Change-Id: I643825baa09bf1b6b54515dc109669c0cb1e2cd7
Reviewed-on: https://code.wireshark.org/review/18800
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9962ced39ce3fd31cff446a99ba1c0b6ebfb1bbf
Reviewed-on: https://code.wireshark.org/review/18596
Reviewed-by: Erik de Jong <erikdejong@gmail.com>
Reviewed-by: Anish Bhatt <anish@gatech.edu>
Reviewed-by: Francisco Javier Sánchez-Roselly <franciscojavier.sanchezroselly@ujaen.es>
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Boris Bochkaryov <Boris-Bochkaryov@yandex.ru>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Iff3d1c4d74a8cf03111cb776cfce09120afb361d
Reviewed-on: https://code.wireshark.org/review/18139
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8ee371ab99397c00293372102c73805108845738
Reviewed-on: https://code.wireshark.org/review/17979
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iae5c032e3d21a694845b89b285d61d45c6f8584f
Reviewed-on: https://code.wireshark.org/review/15105
Reviewed-by: Yang Luo <hsluoyz@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Officially, the local part of an email address is case sensitive, but in
practice this is ignored. Ensure that duplicate email addresses are not
listed.
While at it, detect duplicates using `grep -Po '<\K[^>]+' AUTHORS |
tr '[:upper:]' '[:lower:]' | sort | uniq -cd` and resolve them.
Change-Id: Ie1e853d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
new AUTHORS file can be created with "gen-authors" build parameter
The "original" AUTHORS file has been fixed up to be kind to parsers (so no one gets excluded) and renamed to AUTHORS.src. This preserves the features authors worked on. For authors that didn't list features, they may be converted to just getting information from git.
Change-Id: I9a4c4091e229f7f5e1c46d864527a98c1278e451
Reviewed-on: https://code.wireshark.org/review/14231
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* tvb_*_length mentioned in README.dissector
* fixed typos in README.dissector
* using stats_tree_register_plugin in the stats_tree examples both in README.stats_tree and the dev guide
* removed the version information and the #endif from the stats tree section in README.dissector
Change-Id: I27df0b5dfd66a7c0ac5b0fe1bdc882b3e9ffda74
Reviewed-on: https://code.wireshark.org/review/12908
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Developed by Emerson Industrial Automation (Control Techniques Division)
eCMP is a protocol for setting up and controlling the devices in a factory
automation system. eCMP has about 30 commands; most are embedded into TCP/IP
messages, but cyclic data messages use the UDP protocol.
Bug: 10562
Change-Id: I9a421f39dfbdbc9e28d8f7cba72c22e270064641
Reviewed-on: https://code.wireshark.org/review/3157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Relationships Between Sets of LSPs", draft-ietf-pce-association-group-00
Bug: 11782
Change-Id: I1f0886bc30a71af54b51dea771a927d1f5742ca9
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/12179
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Source files all reference this file, so they don't need updating)
Change-Id: Ib78c081d00e093119eab7d4d97c74944b3a46cfd
Reviewed-on: https://code.wireshark.org/review/11507
Reviewed-by: Stephen Fisher <sfisher@panix.com>
The presentation in GUI should be improved to not depend on the
number of TAB's used in the source AUTHORS file.
Change-Id: I3db1f80112e01613c57be25ad866afbb717fc92f
Reviewed-on: https://code.wireshark.org/review/11345
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
TCPROS is a transport layer for ROS Messages and Services.
It uses standard TCP/IP sockets for transporting message data.
Inbound connections are received via a TCP Server Socket with a header containing message data type and routing information.
For more information, see: http://wiki.ros.org/ROS/TCPROS
Bug: 11404
Change-Id: If8810dbb2cb6d6522eb035fd0fa1cf49933bad3d
Reviewed-on: https://code.wireshark.org/review/9807
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Conveying path setup type in PCEP messages, draft-ietf-pce-lsp-setup-type-00
PCEP Extensions for Segment Routing, draft-ietf-pce-segment-routing-01
Bug: 11046
Change-Id: Ib2ea9a96079324377fa65ef8c3ab37a98f530793
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
... with some changes from Jeff Morriss:
- Change how SSTP is "registered": rather than trying something complicated,
just put the intelligence for recognizing SSTP into the HTTP dissector.
(This does mean the SSTP dissector needs to do its own desegmentation now
but it makes things much cleaner.)
