Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
- ... and make that distinction configurable for capture files that do not have padding in small frames, but do have trailers
- Add VSS-Monitoring dissector to show by the TAP inserted time- and portstamps
svn path=/trunk/; revision=40108
This patch covers following -
i) Support for detecting OSPFv2 Opaque RI LSA. (RFC4970)
ii) Support for detecting OSPFv2 RI Capabilities TLV (RFC4970)
iii) Support for detecting OSPF Dynamic Hostname TLV (RFC5642)
iv) As per RFC4970, support for detecting RI LSA for OSPFv3 as well.
svn path=/trunk/; revision=40073
- Removed some mpls preferences which are no longer relevant/needed like
decode PWAC payloads as PPP traffic and assume all channel types except 0x21
are raw BFD.
- MPLS extension from PW-ACH to MPLS Generic Associated Channel as per RFC 5586
- Updated Pseudowire Associated Channel Types as per
http://www.iana.org/assignments/pwe3-parameters
- Updated the VCCV bitmaps as per RFC 5885
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6574
svn path=/trunk/; revision=40026
kNet (KristalliNet) dissector for Wireshark
kNet is a connection-oriented network protocol for transmitting arbitrary application-specific messages between network hosts. It is designed primarily for applications that require a method for rapid space-efficient real-time communication. kNet is an application-level protocol which can be ran either over UDP, TCP or SCTP transports.
From me :
* Add Modelines information and fix trailing whitespace
* Merge packet-knet.h in packet-knet.c
* Make Checkhf happy
* Fix Clang/GCC Warning about unused variable
* Add Authors info & CMakeList.txt
svn path=/trunk/; revision=40010
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5929
From me:
packet-cipmotion.c:
FT_BOOLEAN fields with bitmasks need a bit-fieldwidth in the hf[] entry 'display' field;
Define attribute_size as guint32 since it has to store guint8*guint16;
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
Remove trailing whitespace from lines;
Other minor cleanup and reformatting.
packet-enip.c:
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
svn path=/trunk/; revision=39396
Re-write of the EIGRP dissector to support Multi-Protocol (TLV 2.0) and
Multi-Topology (TLV 3.0). This version also support Service Advertisement
Framework(SAF) extensions to EIGRP
Dissector includes:
- Dissection of all EIGRP Opcodes and TLVs
- Decode of EIGRP Flags and bitfields
- Decode of EIGRP Communities
- Decode of latest EIGRP "wide metric" formats
- Decode of EIGRP Extended Metrics
- Decode of SAF packets with XML client data handed off to XML dissector
From me:
Fix checkapi errors/warnings use G_GINT64_CONSTANT and G_GINT64_MODIFIER
svn path=/trunk/; revision=39339
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 8/9] add support for Root Announcement (RANN) IEs
svn path=/trunk/; revision=38281
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
The two patches attached allow the dissection of the Homeplug AV Ethernet MAC
management frames between a controlling device and a Homeplug AV Ethernet to
PLC adapter. This protocol is pretty similar to the previous generation
Homeplug protocol (dissected by packet-homeplug.c) but a couple of noticeable
differences make it require its own dissector handler.
This dissector is based on the work done by Nicolas Thill, Xavier Carcelle and
myself in the Faifa project (https://dev.open-plc.org).
The dissector handles the standard Homeplug AV Ethernet MAC management frames
(called public) as well as the Intellon specific management frames (vendor).
From me:
Remove unnecessary global variables.
Add to COL_INFO even when !tree.
Remove gotos.
Remove unnecessary includes.
svn path=/trunk/; revision=37403
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
The Locator/ID Separation Protocol [1] is being standardized within the IETF,
and it is nearing RFC status (pending security review). I have been maintaining
a dissector patch for about a year, see [2]. Feedback received indicates that,
among others, it is widely used by the developers of a large router vendor,
without issues.
In January I submitted the dissector for data plane packets as bug #5602, which
was committed as r35615. The patch attached to this bug adds support for
dissection of control plane packets.
[1] http://tools.ietf.org/html/draft-ietf-lisp
[2] http://lisp.ccaba.upc.edu/wireshark/
svn path=/trunk/; revision=36845
zran.c example in the zlib source.
This means that problems in the file's contents might not be reported
when a packet is read, as long as there's no problem in the contents of
the file up to the last bit of compressed data for the packet; we now
check for errors after finishing the sequential read of the file, at
least in some programs, so that shouldn't be an issue (the other
programs need to be changed to do so as well). This is necessary in
order to be able to read all the packets we saw in the sequential pass;
it also lets us get a few more packets from truncated files in some
cases.
svn path=/trunk/; revision=36577
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
This patch adds the capability to create BACnet statistics trees.
Find the respective menu items under 'Statistics->BACnet'.
Packets can be sorted by different criteria:
- Src/Dst IP adresses
- Instance ID
- Object Type
- Service
From me:
- Don't use C++/C99-style comments.
- Name variables for tick_stat_node() don't need to be static.
- Change updateBacnetInfoValue() to require 'data' to be ep_ allocated. Change
the couple of calls that did not send in ep_ allocated data to do so.
- Change one or two functions to be static.
- Do not use (memory-unsafe) g_sprintf().
- Use ep_strconcat() instead of leaking memory with g_strconcat().
- Put back one if(tree) that doesn't appear to do any harm.
- Remove variable declarations and #includes from the header file.
svn path=/trunk/; revision=36468
A patch to add ATM over TCP Dissector.
The dissector dissect only the ATMTCP header (VCI, VPI, Payload Length)
The data are not yet dissect, it is necessary to add a "UAT" (As with the K12
dissector) to indicate the type (ILMI, AAL, ATM...) of data (based on VCI/VPI)
svn path=/trunk/; revision=36354
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Enhance RIPng
* Replace tvb_memcpy/proto_tree_add_text by proto_tree_add_item
* Remove dependency to packet-ipv6.h
* Remove packet-ripng.h (not needed)
Also update AUTHORS file
From me:
Put a check_col() back and reword (shorten) a couple of the new blurbs.
svn path=/trunk/; revision=36033
Update of packet-e212.c dissector according to local national regulatory
MNC assignment document.
www.uke.gov.pl/uke/redir.jsp?place=galleryStats&id=24439
svn path=/trunk/; revision=35889
Add Bearer Control Mode selection support in gtpv1 dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5634
Sligtly reworked by me:
- prefix names with gtp
- Use proto_tree_add_item()
- remove ref to specific protocol version, as it's probably a mix.
- Changed the update to the AUTHORS file.
svn path=/trunk/; revision=35699
- add new PROTECTION obj c-type 2 (RFC4872)
- add new TLVs for IF_ID (RFC4920)
- add Path Key subobj in ERO (RFC5520)
- add new ASSOCIATION obj c-type 4 (oif2008.389)
- add new LSP_ATTRIBUTES and LSP_REQUIRED_ATTRIBUTES objects (RFC5420)
- improved ERROR object dissection and new error values added
- ADMIN_STATUS transformed to filter and new flags added
- minor fix to conversation (not applied to ACK, SREFRESH and HELLO messages)
to resolv displaying of "Unknown session type" string in such messages
Moreover, I've deleted some "enum" statements for error values that I thought
they were useless since they were used only once throughout the RSVP dissector
code.
