This is a dissector for ZRTP, the Zfone projects secure media protocol, developed by Phil Zimmermann.
It is updated to the latest IETF draft draft-zimmermann-avt-zrtp-08.
svn path=/trunk/; revision=26274
normal case, and dissectors with warnings are the exception; the
ultimate goal is to have only clean dissectors.
Move a bunch of now-cleaned-up dissectors into the "clean" category.
Fix a comment.
svn path=/trunk/; revision=26096
Create a set of warning-clean ASN.1 dissectors and build them with
-Werror, to try to prevent errors creeping back in. Put the P7
dissector there.
svn path=/trunk/; revision=26090
1 new split file (GMM & SM in one file) and diff patches for the others. The RR, RP and BSSMAP patches are really a tidy-up: now they are split it becomes clear what was redundant code.
svn path=/trunk/; revision=26064
RR has been split from DTAP, with common stuff going to the common files (plus a few minor knock-on consequences).
Fix the broken tap:
I had not realised that the register_tap call in the dissector registration actually _created_ the tap entry (not the register_tap_listener), and not just associated the tap_id returned with the tap registered by the listener. The use of separate statics by the split lead to 3 taps called "gsm_a", but only the first of which was ever found in the tap_queue_packet. Added (yet another) global for now to cope.
Also attached is a patch to tap.c which simply returns the same tap_id if the register_tap is called twice with the same name - I can't see any downside to this, can you? Anyway it seemed to work with deliberately keeping multiple calls.
svn path=/trunk/; revision=26039
Support WAVE Short Message Protocol IEEE P1609.3(WSMP).
Slightly modified to display the message as Data as from the supplied trace it looks not to be text.
The packet-ieee80211.c patch is not included as the trace in question shows malformed packets.
svn path=/trunk/; revision=26022
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
when we check and ignore the two names "." and ".."
we must do so for both methods a caller can provide the name :
offset into a tvb, as well as a char* to a string.
also add ->full_name in the dissection to the replies so that fh
matches
both request and reply and not ->name
svn path=/trunk/; revision=25941
All I've done in these is to split the 3 obviously distinct protocols (BSSMAP & RP) from the still-large (and wrongly-named) DTAP (really the whole of layer 3 - it includes RR and packet parts too).
So far I've only split in a "minimum change" manner - there is clearly some tidying and structure enhancement of how the common bits are used, removing the globals just added, and great scope for consistency of white space, improved naming etc. - but I thought it best to keep it very close to the original initially to establish the split.
With some changes to make it compile on Windows.
svn path=/trunk/; revision=25917
the GLIB version instead.
Reindent some (does someone have their tabstops set to 4?).
Create and use some #defines instead of hard-coded values. For example,
replace 0x00 with ANSI_X34 in both the value_string and the case statement.
(This file could use a lot more of such changes.)
packet-bacapp.c appears to compile cleanly now so move it to
CLEAN_DISSECTOR_SOURCE.
svn path=/trunk/; revision=25758
FIP is the FCoE Initialization Protocol. FCoE is Fibre-Channel over Ethernet.
FIP is being finalized in t11.org, and further changes are not expected.
svn path=/trunk/; revision=25748
connection-oriented transport protocol and ISO 8602/ITU-T X.234
connectionless transport protocol) out of packet-clnp.c into
packet-isotp.c.
svn path=/trunk/; revision=25746
warnings (such as the warning you get when you say
"prefs_register_boolean_preference" rather than
"prefs_register_bool_preference") show up as errors.
svn path=/trunk/; revision=25735
Added MS/TP decoding for the WTAP BACnet MS/TP datalink, and added decoding for
BACnet MS/TP datalink from a Cimetrics U+4 which spews SNAP protocol packets.
svn path=/trunk/; revision=25291
This extends the EyeSDN wiretap module to be able to support:
- DSS1/Q.931
- PPP
- LAPB/X.25
- ATM raw cells
- SS7 MTP2
svn path=/trunk/; revision=25123
can see which fields belong to which bit.
Also make sure that we can filter on the fields in the rfc2190 dissector
by actually parsing them even when tree=NULL.
svn path=/trunk/; revision=25046
"DCC". Googling for
DCCP "Distributed Checksum Clearinghouse Protocol"
finds only hits related to Ethereal/Wireshark, either on the Ethereal or
Wireshark Web site, or on discussions where Datagram Congestion Control
Protocol developers were griping that Ethereal/Wireshark already used
DCCP for the Distributed Checksum Clearinghouse protocol.
Next step: fix the Datagram Congestion Control Protocol dissector.
svn path=/trunk/; revision=24645
The protocol is called Xcsl a TCP based and ASCII based protocol that is used
to control call generators. The Xcsl dissector decodes the Call Specification
Language.
svn path=/trunk/; revision=24601
This is a new dissector plugin for Hilscher analyzer frames.
These frames are generated by Hilscher analyzer products and are identified via
their unique source MAC address (this is a reserved MAC from Hilscher-range and
will never be used by another network device). Most likely these frames are
only generated on a virtual network interface or the generating device is
attached directly via patch cable to a real network interface, but not routed
through a network. The Ethernet-header (destination MAC, source MAC and
Length/Type) is not displayed in the protocol tree for these frames as this is
overhead-information which has no practical use in this case.
Note:
This is a heuristic Ethernet dissector which means it gets called for every
Ethernet frame. So as to not cause a performance hit for most Wireshark users
it has a preference which, by default, disables the dissector.
svn path=/trunk/; revision=24495
This is a dissector for the Parallel Redundancy Protocol (PRP) defined in chapter
6 of the IEC 62439.
PRP uses two independent networks in parallel and allows redundancy without
switchovers.
The protocol is sending Mac multicast messages with Ethertype 0x88fb. In
addition to that it adds to every Ethernet frame a 4 byte trailer before
the FCS. The trailer is detected by checking a size field and an identifier
which are part of the trailer. Therefore, if the last 4 bytes of a frame
match a correct trailer they get interpreted as a trailer, although it was
probably not a real one.
Note:
This is a post-dissector which means it gets called for every frame. So as
to not cause a performance hit for every Wireshark user (who may not even be
looking at Ethernet frames) it currently disables itself every time Wireshark
starts up. (There should be a better way to do this--maybe different Profiles
(as discussed on -dev recently) is the way to go.)
From me:
Put ETHERTYPE_PRP (not IANA registered) in etypes.h and packet-ethertype.c
svn path=/trunk/; revision=24493
Add a dissector for the Scripting Service Protocol provided as part of the
RSPLIB package. RSPLIB is an Open Source implementation of the upcoming
Reliable Server Pooling standard. The scripting service is an application
for load distribution, based on Reliable Server Pooling.
From me:
Shorten the protocol name to SSP.
svn path=/trunk/; revision=24276
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263