- Use proto_tree_add_subtree_format() instead of proto_tree_add_text() +
proto_item_add_subtree().
- The messagetype is 16 bits, use tvb_get_guint16() instead of tvb_get_guint8()
(fixes COL_INFO display)
- A few other few misc. cleanups
(I didn't update NEWS because I can no longer build NEWS without adding UTF8
fancy quotes and so forth.)
Bug: 8239
Change-Id: I3631ae65f67bea69815ccf43472fdbcac3ca3499
Reviewed-on: https://code.wireshark.org/review/7227
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Move sdo dissection to separate function
Added dissect_sdo() function to handle the more complex SDO dissection.
* SDO command specifier decoding
Decoding of both client and server command specifier for SDO transfers
according to CiA 301 Chaper 7.2.4.3.
Note: Fully decoding block transfer frames is more complex and not supported
yet.
* basic SDO abort code decoding
SDO abort codes as specified in CiA 301 Chapter 7.2.4.3.17 (Table 22).
* Basic value ranges for object dict index parameter
Object dict ranges as specified in CiA 301 7.4.1 (Table 41)
* cs-based multiplexer and data decoding
A data width of 4 byte is valid only for expedited transfer and a
multiplex value is present only in initialisation messages.
This patch now handles also normal sdo segment data.
Reference: CiA 301, Chapter 7.2.4.3.3 and 7.2.4.3.6
Change-Id: I37005894082d62eed1ddd85e09e3676aa3af8222
Reviewed-on: https://code.wireshark.org/review/5504
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
RFC draft http://www.ietf.org/id/draft-fox-tcpm-shared-memory-rdma-05.txt
used as reference for packet dissection.
A small change was made to packet-infiniband, to add the Queue Number to the
info column. This allows for easy indentification of session traffic for a
particular QP.
Also: infiniband: tvb_length() --> tvb_captured_length()
Bug: 10715
Change-Id: I774ceffaa5c271cb6a28ab4ed21e53cd42f2547b
Reviewed-on: https://code.wireshark.org/review/5386
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
We should warn when decoding Geneve packets with an unknown
version number.
Change-Id: Id40b756c3bb0320b69fbd8ee98830a2b05834a48
Reviewed-on: https://code.wireshark.org/review/5420
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Provides dissection for the elasticsearch protocol. This includes full
dissection of the multicast discovery protocol, the HTTP query interface
and partial dissection of the binary protocol.
Change-Id: I738fb498976e44fa05168c2bc3a7e842a9e96df9
Reviewed-on: https://code.wireshark.org/review/4948
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Previoulsy added "adb_cs" is only for adb client <-> adb daemon communication
by loopback interface (by TCP). But there is also communication between
adb daemon and device (by TCP or USB). This transport protocol is different, but
now support is done.
ADB services are shared between ADB and ADB_CS so put them into "adb_service"
dissector. There is still some services to be added.
Change-Id: I754331d3dc6ccf3c17445f5563d01cf2fe1489c7
Reviewed-on: https://code.wireshark.org/review/4651
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
author to AUTHORS.
Also mention support of nanosecond timestamps in PCAP-NG files.
Change-Id: I31666de845240a311a8332cff42120d78d2d1474
Reviewed-on: https://code.wireshark.org/review/4367
Reviewed-by: Evan Huus <eapache@gmail.com>
Added a new dissector for the Dynamic Source Routing (DSR) protocol (RFC 4728)
It should correctly dissect all DSR packets, including the "Flow State
Extension" DSR packets.
See Bug #10499 for capture file
Change-Id: Ie33a1a2fe095cab19d5abfbfa8e1c79fec664a35
Reviewed-on: https://code.wireshark.org/review/4251
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Also add the S7 Communication dissector's author to AUTHORS.
Mention that the Qt UI is now the default.
Change-Id: Ie2629333fd48bbe1ce95052292336a4f8608ea17
Reviewed-on: https://code.wireshark.org/review/3988
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All credit for development should go Qiaoyin Yang
CP2179 protocol is a serial based protocol. The 2179 protocol is implemented with minor variations between vendors.
The RTAC implemented the 2179 client supporting a limited function codes and command codes. The RTAC doesn't support
multiple function codes in a single request and the dissector also doesn't support decoding these or corresponding responses.