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5518
From me: fix two typos.
svn path=/trunk/; revision=35681
From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.
svn path=/trunk/; revision=34976
Add a configuration parameter of the NWG version for WiMAX ASN CP dissector.
The format and meaning of TLVs, as well as function types and messages changed
between the different NWG versions.
Added support for the version number of TLVs in the dictionary xml, its parser,
and of course in the packet itself.
Added support for the version number of function-types and message-types by
extending the value_string structure to contain also a "since" version number.
Successfully tested with a live capture and capture file, containing WiMAX ASN
packets (full Network entry).
Also fuzzed 500 passes successfully.
The XML doesn't contain all existing NWG versions, only selected ones. This is
a little tedious work to go over all TLVs of each version, so I'll add some
newer versions later on. can add a short how-to of adding a new version, for
others to use, if needed.
svn path=/trunk/; revision=34919
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
This patch adds support for displaying OPC UA ExtensionObjects.
An ExtensionObject is a mechanism to transport user defined structures as
serialized blobs. Some types of ExtensionObjects are already defined by the OPC
Foundation's OPC UA Specifications.
These types can be implemented by this dissector, because they are well-known.
Real user-defined or vendor-defined types are unlikely to be implemented by a
passive dissector, because this would require browsing of the UA server's
address space to retrieve the type information.
Currently only the following types are supported:
* DataChangeNotification
* EventNotification
Others OPC defined types will follow.
From me: fix warnings: "format not a string literal and no format arguments"
svn path=/trunk/; revision=34906
The attached patch adds many more DAAP codes to be parsed properly by the DAAP
dissector.
In addition, it fixes some prints.
svn path=/trunk/; revision=34899
The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
BACnet has a private transfer service which is vendor specific. The start of
each request and response contains the vendor identifier. I've added a way for
vendors to provide their own dissectors by registering their vendor identifier.
The packet-bacapp.c method fConfirmedPrivateTransfer has been modified to look
for a vendor specified dissector. If found it will be run. If not found we
default to running the standard dissection included in packet-bacapp.c.
I modified the summary column display for private transfer messages so that the
summary now displays the Vendor Identifier (V=xx) and the Service Number (SN=xx).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5250
From me: Rename sub-dissector tablle to "bacapp.vendor_identifier"
Change subdissector ui_name to "BACapp Vendor Identifier"
svn path=/trunk/; revision=34625
RFC 4447 describes new TLV called Generalised PWid FEC in LDP messages with the
id 0x81. This is related to PsuedoWire setup and maintenance.
Related to this, following are the TLVs which are defined in RFC 4447 and RFC 4446.
1. PW Status TLV
2. PW Interface parameters
3. PW Group TLV
From me: remove some unused variables; Mark fcn arg as unused.
svn path=/trunk/; revision=34606
It is a rework of PAP PPP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- add col_append_fstr to show information (Peer-ID, Password...)
svn path=/trunk/; revision=34604
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
The attached patch begins to add support for RPL to the ICMPv6 file. All
locations that RPL code have been added are marked with a comment allowing this
patch to be reverted at a future time if it is decided to e.g. move all the RPL
code to it's own dissector.
A few values await IANA assignment and are also clearly marked (in
packet-ipv6.h).
Only the 'metric' option is left unsupported, as it is primarily defined in
another I-D.
svn path=/trunk/; revision=34579
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
Hi a patch to enchance the PPTP Dissector
It is a rework of PPTP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- Replace not standard table and function by standard value_string
- ....
The code is checked and fuzzed (more 200 pass) ! with personnal PPTP Sample and
PPTP Sample from pcapr.net
svn path=/trunk/; revision=34504
The NFS dissector (all versions) show access types that have not been requested
to be checked as "not allowed" in the call and reply. This is incorrect and
misleading. At present one must manually compare what was requested in order
to assess if access was actually denied for that type. When there are hundreds
or thousands of these ACCESS requests in a capture, it is not possible or
practical to manually check each one.
The submitted patch does the following:
* Passes the access mask in the call to the reply for comparison
* Adds filterable fields for each supported (v4) and access type
* Adds a pseudo field, nfs.access_denied
* Lists the access types to be checked in the summary and tree
* Separately lists the supported, denied, and allowed access types in the
summary and tree
The changes are applied to all NFS versions.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34141
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5051
From me:
- Move proto_register... and proto_reg_handoff.. to the end of the file;
- Define a function as static;
- Minor reformatting and whitespace cleanup.
svn path=/trunk/; revision=33747
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
From me: A few minor changes:
- col-clear() not req'd;
- Use 'gint32 length' rather than 'guint8 length';
- Use ENC_NA instead of FALSE/TRUE in two cases;
- Move global tdmoe_handle to be local to proto_reg_handoff...
svn path=/trunk/; revision=33307
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227
Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
The wireless meshing protocol B.A.T.M.A.N. Advanced changed their packet format
in such a way that now versions can be identified and so correct dissection of
the packets can be supported by wireshark.
Since it is a ever moving target it is very possible that the packet format is
changing slightly. The dissector was written in such a way that new version can
be supported relative easy.
I hope that it sufficient for the inclusion in wireshark.
I tried to fuzzing it some hours and no error was reported.
From me:
Initialize our dissector handles.
Merge packet-batadv.h into packet-batadv.c. It isn't included anywhere else.
Fuzz 500 passes using attached capture files.
svn path=/trunk/; revision=33052
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
This is an extension to the Wireshark context sensitive protocol help. Rows in
TreeView window are analyzed and suitable help file (as HTML) is opened in a
browser.
The help part (large file, 23 MB) of the Protocol Help can be downloaded under
www.inacon.com/dowload/stuff/protocol_help.tar.gz
This protocol help "light" provides descriptive content for the most frequently
used standard protocols, including IP, TCP or SMTP.
From me:
Changes:
Rename "ph_" in some function names to "proto_help_". Move the protocol
help code to its own module.
Make a bunch of functions static. Remove unused code.
Use browser_open_url() instead of a custom function.
Increase the logging levels. Don't clobber the normal log handler.
Update some Doxygen comments to match the format in the rest of the code
base.
Removed GTK version checks. We've been 2.x only for a while.
Move ph_replace_string to string_replace() in epan/strutil.[ch].
Fix a bunch of memory leaks.
Add a NULL pointer check.
Reformat the overview menu label.
Document the file format and locations.
Add Edgar to AUTHORS.
svn path=/trunk/; revision=32995
Call the various flavors of OS X integration just "OS X integration",
not anything with "IGE" in it - it appears that, in some places,
"ige-mac-integration" refers only to the older Carbon-based functions,
although the library still appears to be called -ligemacintegration.
Update the URLs for the information about the OS X integration
libraries.
Clean up help message for --with-pcap-remote.
Clean up white space a bit.
