- Use proper proto_tree_add_item() 'encoding' arg (instead of TRUE/FALSE);
- Call col_append_fstr() even when 'tree==NULL';
- Use value_string_ext to access the larger value_string tables;
- Handle tvb_reported_length() can return -1;
- Remove 'set but never used' variable and associated line of code;
- Remove unneeded #include <prefs.h>;
- Remove empty proto_reg_handoff();
- Do minor whitespace cleanup.
svn path=/trunk/; revision=41357
- packet-erf.h not used elsewhere; move to packet-erf.c;
- reformat long lines;
- minor code re-arrangement;
- whitespace cleanup.
svn path=/trunk/; revision=41345
packet-ieee17221.c:3123:10: warning: Value stored to 'mr_offset' is never read
- Put the offset increment inside the loop
packet-ieee17221.c:2888:10: warning: Value stored to 'mr_subtree' is never read
- Use the newly-created subtree (instead of the parent tree)
packet-ieee17221.c:2692:13: warning: Value stored to 'next_tvb' is never read
- Use next_tvb (instead of the main tvb which doesn't start at the
correct offset)
svn path=/trunk/; revision=41324
The attached patches fix the following issues:
1. CIP-Motion shouldn't be a heuristic dissector. CIP-Motion packets are
determined by specific fields in a CIP ForwardOpen. I ran into situations
where CIP-Motion's "vague" heuristics incorrectly dissected packets meant for
CIP-Safety. Of course this requires the ForwardOpen to be in the trace, but it
is the most deterministic way to have CIP-Motion packets.
2. Minor bugfix to the CIP-Safety dissector. A couple of fields were
"missing", causing errant malformed packets.
svn path=/trunk/; revision=41283
A new dissector for IEEE 1722.1.
From me: some code cleanup, including:
- Get rid of some unnecessary local variable initializations.
- Put all of 1722.1 under one subtree.
- Just put if(tree)s in the top-level function rather than scattered throughout.
- Remove a couple "set but not used" warnings (a couple are #if'd out).
- Don't use deprecated functions.
svn path=/trunk/; revision=41282
- Use proper 'encoding' arg (iso TRUE/FALSE) for proto_tree_add_item();
- Use correct value for tvb_new_subset() 'reported_length' arg;
- For proto_tree_add_protocol_format(): Use a length no greater than
that actually available in the tvb. This allows dissection to attempt to
proceed even if the length as obtained from the packet is too large.
- Remove 'set not not used' variable;
- Do minor reformatting and whitespace changes.
svn path=/trunk/; revision=41279
> packet-noe.c: In function 'decode_utf8':
> packet-noe.c:805: warning: integer constant is too large for 'long'
> type
> packet-noe.c:808: warning: integer constant is too large for 'long'
> type
> packet-noe.c:814: warning: integer constant is too large for 'long'
> type
> packet-noe.c:817: warning: integer constant is too large for 'long'
> type
> packet-noe.c:818: warning: integer constant is too large for 'long'
> type
svn path=/trunk/; revision=41271
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol, take II.
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41266
packet-mpls-pm.c(616) : warning C4098: 'dissect_mpls_pm_dlm' : 'void' function returning a value
packet-mpls-pm.c(623) : warning C4098: 'dissect_mpls_pm_ilm' : 'void' function returning a value
svn path=/trunk/; revision=41262
Support for MPLS Packet Loss and Delay Measurement, RFC 6374
Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
Any packetformat is supported: DLM, ILM, DM, DLM+DM and ILM+DM.
From me :
* Prefer proto_tree_add_item when it is possible
* add Modelines information
svn path=/trunk/; revision=41260
CIP Motion parsing of set axis attribute list request is messing up attr data
parsing a CIP Motion 'Set Axis Attribute List' Request returns correct data for attribute ID, dimension and element size but 'attribute data' field retrieves the same data for each attribute in the list rather than the real data sent in the request.
From me :
Fix the typo error (use the wrong offset variable, need to use local_offset variable)
svn path=/trunk/; revision=41257
The attached patch for the DVB-CI dissector creates a circuit for each DVB-CI
session, using the session number as circuit id.
The DVB-CI session commands are:
- open_session_request(resource_id)
- session_opened(resource_id, newly assigned session number)
- payload transfer(session_number, payload data)
- close session(session_number)
For now, the circuit will store the resource id and make it available (as a
generated item) to subsequent packets that contain only the session number.