Bug:10285
Change-Id: I217bf4185c52b0b183f69b3b5aa84613340d3944
Reviewed-on: https://code.wireshark.org/review/3089
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I7f65d22d4dd96908033c764461196a75716b298a
Reviewed-on: https://code.wireshark.org/review/3961
Reviewed-by: Michael Mann <mmann78@netscape.net>
Thanks to Michał Orynicz for finish Logcat support.
Also update our hall of fame. One note:
my real name is Michał Łabędzki, but if you write
Michal Labedzki it will be ok too.
Change-Id: I81ae563fa1347f1fee316e0ff79a87722ff88d0b
Reviewed-on: https://code.wireshark.org/review/3764
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This is the first version of a Ceph dissector. It is not complete but
is far enough along to be helpful to many people working with Ceph.
Currently the dissector can fully dissect the Ceph protocol and has
support for full dissection of most common messages. For the other
messages for which full dissection is not available their metadata is
parsed and shown along with the raw data of the different message
sections.
Change-Id: Ic7917a3d01148c6fe2f9ea2c13ecd09ecc06c2d7
Reviewed-on: https://code.wireshark.org/review/1889
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Iebddc7be48d6e6aeb3a8620e0cb902fb4d6206b2
Reviewed-on: https://code.wireshark.org/review/3233
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I899dafbdf0f1aa94b71ca1dcb93d1ef1b2039386
Reviewed-on: https://code.wireshark.org/review/3200
Reviewed-by: Michael Mann <mmann78@netscape.net>
(e.g. opendaylight, nox, openvswitch, etc) still use legacy port
numbers. The most common are 6633 and 6634. This patch adds a
simple heuristic logic and uses the current uint preference as
additional input. In most cases no user intervention is needed and
OpenFlow is automatically detected/dissected.
Change-Id: Iebf09b7b870efe9d52421b9acc238208d25d4565
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/921
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Spawned from https://www.wireshark.org/lists/wireshark-dev/201402/msg00024.html
Add some ignore rules for files that can't/shouldn't include a license header.
Reorganize some ignore rules to group rules with similar motivations.
Add a header to autogen.sh and attribute it to just "The Wireshark Authors"
since while Gilbert wrote the original version it's gone through so many changes
over the years that sorting out proper authorship is unnecessarily complex.
Add headers to Graeme Hewson's two files as verified by private email, and
update his address in the AUTHORS file per his request.
Add header to one of Ulf Lamping's files, as verified by private email.
Only remaining problem is the reedsolomon code.
Change-Id: Ifb7de8c4b4d79012553e29d459a0145d39f51df5
Reviewed-on: https://code.wireshark.org/review/145
Reviewed-by: Evan Huus <eapache@gmail.com>
There is no public spec, based only on analyze of packet
It is more easy to found the address IP of Intant AP
Change-Id: I3baf205c5e4ad699b954f4a9fbf4b9e65f82cb36
Reviewed-on: https://code.wireshark.org/review/121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
From İbrahim Can Yüce
From me: Update to new tcp_dissect_pdus format, minor whitespace issues noticed in wiretap files.
svn path=/trunk/; revision=53669
From Deon van der Westhuysen
- Bug fix: object leak in stats_tree after a tap reset (for example apply statistics preferences with a stats_tree window open)
- Bug fix: correct sample code in README.stats_tree
- Add: slash in plug-in name now creates submenu as docs describe (was a bug?)
- Add: menu separator before the stat_tree registered plug-ins
- Add: stats_tree can now calculate averages for nodes; automatically calculated for range nodes. Add section in README.stats_tree describing averages.
- Add: stats_tree can now calculate burst rate of each node (like rate but with a shorter, sliding time window)
- Add: sorting for stats_tree plug-ins. Can sort on node name, count, average, min, max values and burst rate.
- Add: preferences for stats_tree system (default sort column, burst calc params)
- Add: stats_tree window copy to clipboard and export and plain text, csv and XML.