Speaking of white space, it's "Mac OS X", not "MacOS X".
svn path=/trunk/; revision=32941
Support PPP-over-USB.
Don't remove the USB pseudo-header from the packet data for
Linux USB packets, just byte-swap it if necessary and have the
USB dissector fetch the pseudo-header from the raw packet data.
Update USB language ID values.
svn path=/trunk/; revision=32534
see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4590
From me: A few minor changes:
- Make ancp_info a local variable rather than a static global variable;
- Use Stats ! ANCP rather than Stats ! ANCP ! Packet Types.
svn path=/trunk/; revision=32353
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4611
From me:
- Remove #if 0'd #includes;
- Use tvb_reported_length_remaining (instead of tvb_length_remaining)
- Other minor cleanup (including whitespace).
svn path=/trunk/; revision=32319
See: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4584
From me:
- Change dissect_sasp_pdu() to return void: tcp_dissect_pdus() ignores
any return value when it calls a dissector and thus trying to register/use
the dissector as a 'new-style' dissector doesn't work as intended;.
- Add some 'expert' messages for invalid SASP Header Type and unknown Message Type.
- Use consistent indentation & cleanup whitespace;
- (A few other minor changes).
svn path=/trunk/; revision=32266
(real and simulated) BMW cars for all kinds of gadget communication.
My plugin only dissects the high level infrastructure and not any particular
messages. It uses a heuristic dissector to detect INTERLINK packets.
svn path=/trunk/; revision=32202
add support for ERROR_STRING IF_ID TLV (see RFC 4783)
add support for generalized label interpretation: SUKLM
format for SONET/SDH label (RFC 4606), t3t2t1 format for G.709 ODUk label
(RFC 4328), G.694 format for lambda label (draft-ietf-ccamp-gmpls-g-694-lamb
da-labels-05). Add related user preference option.
svn path=/trunk/; revision=32127
Add ETSI ts101671 dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4543
I added dissection of
UmtsQos,
IMSevent,
LDIevent,
TARGETACTIVITYMONITOR-1
TARGETACTIVITYMONITORind,
TARGETCOMMSMONITORind,
TTRAFFICind,
CTTRAFFICind
And used the original HI2Operations ASN1 file.l
svn path=/trunk/; revision=32053
Aruba Wireless Controller support a Remote Monitoring of Access Point
The code is based en HP ERM/Cisco ERSPAN dissectors
svn path=/trunk/; revision=31645
RSVP extensions for G.709 Optical Transport Networks Control, RFC 4328
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4148
With some changes from me:
-(readme.developer:" Furthermore, 'display' field must be ORed with 'BASE_RANGE_STRING' (e.g. BASE_DEC|BASE_RANGE_STRING)."
- Prefix headerfields with hf_
- Remove check_col
svn path=/trunk/; revision=30727
Add the missing ndmp v4 messages, namely the:
NDMP_CONFIG_GET_EXT_LIST
NDMP_CONFIG_SET_EXT_LIST
This may serve as the 1st step into actual extensions (Snapvault etc)
dissector implementation.
svn path=/trunk/; revision=30684
Back in August 2002 the check-sum field was removed from the
LMP specification (draft-ietf-ccamp-lmp-05). This patch aligns
packet-lmp.c dissector with RFC 4204.
svn path=/trunk/; revision=30244
This patch adds support to Wireshark for dissecting UDP packets used by
collectd's network plugin in order to transmit data from ones host to another
host (e.g. centralized storage of statistics while data is collectd on
individual systems)
The current dissector understands the part types supported by collectd-4.5
series and gracefully processes future part types (flagging them as unknown).
In regard to protocol errors or bad packets checks are based on the various
length fields used, parts are marked with warning when length is unexpected;
marked with error when length breaks minimal rules.
svn path=/trunk/; revision=29887
This patch adds extension support to the X11 dissector.
I've removed the perl script from the make file, since the new one depends on
perl 5.10, xcbproto (at least git as of today), and mesa (at least the
mesa/src/mesa/glapi directory). It seemed easier to just add the generated
header files to svn directly.
svn path=/trunk/; revision=29854
Within the attached diff file are two source files, packet-dtn.h and
packet-dtn.c. Their function is to decode Bundle Protocol PDUs sent using the
UDP or TCP Convergence Layers. These protocols have been released by the
Internet Research Task Force and are described in RFC 4838 and RFC 5050.
Detailed information on DTN can be obtained at www.dtnrg.org.
svn path=/trunk/; revision=29010
This patch attempt should more closely align with the Wireshark "layout" of using
a dissector rather than a "hack" to the packet-llc dissector.
svn path=/trunk/; revision=28823
2003 the Gerhard-Mercator-University and the University of Essen merged
to the University of Duisburg-Essen.", so the two entries for Thomas
Dreibholz are probably for the same person; merge them.
teluna.org is the site for a Joost Damad and an Isabelle Marien, and
following the links to his blog indicates that he's a Debian user and at
least uses openMSX. A search for Joost Yervante Damad also finds a
recommendation to accept a Joost Yervante Damad as a Debian developer;
he says he maintains openMSX and is "a software developer and integrator
for a large multinational". My guess is that said large multinational
is Siemens, so I'm assuming the two Joost Yervante Damad entries are for
the same person.
That leaves the two Thomas Palmers; they might be the same person, but
it's conceivable that they're not, so I'll do a bit more digging before
combining those entries.
svn path=/trunk/; revision=28632
it's an obvious duplicate; if the addresses are in the same domain, it's
almost certainly a duplicate; if the addresses are in different domains,
but one company bought some of the product line for another company, we
assume it's a duplicate (e.g., we presume Martijn Schipper moved from
Intersil to GlobespanVirata when Intersil sold the PRISM 802.11 chipset
lines to GlobespanVirata, although he now appears to be at Magna Carta).
This still leaves Joost Yervante Damad, Thomas Dreibholz, and Thomas
Palmer as duplicates - probably the same people, but I'll ask The Great
Gazoogle a few questions first.
svn path=/trunk/; revision=28631
Added support for Host Identity Protocol (HIP).
From me:
- Adjusted location of "Checksum" and "HIP Controls", as they seems to have
switched place in the bytes window
- Rewrote some proto_tree_add_uint -> proto_tree_add_item (some still remain)
- Rewrote to not use tvb_memcpy()
- Corrected some proto_tree_add_item's as the format seems to be big-endian
- Terminate ALL value_string's with { 0, NULL }
- No need to zero-terminate value_string strings.
- Removed call to check_col()
- Removed some prototypes
- Removed unused hf_hip_tlv_id, hf_hip_res and hf_hip_tlv_enc_iv (please check)
- Rewrote some C++ comments
svn path=/trunk/; revision=28596
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
* adding pydoc documentation to doc/README.python
* possible to access directly libwireshark via libhandle and raw_<tvb|pinfo|tree>
* transform some methods into properties
* update sample to reflect changes/features
* adding comments!!!
svn path=/trunk/; revision=28532
Add:
- FIX 4.0 to 4.4 fields, auto generated with XSLT stylesheets applied on
http://www.quickfixengine.org/ xml files (not included quickfixengine code is
BSD but xml files have no copyright).