Doing this, the resource id (which is like a tcp/udp port) can be used for
filtering.
svn path=/trunk/; revision=41253
make Save-As/Displayed/All-Packets save not only the displayed packets but
also any other packets needed (e.g., for reassembly) to fully dissect the
displayed packets.
This works only for the "All packets" case; choosing only the Selected packet,
the Marked packets, or a range of packets would require actually storing which
packets depend on which (too much memory) or going through the packet list many
times (too slow). Also, this behavior is always the case: you can't save the
displayed packets without their dependencies (I don't see why this would be
desirable).
So far this is done for SCTP and things using the reassembly routines (TCP has
been tested).
The Win32 dialog was modified but hasn't been tested yet.
One confusing aspect of the UI is that the Displayed count in the Save-As
dialog does not match the number of displayed packets. (I tried renaming the
button "Displayed + Dependencies" but it looked too big.) The tooltip tries
to explain this and the fact that this works only in the All-Packets case;
suggestions for improvement are welcome.
Implementation details:
Dissectors (or the reassembly code) can list frames which were needed to
build the current frame's tree. If the current frame passes the display
filter then each listed frame is marked as "depended upon" (this takes up the
last free frame_data flag).
When performing a Save-As/Displayed/All-Packets then choose packets which
passed the dfilter _or_ are depended upon.
svn path=/trunk/; revision=41216
TPNCP (proprietary Audiocodes) protocol dessector - wrong guint8 value presentation
The presentation of unsigned 8-bit integer is wrong. The (signed) gint8 is used which is displayed as unsigned integer (by proto_tree_add_uint) afterwards.
That causes wrong presentation of valus which bigger than 127.
Solution: New guint8 is introduced to present unsigned 8 bit integer value.
svn path=/trunk/; revision=41209
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6792
This is a new dissector for the non-standard Ericsson OM2000 protocol, as it is
used for the OML on A-bis of Ericsson RBS 2xxx BTSs.
It also includes a dissector for a shim-layer protocol that Ericsson uses for
IP-based A-bis like the RBS 2409. As the protocol is not publicly documented,
I have invented the name "EHDLC" (Ericsson HLDC) for it.
svn path=/trunk/; revision=41195
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
Support HDCP version 1 over I2c
the attached patch adds support for HDCP version 1. This is the authentication that runs between your DVD/Bluray player and your TV when they're connected via an HDMI cable.
svn path=/trunk/; revision=41173
Support HDCP version 1 over I2c
the attached patch adds support for HDCP version 1. This is the authentication that runs between your DVD/Bluray player and your TV when they're connected via an HDMI cable.
svn path=/trunk/; revision=41172
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41134
the exec dissector and into wsutil/str_util.c. Rename them to
isdigit_string() and isprint_string(). Also rename the variables they use
for consistency: string -> str and position -> pos.
svn path=/trunk/; revision=41053
r35887 added ntp_to_nstime() to packet-ntp since a couple of dissectors had
their own versions. The version used was from packet-netflow; switch to the
version from packet-zep because that one's math works better: the fractional
time is actually shown.
svn path=/trunk/; revision=41045
The change made in r40742 turned out to not be portable (FreeBSD doesn't have
the timezone global variable), so use another method to determine the current
timezone.
Also fix a bug introduced by r40742's change to display this timestamp in UTC:
if the reported (by the message) time zone has a negative offset to UTC, shift
it forward (not backward) to get UTC (and the opposite for positive offsets).
svn path=/trunk/; revision=41044
Since his r41025 change to the HTTP dissector fixes the problem reported in
the subject bug, revert r41018 (whose check-in comment, BTW, should have
referenced this bug instead of 6817).
svn path=/trunk/; revision=41028
Remove tag_len parameter - it was redundant.
The length passed no longer contains the vendor id.
- add_tagged_field / TAG_VENDOR_SPECIFIC_IE:
Reorder so that the ieee "standard" vendor ids come fist,
after that the really vendor specific stuff.
svn path=/trunk/; revision=41027
-- HTTP/1.1":
Any HTTP/1.1 message containing an entity-body SHOULD include a
Content-Type header field defining the media type of that body. If
and only if the media type is not given by a Content-Type field, the
recipient MAY attempt to guess the media type via inspection of its
content and/or the name extension(s) of the URL used to identify the
resource. If the media type remains unknown, the recipient SHOULD
treat it as type "application/octet-stream".
To quote section "4. Encoding of Transport Layer" of RFC 2565, "Internet
Printing Protocol/1.0: Encoding and Transport":
HTTP/1.1 [RFC2068] is the transport layer for this protocol.