- Added sample of new functionality in $srcdir/plugins/stats_tree/pinfo_stats_tree.c
- Moved all stats_tree sample plug-ins to "IP Statistics" submenu.
svn path=/trunk/; revision=53657
dissector for Kyoto Tycoon binary protocol
from me:
make port range preference work
highlight the correct bytes for records
remove trailing commas
correct(?) 64->32 cast
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9418
svn path=/trunk/; revision=53383
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9324
From me:
1. Move certain global vars to local storage in dissect_tfp_common()
2. Declare all remaining global vars as static;
3. Fix some bugs:
- base58_encode() needed to be called before call to col_add_fstr()
- display of UID string in tree was being truncated to 4 characters
4. Cleanup whitespace: use consistent indentation (tabs); remove trailing whitespace;
5. Add editor modelines
svn path=/trunk/; revision=52931
Compilation fails on (only the ?) OSX-10.6-x64 buildbot with error:
netscaler.c: In function 'nstrace_read_v30':
netscaler.c:1295: warning: implicit conversion shortens 64-bit value into a 32-bit value
(Life is too short for me to dig multiple levels deep into a set of macros to try to see which
actual line of code is causing the problem. Maybe the patch submitter can identify the problem).
svn path=/trunk/; revision=52666
Add reassembly support for AFS.
From me: minor tweaks to conform to other reassemblable protocols; indentation
fixes; modelines
svn path=/trunk/; revision=52113
TODO :
* Support HTTP Header Compression (draft-ietf-httpbis-header-compression)
* Enhance display of Data
* Reassembling of continuation frame (and other frame)
* Add same tap and ping/pong time response
svn path=/trunk/; revision=51591
Dissector for the Sippy RTPproxy controlling protocol. RTPproxy is a well-known
(among SIP-engineers) application and it operates using its own simple
text-based protocol. There are several competing products but all of them
implements it (sometimes slightly extending).
svn path=/trunk/; revision=51417
This patch adds XRO (Exclude Routes) support to RSVP dissector. It
also extends coverage of some new Attribute Flags (LSP_ATTRIBUTES object).
svn path=/trunk/; revision=51199
Add support for the Cisco MetaData (0x8909) ethertype.
From me:
Don't try to register the "eth.type" abbreviation; use "cmd.type" instead.
Add SVN id.
Clean up trailing white space and fix up some indentation.
Don't declare a variable static that need not be.
svn path=/trunk/; revision=51198
From Bart Van Assche.
Changes:
- Add REGISTER AND MOVE and REPLACE LOST RESERVATION service actions.
- Decode the PARAMETER LIST LENGTH field correctly - this is a four
byte field instead of a two byte field.
- For the REGISTER AND MOVE service action, add support for decoding
the RELATIVE TARGET PORT IDENTIFIER, TRANSPORT ID LENGTH and
TransportID fields.
- Fix parsing of the SERVICE ACTION field - this field is five bits
wide instead of four.
- Move the definition of the "scsi.persresv.control.unreg" field just
below the other REGISTER AND MOVE service action parameter list fields.
See also http://www.t10.org/cgi-bin/ac.pl?t=f&f=spc4r36h.pdf.
- Only display persistent reservation information in a PERSISTENT
RESERVE IN response if the ALLOCATION LENGTH field in the request
was not zero.
- Correct the offset of the (SPC-2) SCOPE-SPECIFIC ADDRESS field.
This field starts at offset 16 and not at offset 8.
- Correct the offsets of the SCOPE and TYPE fields. These fields
are both contained in the byte at offset 21.
- Correct the base of the TRANSPORTID LENGTH field from BASE_HEX
into BASE_NONE since this is the base required by non-numeric types.
For more information, see also:
* http://www.t10.org/cgi-bin/ac.pl?t=f&f=spc4r36h.pdf
* http://www.t10.org/cgi-bin/ac.pl?t=f&f=spc2r20.pdf
svn path=/trunk/; revision=51152
In SSH, the protocol version message is terminated by CR LF. Wireshark, in the
info column, strips out the LF, but not the CR.
Attaching a patch to rectify that.
Also, as requested, update the contributor's email address in AUTHORS.
svn path=/trunk/; revision=50902
When a TCP segment contains the end of two or more SSL PDUs, the TCP reassembly
code passes that segment up to the SSL dissector multiple times--one for each
SSL PDU. The SSL dissector queues the packet for SSL tap listeners each time it
is invoked. Therefore a single packet can be processed by SSL tap listeners
multiple times. But the tap data that the SSL dissector sends to its tap
listeners is a linked list of all PDUs in the packet.
The SSL tap listener responsible for populating the Follow SSL Stream dialog
did not account for the possibility of seeing a packet multiple times. As a
result, it would process the entire linked list of PDUs each time it received a
packet, and that would result in some SSL PDUs showing up two or more times in
the dialog.