- value_string functions for string keys, added to value_string.c.
- FIX desegmentation, it doesn't work well with malformed FIX PDU.
svn path=/trunk/; revision=28478
- Removed heuristic for find if is_request and used event_type
- URB_INTERRUPT don't goes in reverse direction... fixed
svn path=/trunk/; revision=28477
I've created a new bug rather than reopening 1181 as the scope is constrained
somewhat more.
Basically, when capturing from a named pipe the wireshark display lags by one
packet. This is especially frustrating when the packets arrive at low rates.
tshark is fine. But the packet count in dumpcap also lags by one.
Looking at the code, the problem appears to be in cap_pipe_select(). It
attempts to use WaitForSingleObject() on the named pipe but AFAICT this never
blocks.
I've attached a diff for some code that fixes the issue for me. The semantics
of overlapped IO in Win32 is quite different from the select/read model - hence
the other changes!
I've tested this fix on WinXP, 2k server and 2003 server. I've also checked
that my changes compile on a Freespire box that I have lying around.
From me:
Adapt the changes for dumpcap, which is where the affected code now lives.
svn path=/trunk/; revision=28452
When audio samples have to be dropped or silence samples inserted to reflect
the timestamp there is no indication of these problems on the display.
I propose that such problems be indicated on the waveform display by the use of
amber coloration and that the number of incorrect timestamps be listed
svn path=/trunk/; revision=28451
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
Attached please find a patch that enables to heuristically find VNC
traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item()
functions)
svn path=/trunk/; revision=28394
Add support for TightVNC extensions to the VNC dissector.
It has the following changes:
- Dissect TightVNC negotiation (tunneling, basic authentication, capabilities).
- Dissect X cursor encoding.
- Dissect POINTER_POS encoding.
- Dissect the general form of Tight rectangles.
- Dissect Tight image data (basic compression, JPEG, gradient).
- Handle LastRect encoding.
- Fix some always-true conditions.
- Some code cleanups.
svn path=/trunk/; revision=26825
Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
The decoded value of Size Packet shown as "From the calling DTE" is the value
of "From the called DTE".
When the size packet to negotiate has any of 512, 1024, 2048 or 4096 bytes, the
value shown decoded is erroneus.
The patch attached also includes new decoded facilities:
- Extended CUG selection.
- Extended access outgoing CUG selection.
- Extended RPOA selection.
- NUI selection.
- Charging info selection.
- Call dureation.
- Segment Count.
- Monetary Unit.
svn path=/trunk/; revision=24932
This plugin implements a dissector for Infiniband. It is released
under the GPL v2.
Rather than using say libpcap to capture raw (unframed) IP packets
from near the top of an IPoIB stack, this plugin dissects link level
Infiniband frames.
Infiniband trace files can be read from Endace ERF format trace
files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND
records. There is currently no native DLT_INFINIBAND in libpcap.
Each record contains a hardware timestamp, capture metadata such as
port Id, and a complete link level Infiniband frame starting from
the Local Route Header.
svn path=/trunk/; revision=24628
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
This is a new dissector plugin for Hilscher analyzer frames.
These frames are generated by Hilscher analyzer products and are identified via
their unique source MAC address (this is a reserved MAC from Hilscher-range and
will never be used by another network device). Most likely these frames are
only generated on a virtual network interface or the generating device is
attached directly via patch cable to a real network interface, but not routed
through a network. The Ethernet-header (destination MAC, source MAC and
Length/Type) is not displayed in the protocol tree for these frames as this is
overhead-information which has no practical use in this case.
Note:
This is a heuristic Ethernet dissector which means it gets called for every
Ethernet frame. So as to not cause a performance hit for most Wireshark users
it has a preference which, by default, disables the dissector.
svn path=/trunk/; revision=24495
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
Add a dissector for the Scripting Service Protocol provided as part of the
RSPLIB package. RSPLIB is an Open Source implementation of the upcoming
Reliable Server Pooling standard. The scripting service is an application
for load distribution, based on Reliable Server Pooling.
From me:
Shorten the protocol name to SSP.
svn path=/trunk/; revision=24276
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
Fix the bug related to Option template:
- System scope (check that options scope size is == 4, not <= 4)
- Interface scope (same)
Same fix for fields BytesExported PacketsExported FlowsExported.
Also fix some tabulations in a previous patch related to IPv6 Addresses.
svn path=/trunk/; revision=24138
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
Error message when capturing too short WTAP_ENCAP_USB_LINUX type packets
contains a copy-paste typo.
From me:
Fix some addresses in AUTHORS.
svn path=/trunk/; revision=23882
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
This patch adds support for IMPS 1.3 protocol dissection and also
updates IMPS 1.2 protocol to approved release version.
From me:
- Updated vals_wbxml_public_ids table.
- Reindented file.
svn path=/trunk/; revision=23078
found by desktop-file-validate:
wireshark.desktop: warning: value "" for key "Path" in group "Desktop Entry"
does not look like an absolute path
wireshark.desktop: warning: value "GNOME;Application;Network;" for key
"Categories" in group "Desktop Entry" contains a deprecated value
"Application"
wireshark-root.desktop: warning: key "Encoding" in group "Desktop Entry" is
deprecated
wireshark-root.desktop: warning: value "" for key "Path" in group "Desktop
Entry" does not look like an absolute path
wireshark-root.desktop: warning: value "GNOME;Application;Network;" for key
"Categories" in group "Desktop Entry" contains a deprecated value
"Application"
svn path=/trunk/; revision=23034
- reassembling of fragmented TIPCv2 messages
- calling of heuristic subdissectors
- multicast upper+lower bound header fields are now shown
- corrects few typos in the comments in packet-tipc.c
svn path=/trunk/; revision=22889
When LACP packets have the actor state or partner state fields set to 0x00,
wireshark prints the state like this (note the closing parenthesis):
Actor State: 0x00)
Since there are no flags set, this fields should be printed like this:
Actor State: 0x00
svn path=/trunk/; revision=22594
add it to the distributed files, to the Win32 NSIS and U3 packages. UNIX packages will still miss this (optional) file.
svn path=/trunk/; revision=22487
- add support of session management for tcap ANSI.
(In fact, this support already exist for ANSI MAP subdissector, but as our
simulators can reuse the tcap transaction Id, the decoding of the response
may be wrong)
- move the code related to asn1 in tcap.cnf, and update tcap.cnf
- move the code related to the session management in tcap-persistentdata
- add a compilation option to free the entry in the hashtable for a closed
transaction. This is used only for tshark statistics generation, with huge file.
- cleanup and add some comments
Add Id tags to epan/tcap-persistentdata.{c,h}
svn path=/trunk/; revision=22415
last draft, draft-ietf-behave-rfc3489bis-07. Changelog:
* My employer is now sponsoring this work, so added a copyright line.
* Added a comment for each method/attribute with the RFC/I-D where is
it defined, so it will be easier to add new STUN usages.
* Removed the SHARED-SECRET method.