...
Note: even though port 631 is the IPP default, port 80 remains the
default for an HTTP URI. Thus a URI for a printer using port 631
MUST contain an explicit port, e.g. "http://forest:631/pinetree". An
HTTP URI for IPP with no explicit port implicitly reference port 80,
which is consistent with the rules for HTTP/1.1. Each HTTP operation
MUST use the POST method where the request-URI is the object target
of the operation, and where the "Content-Type" of the message-body in
each request and response MUST be "application/ipp". The message-body
MUST contain the operation layer and MUST have the syntax described
in section 3.2 "Syntax of Encoding". A client implementation MUST
adhere to the rules for a client described for HTTP1.1 [RFC2068]. A
printer (server) implementation MUST adhere the rules for an origin
server described for HTTP1.1 [RFC2068].
So, when choosing a subdissector for HTTP request bodies, search based
on the media type first, and only if we *don't* find a dissector for the
media type, do other stuff such as heuristics or choosing a subdissector
based on the port number.
This fixes a number of problems; in particular, it fixes bug 6765
"non-IPP packets to or from port 631 are dissected as IPP" without
requiring the IPP dissector to attempt to determine whether an entity
body looks like IPP. It also ensures that the default dissector for
HTTP entity bodies, the "media" dissector, will get the media type
passed to it in pinfo->match_string.
Don't use "!str*cmp()" while we're at it - it's valid C, but the "!" can
make it look as if it's checking for something not being the case when,
in fact, you're checking for equality rather than inequality. (The
str*cmp() routines don't return Boolean results.)
svn path=/trunk/; revision=41025
manually insert the fragment data to the tree (by calling show_fragment_tree());
doing both just means the fragments get added to the tree twice.
svn path=/trunk/; revision=41022
proto_tree_move_item(): that function will expects the item, not its parent.
This avoids dissector bugs such as the one reported in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6768 :
** (process:745): WARNING **: Dissector bug, protocol RTP, in packet 82:
proto.c:4273: failed assertion "fixed_item->parent == tree"
svn path=/trunk/; revision=41021
Make the IPP dissector a 'new-style' dissector that does not accept packets
which are clearly not IPP.
This is useful when a user points their web browser at a CUPS server--which
causes the CUPS server to spit out a nice looking web page from which you can
administer the server and/or printers but which up until this fix caused the
IPP dissector to mark the packet as malformed.
svn path=/trunk/; revision=41018
for (i = 1; i <= N; i++)
...
the type of "i" must have, as its maximum value, a value >= the maximum
value of N; otherwise, if N is equal to the maximum value that fits in
"i", the loop willnever terminate. (If that requires "i" to be larger
than you'd like, do the loop as
for (i = 0; i < N; i++)
...
which doesn't have that problem.)
Clean up the "i = 1" clause's white space in those for loops.
svn path=/trunk/; revision=41010
could cause an unsigned length value to be reduced by more than its
value, turning it into a very large value.
I couldn't exactly reproduce bug 6833, but it was due to an attempt to
allocate 4294967110 bytes, and this bug caused remaining_len to equal
4294967110, and it would try to create a reassembled packet tvbuff of
that size, so I'm guessing this fixes 6833.
svn path=/trunk/; revision=41001
* Make field filterable (3 proto_tree_add_text less ! but there are still 147 proto_tree_add_text...)
* Remove bgp_notify struct
* Use expert info to display a unknown error type
svn path=/trunk/; revision=40987
fixes checkapi warnings about its value_string not being properly
terminated (by replacing it with a true_false_string).
svn path=/trunk/; revision=40975
This is POC we may want to have more efficient use of the frame data
structure etc. But this allows for work to be done on the GUI to actually add comments.
svn path=/trunk/; revision=40969
anything that can run Wireshark (it might be slower), and if the maximum
count value is 16-bit, you can loop forever if the maximum count value
happens to be 65535.
(Yes, this means that
guint i, j;
...
for (i = 0; i < j; i++)
...
risks looping forever if j is 2^32-1, and the same applies to 64-bit
counters. There are probably fewer protocols with 32-bit counts, and
probably even fewer with 64-bit counts, but the way it should be done in
those cases, for safety, is
i = 0;
for (;;) {
if (i >= j)
break;
...
if (i == j - 1)
break;
}
or something such as that.)
Fixes bug 6809.
#BACKPORT
Will schedule for 1.6.x.
svn path=/trunk/; revision=40967
Anders Broman