This patch fixes the described bug. It also implements a few slight
improvements in closely related code. See bugzilla for details.
svn path=/trunk/; revision=49387
I want to add last four colours to Profile Bluetooth. This should
significantly improve readability - rule is one colour for one
protocol/profile.
Also take responsibility (in the AUTHORS file) for first three dissectors.
svn path=/trunk/; revision=49330
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8635
"enhanced WCCP decoder"
GRE part of the patch.
Me:
Reorder values
Manually apply the rejected parts of the patch (incompatible whitespace)
Fix whitespace inconsistencies of the patch.
svn path=/trunk/; revision=49240
Dissector for PTP-over-IP (picture transfer protocol). PTP-over-USB also exists
but is not identical, so some parts of the dissector are shared for future use.
svn path=/trunk/; revision=49221
[PATCH 1/8]
Add a subtree for the random DTLS elements. This is what TLS already does, and
it makes more sense than prefixing their display names.
[PATCH 2/8]
Show the actual hex content of the cookie by just using proto_tree_add_item.
The cookie length has its own field, so there's no need to display it twice.
[From me]
Fix an @ in the AUTHORS file
svn path=/trunk/; revision=49172
Dissector for NASDAQ's SoupBinTCP protocol (which is non-trivially different
from the old packet-nasdaq-soup dissector).
From me:
- fix CMake entry
- remove C++-style comments
- fix SVN Id tag
svn path=/trunk/; revision=48452
Centralize logic related to per-interface conversations, and expose it for use
by class-specific dissectors.
Class-specific descriptor dissectors also need to know the interface in whose
context they are called to work.
This is a prerequisite for a USB Video Class dissector, which needs to decode
many class-specific descriptors.
svn path=/trunk/; revision=47990
New dissector for the honeypot-feeds protocol.
From me: Misc. tweaks to expert info layout and remove a few unneeded initializers.
svn path=/trunk/; revision=47962
As part of a semster project in our 3rd semester of
"secure information systems" at the university of
applied sciences upper austria, we built a wireshark
dissector for the OpenVPN protocol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8240
From me:
Rework reassembly code and tree display of
message fragments and reassembled messages.
Fix various bugs and do some cleanup.
Also: Do minor whitespace changes in AUTHORS.
svn path=/trunk/; revision=47247
Dissector for the SEL (Schweitzer Engineering Labs) Fast Message protocol.
From me:
- use wmem instead of glib to not leak memory
- simplify port preference
- remove unneeded initializers
- modelines
- Id tag
svn path=/trunk/; revision=46949
This patch provides
i) support for Shared Use of Experimental TCP Options (draft-ietf-tcpm-experimental-options-03)
ii) support for TCP Fast Open (draft-ietf-tcpm-fastopen-02).
A new 'TFO=R' string is appended at the column info in case a client sends a SYN packet with a Fast Open Cookie Request. Moreover, if the server responds with a SYN-ACK containing a Fast Open Cookie option a 'TFO=C' is shown (as well as in any subsequent client attempt to send SYN + DATA).
tcp.options.tfo display filter can be used in order to easily select the complete TFO three-way handshake.
Chrome (and I think also Firefox) has support for client-side TFO. Linux 3.7 got both client and server-side support.
svn path=/trunk/; revision=46723
(with a few minor fixes by me).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8002
major change:
reassembling of PNIO fragments (only works if OpenSafty dissector is disabled)
minor changes:
improved handling of DFP Frames
added / updated
MRP Block decoding
ARServerBlock
ARVendorBlock
PDInterfaceDataReal
PDInterfaceAdjust
PDPortStatistic
SubdirFrameData corrected display and subblocks added
PDIRGlobalData complete dissection
decoding of FrameDataProperties and ARTypes updated to conform the STD
removed now usuported RTC2 ranges
svn path=/trunk/; revision=46522
Add a dissector for the America Online protocol (not the AIM protocol).
From me: always use ENC_NA for FT_UINT8 types.
svn path=/trunk/; revision=45731
Add support for HCI 3.0+HS and v4.0, Bluetooth Low Energy. This includes
dissection of additional HCI commands and events, Attribute Protocol and
Security Manager Protocol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7872
svn path=/trunk/; revision=45709
Add some additional memory-allocation failure checks in Lemon.
Use NULL rather than 0 as the null-pointer constant in those
checks.