* Removed the PASSWORD and REFRESH-INTERVAL attributes.
* Changed "Response" to "Success Response".
* Changed "Error Reason Phase" to "Error Reason Phrase".
* Added reassembly for TCP segments on STUN2.
* Updated STUN acronym expansion.
* Renamed STUN2_ERROR to ERROR_RESPONSE.
* Changed the value of attribute FINGERPRINT from 0x8025 to 0x8028.
* Display if an unknown attribute is comprehension-optional or
comprehension-required.
* Reorganized order of attributes in the dissector code.
* The message length is now displayed in decimal.
svn path=/trunk/; revision=22383
receiving a SES MAJOR SYNC POINT, as this indicates the end of the
COTP DT Data stream. Previous the RTSE dissector was called when
receiving a COTP DT Data fragment with the "last data unit" bit set,
but this does not work with messages fragmented in RTSE. Reassembly
can be turned off in the preferences.
svn path=/trunk/; revision=22176
- Remove ethertype preference from recently added FCoE dissector
Me:
- Add Joe to the AUTHORS list
- Change previous line in AUTHORS list from @ to [AT] in e-mail address
svn path=/trunk/; revision=22133
Replace the Interbase dissector by a Firebird/Interbase
dissector.
Me:
Fix warnings about unused parameters
Fix warnings about unused variables
Fix warning about unused function
Fix warning about mixed code and declaration
Declare all dissection functions static
Remove function declarations and move the switching
function down instead.
Update AUTHORS file
Add $Id$ and email address to file header
Fix filename in first comment line
svn path=/trunk/; revision=21843
The attached patch adds ability of of creating radio button, drop-down
list and range type preference entries to the Lua plugin.
It also fixes a lua compile warning/error in wslua_gui.c.
The patch is written by Tamas Regos, he asked me to send it to the list.
svn path=/trunk/; revision=21655
Attachment is a patch for adding a new Juniper NSRP dissector. In this patch, OICQ author email address
<dubingyao@gmail.com> has also been updated to <secfire@gmail.com>.
svn path=/trunk/; revision=21599
the current SVN (rev 21448) 802.11 WMM TSPEC dissector seems to have
some bugs.
TS Info field should be three bytes long, not two. Suspension Interval
field is missing altogether, shifting all other fields by four bytes.
Maximum Burst Size, Minimum PHY Rate, Peak Data Rate and Delay Bound
are in wrong order.
svn path=/trunk/; revision=21450
I would like to handle the rare situation of Little Endian encoded
IP addresses, so i added a function which reads the address with
tvb_get_ipv4(), then swaps the bytes before SET_ADDRESS().
svn path=/trunk/; revision=21397
- Break out and display A-MSDUs
- HT Control field (currently disabled)
- Action No Ack
- HT Information IE
- HT Capability IE
- Block Ack Request
- Secondary Channel Offset Tag
- Measurement Request Tag
- Measurement Report Tag
...along with a bunch of other updates, including displaying the
type/subtype as a hex value (first nibble: type, second nibble: subtype).
svn path=/trunk/; revision=21391
New dissector support, SHIM6
checked in with the following modifications :
- use of proto_tree_add_item whenever possible (addition of several hf_items),
- use distinct subtree idx for each subtree,
- addition of some subtrees,
- split shim_opts in several functions,
- accurate incrementation of offset in locator preferences (in case of option length > 3)
- add true_false_string for critical options and protocol differentiation (hip, shim6)
- add ipv6.shim6.checkksum_good, ipv6.shim6.checkksum_bad, cksum expert info
section added to AUTHORS
svn path=/trunk/; revision=21390
Dissector for the DRDA protocol. This is the protocol used by among
others the DB2 database.
modify his entry in AUTHORS
svn path=/trunk/; revision=21331
I've refactored the offending code branch and added some comments so
hopefully the intent is a bit clearer. The loop termination conditions
are now obviously independent of the content on the wire (they were
meant to be before, but I admit it was obscure). I've tried using the
ephemeral memory routines.
Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception. Add Julian to AUTHORS. Update the
release notes.
svn path=/trunk/; revision=21007
Attached is a wireshark patch that adds support for decoding DHCP option 125
and the DHCP option 125 suboptions defined by the DSL Forum's TR-111
specification.
svn path=/trunk/; revision=20783
sminmpec_values array is marked as just "export" instead of "WS_VAR_IMPORT" in
epan/sminmpec.h. This prevents its using in Windows builds of plugins directly.
svn path=/trunk/; revision=20720
Wed, Jan 31, 2007 at 7:24 PM
To: wireshark-dev@wireshark.org
Hello,
Please consider for checkin the following new dissectors, for the FMP protocol.
FMP (File Mapping Protocol) is the network protocol basis for EMC's HighRoad (MPFS) technology. Highroad is used to allow multiple clients to share access to NAS-shared files while allowing clients to directly access data volumes (via, for example, Fibre Channel or iSCSI). EMC currently uses this technology in our Celerra NAS servers, and we're currently in the process of open sourcing portions of the technology.
FMP actually consists of two ONC/RPC-based protocols - the core FMP protocol, and FMP/Notify. The latter is used as an asynchronous callback to inform clients of status changes, such as lock revocation.
We'd like to offer these dissectors to Wireshark users for help in debugging or otherwise troubleshooting MPFS-related problems. There are still a few minor changes that need to be made ( i.e. a handful of fields that aren't decoded) but the dissector is overall fairly complete and very usable.
Let me know if there are questions or feedback, or otherwise if other info is needed (like sample captures, which I don't want to send out to the mailing list).
Thanks,
Ian Schorr
EMC Corporation
svn path=/trunk/; revision=20679
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
plus:
Add Kriang to the AUTHORS list (and once at it upate my own record)
svn path=/trunk/; revision=20580
There was a change in Corrigendum 1 (03/2004) to H.248.1 which allows an
empty {} to be omitted from the Signal Descriptor. Currently (SVN 20346)
this causes Wireshark to report [Packet size limited during capture] as
shown in the attached example outputs.
I have attached a possible patch to solve this.
svn path=/trunk/; revision=20360
The attached patch changes the way the ssl-session-id is displayed.
Currently it is not shown, only the length is shown like this:
Session ID Length: 32
Session ID (32 bytes)
To me, it is not useful to repeat the length and omit the ID itself.
With this patch the ssl-session-id is shown like this:
Session ID Length: 32
Session ID: A4B2FB0EE6D8F58DEFF68E38B1E5B4C25F1869D4BC86A96E...
svn path=/trunk/; revision=20212
a little patch against revision 20088 in packet-isis-lsp.c for the
following :
- hf_isis_lsp_remaining_life declared but unused
- replacing a proto_tree_add_uint useless with proto_tree_add_item
svn path=/trunk/; revision=20148
I have added a new dissector for DMP (STANAG 4406 Direct Message
Profile) as defined in STANAG 4406 Annex E. The DMP protocol has no
assigned UDP port number yet, so the default value in this dissector
is 0 (I suppose this is som sort of "disabled"?) until we get this
registered.
The dissector has been tested on OSX Intel/PowerPC and Solaris SPARC.
