used on data frames,
so we only need to test the bit in question, so we define macros
to test the bit and name them to indicate that they're for use
on data frames.
Consistently use "CF-Ack" and "CF-Poll" in the strings for various data
frame type/subtype values, and get rid of "802.11" (it should be obvious
to one and all that this is 802.11...).
Comment out some variables used only in commented-out code.
Get rid of some unused variables.
Fix up one "proto_tree_add_text()" call where the format string didn't
match the arguments.
svn path=/trunk/; revision=17080
This patch for the STUN dissector fixes a bug (wrong value for DATA_INDICATION attribute) and adds the decoding of IPv6 address in attributes.
svn path=/trunk/; revision=17078
This way we (hopefully) can continue dissecting with the next packet, even if a more serious exception had occured, e.g. a memory access violation or a divide by zero exception.
Obviously, not all problems solved, as SEH won't protect us from other problems, e.g. endless loops and such
svn path=/trunk/; revision=17070
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
This fixes bug 523, but exposes more of bug 658.
The TACACS and SDP dissectors don't call inet_aton(), so don't include it.
svn path=/trunk/; revision=17056
separate buffer. Fixes the current Buildbot failure.
Don't let the sprint_realloc_* functions reallocate ep_allocated memory.
Add comments warning against this in the future.
In emem.c, make sure we don't use an extra 100k every stinkin' time
someone wants to allocate memory when debugging is enabled.
Fixup whitespace.
svn path=/trunk/; revision=17051