From me:
Catch one more of the NULL-vs-0 cases.
Fix some failure messages to use fprintf(stderr, ...) -
ErrorMsg() requires a file name and line number, and is
generally used if you're going to continue rather than just give
up.
svn path=/trunk/; revision=45214
Add Bluetooth Protocol BNEP. Supported version: 1.0.
I changed offset to be an int to follow WS convention.While at it I changed other types to fit the tvb_get routines.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7719
svn path=/trunk/; revision=44894
New dissector for WSE Remote Ethernet protocol
From me :
* Fix Compilation under linux
* Use proto_tree_add_item*
* Make build-in dissector
* Include Status.* and Codef.* in dissector
* Reorder function (to respect Wireshark Codelines)
* Add Modelines Info and fix indent (use 4 spaces)
* Fix check* tools
* Add Clement to AUTHORS
svn path=/trunk/; revision=43086
Add WebSocket Protocol dissector (RFC6455)
* Support Base Framing Protocol
* Support of major opcode (Text, Binary, Close, Ping, Pong...)
* Support of unmask Payload (Client-to-Server Masking)
TODO
* Add fragmentation support
* Add WebSocket Extensions
svn path=/trunk/; revision=42163
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
Here is a dissector for ActiveMQ OpenWire protocol.
A few words about the protocol :
OpenWire has two wire formats :
- "loose" : more verbose, less CPU-intensive, less network-intensive (1-pass)
- "tight" : more compact, more CPU-intensive, more network-intensive (2-pass)
This dissector only supports the "loose" syntax, which is not the default.
This dissector only supports version 6 of the protocol.
It can be changed on the broker in the activemq.xml file by specifying
"tightEncodingEnabled=false" :
svn path=/trunk/; revision=41919
This patch adds support for the DVB Bouquet Association Table (BAT) from ETSI
EN 300 468.
With this last patch, the support for the DVB SI table is quite complete.
svn path=/trunk/; revision=41836
This patch adds support for the DVB Time Offset Table and the related
descriptor.
It also contains the Stuffing Descriptor as an added bonus.
svn path=/trunk/; revision=41766
This patch adds support for DVB Network Information Table as documented in
ETSI EN 300 468.
The patch also contains additional mpeg descriptors usually found in NIT plus
a few minor bugfix for other descriptors.
svn path=/trunk/; revision=41754
I'm contributing a new dissector for the HART/IP protocol. This
protocol is specified by the HART Conformance Foundation (HCF). It is
a standard protocol used in the process control industry. It
essential wraps the multip-drop serial HART packets in TCP or UDP
packets. The standard has been approved by the HCF and has been
assigned UDP/TCP port 5094 by IANA.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6961
--This line, and those below,
will be ignored--
M AUTHORS
M epan/CMakeLists.txt
M epan/dissectors/Makefile.common
AM epan/dissectors/packet-hartip.c
M ui/gtk/main_menubar.c
svn path=/trunk/; revision=41644
Support for DCCP Simultaneous-Open for NAT Traversal, RFC 5596. A new packet
format is supported. I did a little code cleanup too.
svn path=/trunk/; revision=41543
Move Y.1711 out of MPLS dissector
ITU-T Y.1711 code was "embedded" into the MPLS dissector in 2006.
This patch moves it into its own dissector.
From me :
Fix a Clang warning
svn path=/trunk/; revision=41486
A new dissector for IEEE 1722.1.
From me: some code cleanup, including:
- Get rid of some unnecessary local variable initializations.
- Put all of 1722.1 under one subtree.
- Just put if(tree)s in the top-level function rather than scattered throughout.
- Remove a couple "set but not used" warnings (a couple are #if'd out).
- Don't use deprecated functions.
svn path=/trunk/; revision=41282
Support for MPLS Packet Loss and Delay Measurement, RFC 6374
Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
Any packetformat is supported: DLM, ILM, DM, DLM+DM and ILM+DM.