Changes in this patch:
* Added DMP dissector
* Added a new CRC table and functions in crc16.c
* Made NonDeliveryReasonCode and NonDeliveryDiagnosticCode available
from X.411
* Made NonReceiptReasonField and DiscardReasonField available from X.420
svn path=/trunk/; revision=20133
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
support.
WEP key preferences have been overloaded to allow WPA keys. The
decryption code currently uses Windows-specific data types, but can be
converted to use glib equivalents.
Add a few text and whitespace fixups.
svn path=/trunk/; revision=20049
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
This patch fixes a transposition of the orders of
Set Attribute Number
Set Attribute Length
In the page oriented get and set attributes CDB parameters format
Ref SCSI-OSD T10/1355-D Revision 10 section 5.2.2.2
svn path=/trunk/; revision=19460
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
svn path=/trunk/; revision=19350
This patch adds support for dissecting ontap's nfsv4 filehandle,
as well as some updates to nfsv3 filehandle as well in the nfs
dissector.
Alex.
checked in with minor changes
svn path=/trunk/; revision=19345
Hi folks,
We think we've found a bug in STANAG 5066 SIS layer dissector.
Problem is at S_EXPEDITED_UNIDATA_INDICATION S_Prim's parser
and occurs when we receive a U_PDU via expedited unidata channel.
Dissector tries to parse first 2 bytes of U_PDU as a header size of type
21 s_prim (S_UNIDATA_INDICATION). But, this is not an wanted process on
that parser. Maybe, it was forgotten unchanged from
S_UNIDATA_INDICATION dissector while copying it. So it shows
data (U_PDU) 2 bytes short. Moreover, if data is just 1-byte, TCP datagrams
receive TCP checksum error.
Confirmed.
It was indeed a "copy-paste-did not edit correctly" bug.
While going over the code once more, I found:
1 - One bug in the heuristic. (Changed '&&' to '||')
2 - One to-do that was already done. (Removed the /* TODO */)
3 - One to-do that is now done. ;-)
svn path=/trunk/; revision=19210
Also, there is still an outstanding issue regarding the default use of
the "media" dissector. The way it is currently coded there is no way to
have a heuristic decoder when a content-type header is specified.
In this way if there is a decoder for a specific content-type then it
will be used, then the heuristic decoders have a chance, and finally the
default of either the media-type decoder of the http_payload decoder.
svn path=/trunk/; revision=19208
New protocol: epl v1
Hi,
in addition to the recently submitted dissector for the EPL v2 protocol,
this is the dissector for the first version of the EPL protocol.
Best Regards,
David
svn path=/trunk/; revision=19125
new protocol: veritas low latency transport
---
Attached is a patch file that adds a new dissector for the LLT protocol
(Veritas Low Level Transport, used for server clustering). They use
ethertype 0xCAFE even though it isn't assigned to them :(. There are
other fields and possibly other message types directly between servers
it does not yet dissect as no one outside of Veritas knows what they
are. This dissector understands the one people will run across most -
multiple servers broadcasting these heartbeats all over the place. I
figured out these fields through many Internet searches.
I will add the protocol to the Wiki after it is committed.
Thanks,
Steve
svn path=/trunk/; revision=18944
I have developed a plugin for Pro-MPEG FEC packets over RTP (see
previous posts on ethereal-dev). I have added a page and example capture
file to the Wiki (http://wiki.wireshark.org/2dParityFEC). The source and
Windows makefile for the plugin are attached. Unfortunately I do not
have access to other systems so this plugin has been tested on Windows
only.
The attached version of my plug-in has only had the copyright header
added.
I will translate this into a proper dissector rather than a plug-in as
requested, but this may take a little time as I have a lot of other
things
to do at the moment.
Me:
Convert into a normal dissector
Reorder / reformat code a bit
Added Marks name to the top of the file.
svn path=/trunk/; revision=18908
Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
svn path=/trunk/; revision=18780
this dissector will not yet detect when ppp is passed over the rfcomm link
but the old code to detect and deescapt the ppp data is still in the dissector, though ifdeffed out to serve as inspiration when ppp over rfcomm captures are made available.
the only captures i have with rfcomm are for raw serial communications so they dont contain any ppp frames. :-(
svn path=/trunk/; revision=18221
library. If that's not done, it leaves to ethereal or other binaries
using it the job of linking adns within them. This behaviour is
unreliable and breaks when using the --as-needed flag for GNU ld
(version 2.16 or better 2.17).
svn path=/trunk/; revision=17969
I have developed an external plugin to enable ssl decryption in
ethereal.
Me
- Remove unnecessary $Id$ from acinclude.m4
- Added packet-ssl-utils.h to Makefile.common
- Fixed a few warnings
TODO
- Lots of warning fixes (see separate mail)
- Reformat function headers to read like the others do
(return value<newline>function-name...)
- Test on Windows platform
- Review the patch to packet-ssl.c and new files packet-ssl-utils.[hc]
svn path=/trunk/; revision=17156
epan/dissectors/ncp2222.py - Fixes the NCP group values for all NCP's. Also fixes some additional return values and cleanup.
gtk/ncp_stat.c - Fixes the NCP group values for SRT.
gtk/service_response_time_table.c:
The SRT is broken if you hit the reload button or apply a filter. The table isn't cleared so each item in the list is duplicated and the second entries remain with initial values. This patch clears the GTK_CLIST so that the redundant entries no longer appear.
svn path=/trunk/; revision=17139
After investigating the time-sequence graphs (Stevens and tcptrace) produced
using an FTP capture file supplied by Eduardo Segura
(see http://www.ethereal.com/lists/ethereal-users/200512/msg00153.html )
I've identified several problems in tcp_trace.c.
The problems mostly involve incorrect determination of the lower/upper
sequence number bounds (for the Y axis) in certain cases (e.g. having to do
with 'partial' conversations).
I've reworked the '...get_bounds' code to handle cases such as:
1. out of order data segments (e.g.: the first segment in a captured
conversation has a higher sequence number than a later segment);
2. 'ack' sequence numbers for initial ack segments in a conversation lower
than the sequence numbers of the initial data segments;
3. maximum 'ack + win' sequence number in a conversation greater than the
max data sequence number;
4. Stevens graph: only use data segment sequence numbers when
determining bounds;
5. TCP RST packet without 'ack' flag: do not try to use the 'ack' seq num from
the packet in this case. (This was the specific cause of the originally reported
problem).
I've also reworked the tcptrace display code slightly to properly handle
the initial ack packet of a sequence;
As an example of the some of the fixes the Ethereal tcptrace style graph
of the following conversation fragment will now be similar to the graph
produced by Tcptrace.
data: seq 10000 len 100
data: seq 10100 len 200
ack: ack 5000 win 6000
ack: ack 5400 win 5600
svn path=/trunk/; revision=16874
> Two patch files are attached adding UDP-Lite dissection to the UDP
> dissector. Wiki page is available at the normal location, including
> sample captures courtesy of Gerrit Renker of the University of
> Aberdeen Electronics Research Group. The patch has been tested with
> both the sample captures and Fuzz test.
And add Marc Petit-Huguenin to AUTHORS
svn path=/trunk/; revision=16801
New protocol : CIGI (with minor updates to make it heuristic)
Hi,
This patch is for a CIGI dissector (complete versions 2 and 3). It has
been [fuzz] tested on GNU/Linux using the Ethereal 0.10.13 codebase.
However, the patch here is against the svn repository.
More information about CIGI can be found at http://cigi.sourceforge.net/
Kyle Harms
svn path=/trunk/; revision=16681
New protocol : STANAG 5066
I changed it from being a plugin to a builtin dissector
and also changed a couple of small bugs
svn path=/trunk/; revision=16390
the attached patch implements a dissector for the Fast Handovers for Mobile IPv6 protocol (RFC4068). This patch was produced against version 0.10.13 and extends the following files:
- packet-icmpv6.c
- packet-ipv6.h
- packet-mip6.c
- packet-mip6.h
svn path=/trunk/; revision=16302
Due to the fact that 3G Signaling appears at an undefined VPI/VCI I added a heuristics (very simple) which should take care of this fact.
svn path=/trunk/; revision=16108
A new dissector - cimd dissector. CIMD stands for Computer Interface to Message Distribution and it's used to transfer short messages between applications and Nokia Short Message Service Center.
svn path=/trunk/; revision=15777
1. Use the new (good work!) 'nanosec' precision only for gig pods;
2. Rework 'struct netxray_hdr' to make it (somewhat) easier
to maintain and revise:
a. Declare known hdr fields such as 'captype' instead
of using offsets in 'xxx placeholder' fields.
d. Define 'unknown' hdr fields using placeholder names
based upon hex-offset in the netxray header record.
(This isn't perfect, but I hope it will make things
more manageable).
3. Update hdr field info (based upon examination of various
capture files):
a. Define a hdr field which appears to be 'time-zone'
[offset in hours from UTC] for the machine doing
the capture.
(Maybe this field can eventually be used for Ethereal
to display the (local) time as it was at the time
of the capture).
b. Describe certain hdr fields as being "file offsets"
(altho the exact use is still unclear).
Update some comments.
svn path=/trunk/; revision=15603
I'll attach a patch which fixes the decoding of authenticated
LDAP bind replies. The SASL credentials are always "context
specific" in terms of ASN.1.
I've tested the fix with DIGEST-MD5 authentication.
(Without the patch, ethereal complains about a wrong type
because it expects an ASN.a octet string.)
(You might also consider a stricter check of the ASN.1 header
type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.)
svn path=/trunk/; revision=15428
Some changes that I made to flesh out GPRS message parsing. More information is displayed about the various frame formats. I have also added some code to parse XID parameters in the U frame. I have also fixed a couple of display bugs in the GSM and GPRS LLC parser.
svn path=/trunk/; revision=15224
1) dissect_isup_calling_party_number_parameter reported malformed packet
if the calling party number IE contains empty number (possibly with
presentation set to 'number not available')
I've basicly added if(length > 0) around the digits tree dissector,
which may not be obvious from the patch becase of the indenting of the
entire block.
2) As the tap_calling_number is static, if there is call with missing
calling_party_number IE, it gets assigned the calling party number of
the previuos call containing such IE.
fixed by adding tap_calling_number = NULL;
in the beginning of dissect_isup_message, and
tap_rec.calling_number=tap_calling_number?tap_calling_number:g_strdup("");
in the end to avoid segfault
Those things may not happen too often in the telecom world, but happen
all the time with VoIP.
svn path=/trunk/; revision=14268
I don't have the facility to test this, hopefully Frederic knows what he's doing :-)
However, this was out of date since a long time ago, so can't get worse anyway...
svn path=/trunk/; revision=13754
- better parsing for TIM info element: it parses 'bitmap control' byte
and provides list of AID for stations having power saving traffic.
- separate names for TIM elements. It helps to higlight beacons with
some properties, for example DTIM ones (dtim_count==0).
svn path=/trunk/; revision=13678
recursion instead of iteration means that packets with sufficiently
large lists can cause it to overflow the stack and crash.
svn path=/trunk/; revision=13643
Attached is an update to Lucent/Ascend trace parsing: fix a few bugs,
add support for ISDN and Ethernet captures - diffs to 0.10.9.
svn path=/trunk/; revision=13311
add radiobutton to allow saving raw tcpstreams
these radiobuttons should, by someone that uses, this feature be changed into
a menu instead.
svn path=/trunk/; revision=13236
h323 taps support up to 5 messages per packet now.
VoIP call analysis:
- Collect ISUP, SIP and H323 calls from a capture and show them in window with the following info:
- Start and Stop time of the call
- Init
svn path=/trunk/; revision=13225
don't dissect attributes if there aren't any;
put each attribute into a subtree;
register the dissector by name.
Use "match_strval()" to check whether the message type is a known STUN
message type, and to generate the message type for the Info column.
Don't use "tvb_bytes_exist()" to check when we run out of data - use the
length fields from the packet. Check the sanity of those lengths, too.
svn path=/trunk/; revision=13063
updates and enhancements:
- Added Cookie and L2-Specific sublayer support via preferences dialog.
- Added carried payload dissecting support from draft-ietf-l2tpext-pwe3-*
and draft-townsley-l2tpv3-mpls-02.txt
- Completed missing message types (call types) and result codes for stopccn
and cdn.
- Fixed conditionals for avp_vendor_id (Vendor-Specific AVPs)
- Changed Pseudowire Capabilities List AVPs to use subtree instead of tab
- Added numeric value of result and error codes
- Added Session ID for v3 data packets and missing flags and reserved
- Added version to the L2TPv3 protocol tree
- Changed `Tunnel Id' to `Control Connection Id' for v3
- Fixed offset for ctrl_tree on L2TPv3 over UDP
- Added `L2TPv3' in the COL_PROTOCOL and fixed handling of L2TP version
svn path=/trunk/; revision=13055
Add VENDOR_IETF to <epan/sminmpec.h>, and add an entry for it to
sminmpec_values[], so that the L2TP dissector can use them rather than
defining its own copy of the private enterprise number values and table
- and make it do so.
svn path=/trunk/; revision=12999
o BGPv4 SAFI-Specific Attribute support
- draft-kapoor-nalawade-idr-bgp-ssa-00.txt
o Tunnel SAFI support for BGP
- draft-nalawade-kapoor-tunnel-safi-02.txt
o Small length fix
svn path=/trunk/; revision=12977
a number of Windows Sniffer captures - apparently the time stamp units
are in a field in the file header.
Add a capture type value seen in at least one ATM capture.
Update some comments, and add some comments.
Get rid of some redundant setting of "timeunit".
svn path=/trunk/; revision=12936
GSM SMS fixes:
- Made Timezone view human readable based on 3GPP TS 23.040 V6.5.0 (9.2.3.11).