From me :
* Prefer proto_tree_add_item when it is possible
* add Modelines information
svn path=/trunk/; revision=41260
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41134
Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
- ... and make that distinction configurable for capture files that do not have padding in small frames, but do have trailers
- Add VSS-Monitoring dissector to show by the TAP inserted time- and portstamps
svn path=/trunk/; revision=40108
This patch covers following -
i) Support for detecting OSPFv2 Opaque RI LSA. (RFC4970)
ii) Support for detecting OSPFv2 RI Capabilities TLV (RFC4970)
iii) Support for detecting OSPF Dynamic Hostname TLV (RFC5642)
iv) As per RFC4970, support for detecting RI LSA for OSPFv3 as well.
svn path=/trunk/; revision=40073
- Removed some mpls preferences which are no longer relevant/needed like
decode PWAC payloads as PPP traffic and assume all channel types except 0x21
are raw BFD.
- MPLS extension from PW-ACH to MPLS Generic Associated Channel as per RFC 5586
- Updated Pseudowire Associated Channel Types as per
http://www.iana.org/assignments/pwe3-parameters
- Updated the VCCV bitmaps as per RFC 5885
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6574
svn path=/trunk/; revision=40026
kNet (KristalliNet) dissector for Wireshark
kNet is a connection-oriented network protocol for transmitting arbitrary application-specific messages between network hosts. It is designed primarily for applications that require a method for rapid space-efficient real-time communication. kNet is an application-level protocol which can be ran either over UDP, TCP or SCTP transports.
From me :
* Add Modelines information and fix trailing whitespace
* Merge packet-knet.h in packet-knet.c
* Make Checkhf happy
* Fix Clang/GCC Warning about unused variable
* Add Authors info & CMakeList.txt
svn path=/trunk/; revision=40010
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5929
From me:
packet-cipmotion.c:
FT_BOOLEAN fields with bitmasks need a bit-fieldwidth in the hf[] entry 'display' field;
Define attribute_size as guint32 since it has to store guint8*guint16;
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
Remove trailing whitespace from lines;
Other minor cleanup and reformatting.
packet-enip.c:
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
svn path=/trunk/; revision=39396
Re-write of the EIGRP dissector to support Multi-Protocol (TLV 2.0) and
Multi-Topology (TLV 3.0). This version also support Service Advertisement
Framework(SAF) extensions to EIGRP
Dissector includes:
- Dissection of all EIGRP Opcodes and TLVs
- Decode of EIGRP Flags and bitfields
- Decode of EIGRP Communities
- Decode of latest EIGRP "wide metric" formats
- Decode of EIGRP Extended Metrics
- Decode of SAF packets with XML client data handed off to XML dissector
From me:
Fix checkapi errors/warnings use G_GINT64_CONSTANT and G_GINT64_MODIFIER
svn path=/trunk/; revision=39339
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 8/9] add support for Root Announcement (RANN) IEs
svn path=/trunk/; revision=38281
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
The two patches attached allow the dissection of the Homeplug AV Ethernet MAC
management frames between a controlling device and a Homeplug AV Ethernet to
PLC adapter. This protocol is pretty similar to the previous generation
Homeplug protocol (dissected by packet-homeplug.c) but a couple of noticeable
differences make it require its own dissector handler.
This dissector is based on the work done by Nicolas Thill, Xavier Carcelle and
myself in the Faifa project (https://dev.open-plc.org).
The dissector handles the standard Homeplug AV Ethernet MAC management frames
(called public) as well as the Intellon specific management frames (vendor).
From me:
Remove unnecessary global variables.
Add to COL_INFO even when !tree.
Remove gotos.
Remove unnecessary includes.
svn path=/trunk/; revision=37403
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
The Locator/ID Separation Protocol [1] is being standardized within the IETF,
and it is nearing RFC status (pending security review). I have been maintaining
a dissector patch for about a year, see [2]. Feedback received indicates that,
among others, it is widely used by the developers of a large router vendor,
without issues.
In January I submitted the dissector for data plane packets as bug #5602, which
was committed as r35615. The patch attached to this bug adds support for
dissection of control plane packets.
[1] http://tools.ietf.org/html/draft-ietf-lisp
[2] http://lisp.ccaba.upc.edu/wireshark/
svn path=/trunk/; revision=36845
zran.c example in the zlib source.
This means that problems in the file's contents might not be reported
when a packet is read, as long as there's no problem in the contents of
the file up to the last bit of compressed data for the packet; we now
check for errors after finishing the sequential read of the file, at
least in some programs, so that shouldn't be an issue (the other
programs need to be changed to do so as well). This is necessary in
order to be able to read all the packets we saw in the sequential pass;
it also lets us get a few more packets from truncated files in some
cases.
svn path=/trunk/; revision=36577
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
This patch adds the capability to create BACnet statistics trees.