- TP-UDHI field - located within bit no 6 one more place was left over from
previous patch by Viorel Suman made on 9 Dec 2004.
svn path=/trunk/; revision=12718
The ACL parser will attempt to decode as many ACE structures as are
specified in the ACL structure. If the number of ACE structures is
sufficiently large with one of the ACE structures specifying a size of
0, then the ACL parser will parse that ACE structure repeatedly,
eventually causing a denial of service to Ethereal.
I've attached a diff against HEAD that corrects the problem. The diff
also corrects a few decoding errors in the NT ACL & ACE structures. A
pcap is attached that reproduces the problem.
svn path=/trunk/; revision=12706
Various GSM SMS fixes:
- Wrong positions of the fields, located within the first octet
of the GSM SMS TPDU.
- One byte is skipped during RP-ERROR vs. RP-ACK detecting:
Offset must be increased only when RP-ERROR is detected in
order to avoid one byte skipping.
- Improper dissect method is used to dissect SMS-DELIVER-REPORT.
svn path=/trunk/; revision=12703
1. Add Preferences:
a. To allow specification of a hint as to TDS protocol being decoded
(Unspecified/TDS4/TDS5/TDS7/TDS8); Default: 'unspecified'
The 'hint' is used only when needed to do a correct decode.
If the protocol is unspecified, the decode is as previous.
b. To allow specification of 'ranges' of TCP ports to be treated as
'TDS tcp ports'; i.e. if the source or destination port of a tcp
connection matches a specified range, then the connection should be
considered to be TDS.
c. To allow specification of a hint as to whether TDS being decoded is
'little-endian' or 'big-endian'. Default: 'little-endian'.
A hint is just that; E.G. if TDS7+ packets are encountered the decode
is always 'little-endian'.
2, Register tcp MS SQL default ports (1433, 2433) as TDS ports
('dissector_add'). This also enables TDS as a choice for 'decode as'.
3. 'netlib_check_login_pkt' changed to check 'TDS tcp port' range(s) as
entered in preferences;
4. Change 'dissect_tds_query_packet' to handle TDS4 ascii in addition to
TDS7/8 UCS-16.
5. Change 'dissect_tds_rpc' to:
a. handle TDS4 ascii RPC in addition to TDS7/8 UCS-16 RPC;
b. handle Microsoft 'encoded' rpc_name;
c. fix memory leak (not freeing memory obtained using
'tvb_fake_unicode');
6. Change 'dissect_tds_response' to:
a. handle tds4 tokens 'tds_col_name' and 'tds_col_info';
b. dissect tokens 'tds_doneinproc' and tds 'doneproc' similarly to
'tds_done'
c. reclaim memory allocated for 'tds_col' structures when finished
processing response
(Additional memory was being allocated each time a
tokenized tds5 response was processed)
7. New function 'dissect_tds_col_info_token' (similar to
'read_results_tds5') associated with handling TDS4 responses.
8. New functions 'dissect_tds_query5_packet', 'dissect_tds5_lang_token'
9. Rework TDS token size calculation; Some TDS tokens have a length field
of other than 2 bytes. (e.g.: the length field
for TDS_LANG_TOKEN is 4 bytes)
10. Update token definitions and usages;
a. Update based upon info from current version of FreeTDS 'tds.h'
as well as info from Sybase TDS5 document;
example: TDS_124_TOKEN renamed to TDS_PROCID_TOKEN
b. TDS_124_TOKEN [TDS_PROCID] was incorrectly not considered
a 'fixed-size' token in function 'tds_is_fixed_token'
svn path=/trunk/; revision=12566
add the "unknown sequence number" flag;
fix dissection of unreachable destinations in RERR messages;
fix prefix size in draft-perkins-manet-aodv6-01 RREP
messages to be 7 bits, not 5 bits;
put the message dissection under the top-level AODV tree rather
than at the top level;
fix labeling of source IPv6 address in RREP messages.
Update the comments at the beginning (AODV is now RFC 3561), and note
that RFC 3561 says that, for IPv6, the only change is that the address
fields are enlarged.
Rename RREQ_DEST and RREQ_GRAT to more fully indicate what they are.
Fix the name of the draft in the description of the
draft-perkins-manet-aodv6-01 messages.
Fix description of Gratuitous RREP flag in RREQ messages.
svn path=/trunk/; revision=12562
length of the UDP header itself, so subtract the length of the header
when using it to limit the length of the payload tvbuff.
Clean up the computing of the captured length of the payload tvbuff (we
really should get rid of the "length" argument to "tvb_new_subset()",
and have it compute the captured length based on the supplied reported
length and the amount of that data actually present in the parent
tvbuff).
Don't fetch the length and checksum fields until we use them (so that we
don't throw an exception until then, and fail to process the source and
destination ports), and check whether the length is bogus regardless of
whether we're building a protocol tree or not.
svn path=/trunk/; revision=12444
RTP graphic analysis;
assorted bug fixes;
display delay and jitter in milliseconds, and add the percentage
of lost packets to the statistics.
svn path=/trunk/; revision=12166
o Fix EXTENDED_COMMUNITIES output that was appending the Carried
Extended communities; fix BGP_EXT_COM_L2INFO was not appending to the
bgpext_com_type
o Update various text with the specific afi/safi
o Decode fields in MP Reach NLRI for labeled VPNv4 and labeled IPv4
(and small offset fix for the latter)
o Decode unknown address family in MP Reach NLRI
svn path=/trunk/; revision=12165
o Add link type string for MPLS Link Type in MPLS Link sub-TLV
o Decode MPLS Link Color/Resource sub-TLV
o Add bps for bandwidths in Max BW and Max Reservable BW sub-TLVs
o Display Type, Length Value for Unknown Link sub-TLV
o Allow display filter on Link Type and Link Color
svn path=/trunk/; revision=12122
- Add a configuration option for Diameter version. Currently,
the choice is between everything before draft-v16 and RFC3588.
- Fix diameter-ip-address parsing depending on the Diameter
version (and showing decoding errors accordingly).
- Change registration of Diameter from TCP and SCTP port 1812 to
TCP and SCTP port 3868 (this is according to RFC3588, section
11.5).
svn path=/trunk/; revision=12121
util.c, as util.c is no longer part of libethereal.
Update his e-mail address (I'm presuming it's the same person - Comcast
bought AT&T Broadband, so the domain name change makes sense).
svn path=/trunk/; revision=11967
to open it as a UTF-8 file).
Convert from ISO 8859/1 to UTF-8, and put the a-ring into a name.
Fix some bad characters.
svn path=/trunk/; revision=11918
will either have "heimdal", in all lower case, in the version string in
the header file, or will write out, when you run "krb5-config
--version", a version string with "heimdal" in all lower case, so we
don't need to do case-insensitive matching, which is good - not all
versions of "sed" support the "i" flag (although you can do
case-insensitive matching by using regular expressions, if necessary).
svn path=/trunk/; revision=11915
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
add versions of CRC-16 and CRC-32 routines with seed arguments;
add versions of those routines with an "offset in the tvbuff"
argument;
add Doxygen comments to the CRC-16 and CRC-32 headers.
svn path=/trunk/; revision=11573
Chris Maynard