Find the respective menu items under 'Statistics->BACnet'.
Packets can be sorted by different criteria:
- Src/Dst IP adresses
- Instance ID
- Object Type
- Service
From me:
- Don't use C++/C99-style comments.
- Name variables for tick_stat_node() don't need to be static.
- Change updateBacnetInfoValue() to require 'data' to be ep_ allocated. Change
the couple of calls that did not send in ep_ allocated data to do so.
- Change one or two functions to be static.
- Do not use (memory-unsafe) g_sprintf().
- Use ep_strconcat() instead of leaking memory with g_strconcat().
- Put back one if(tree) that doesn't appear to do any harm.
- Remove variable declarations and #includes from the header file.
svn path=/trunk/; revision=36468
A patch to add ATM over TCP Dissector.
The dissector dissect only the ATMTCP header (VCI, VPI, Payload Length)
The data are not yet dissect, it is necessary to add a "UAT" (As with the K12
dissector) to indicate the type (ILMI, AAL, ATM...) of data (based on VCI/VPI)
svn path=/trunk/; revision=36354
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Enhance RIPng
* Replace tvb_memcpy/proto_tree_add_text by proto_tree_add_item
* Remove dependency to packet-ipv6.h
* Remove packet-ripng.h (not needed)
Also update AUTHORS file
From me:
Put a check_col() back and reword (shorten) a couple of the new blurbs.
svn path=/trunk/; revision=36033
Update of packet-e212.c dissector according to local national regulatory
MNC assignment document.
www.uke.gov.pl/uke/redir.jsp?place=galleryStats&id=24439
svn path=/trunk/; revision=35889
Add Bearer Control Mode selection support in gtpv1 dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5634
Sligtly reworked by me:
- prefix names with gtp
- Use proto_tree_add_item()
- remove ref to specific protocol version, as it's probably a mix.
- Changed the update to the AUTHORS file.
svn path=/trunk/; revision=35699
- add new PROTECTION obj c-type 2 (RFC4872)
- add new TLVs for IF_ID (RFC4920)
- add Path Key subobj in ERO (RFC5520)
- add new ASSOCIATION obj c-type 4 (oif2008.389)
- add new LSP_ATTRIBUTES and LSP_REQUIRED_ATTRIBUTES objects (RFC5420)
- improved ERROR object dissection and new error values added
- ADMIN_STATUS transformed to filter and new flags added
- minor fix to conversation (not applied to ACK, SREFRESH and HELLO messages)
to resolv displaying of "Unknown session type" string in such messages
Moreover, I've deleted some "enum" statements for error values that I thought
they were useless since they were used only once throughout the RSVP dissector
code.
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5518
From me: fix two typos.
svn path=/trunk/; revision=35681
From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.
svn path=/trunk/; revision=34976
Add a configuration parameter of the NWG version for WiMAX ASN CP dissector.
The format and meaning of TLVs, as well as function types and messages changed
between the different NWG versions.
Added support for the version number of TLVs in the dictionary xml, its parser,
and of course in the packet itself.
Added support for the version number of function-types and message-types by
extending the value_string structure to contain also a "since" version number.
Successfully tested with a live capture and capture file, containing WiMAX ASN
packets (full Network entry).
Also fuzzed 500 passes successfully.
The XML doesn't contain all existing NWG versions, only selected ones. This is
a little tedious work to go over all TLVs of each version, so I'll add some
newer versions later on. can add a short how-to of adding a new version, for
others to use, if needed.
svn path=/trunk/; revision=34919
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
This patch adds support for displaying OPC UA ExtensionObjects.
An ExtensionObject is a mechanism to transport user defined structures as
serialized blobs. Some types of ExtensionObjects are already defined by the OPC
Foundation's OPC UA Specifications.
These types can be implemented by this dissector, because they are well-known.
Real user-defined or vendor-defined types are unlikely to be implemented by a
passive dissector, because this would require browsing of the UA server's
address space to retrieve the type information.
Currently only the following types are supported:
* DataChangeNotification
* EventNotification
Others OPC defined types will follow.
From me: fix warnings: "format not a string literal and no format arguments"
svn path=/trunk/; revision=34906
The attached patch adds many more DAAP codes to be parsed properly by the DAAP
dissector.
In addition, it fixes some prints.
svn path=/trunk/; revision=34899