Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
Add dissector for Tektronix Teklink Protocol, used by their Logic Analyzers.
May be useful for reverse engineering their Protocol.
svn path=/trunk/; revision=34609
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
radiotap: new parser
The current parser has a number of bugs, most
importantly not being able to parse radiotap
files with multiple presence bitmaps. It is
also rather hard extend. Use a generic library
for parsing radiotap that can be extended very
easily.
From me:
Dumb down some initializers and add some casts to make Visual C++ happy.
svn path=/trunk/; revision=34515
- packet-cfm.h not used elsewhere: incorporate into packet-cfm.c;
- Move proto_register and proto_reg_handoff to the end of the file;
- Localize some variables;
- Remove some unneeded initializers;
- Cleanu some whitesace.
svn path=/trunk/; revision=34334
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
dissectors/Makefile.common:
The following dissectors were missing from CM:
dissectors/packet-dcerpc-budb.c
dissectors/packet-dcerpc-butc.c
dissectors/packet-dcerpc-drsuapi.c
dissectors/packet-gsmtap.c
Both: Whitespace fixes and reordering.
svn path=/trunk/; revision=33462
From me: A few minor changes:
- col-clear() not req'd;
- Use 'gint32 length' rather than 'guint8 length';
- Use ENC_NA instead of FALSE/TRUE in two cases;
- Move global tdmoe_handle to be local to proto_reg_handoff...
svn path=/trunk/; revision=33307
Add support for Gigamon headers (timestamp, source port, length, etc)
that are inserted by Gigamon network equipments.
From me:
Various cleanup:
- Register to "eth.trailer" heuristics for trailer.
- Use standard dumping of timestamp.
- Rewrote gmhdr_plfm_str handling.
- Dump srcport details in a subtree.
- Removed packte-gmhdr.h.
- Ensure the while-loop will end.
svn path=/trunk/; revision=33256
IDMP provides a mapping of request-response service elements directly onto the Internet TCP/IP protocol, bypassing the ACSE, Presentation, Session and Transport layers of the OSI model. It also supports the use of TLS services.
The DAP dissector has been updated to use the IDMP protocol.
svn path=/trunk/; revision=33177
Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
"Different people made changes to enhance the batman-adv dissector. It seems
that the batman dissector wasn't touched and misses those changes. Following
patchset should improve the dissector the same way Gerald Combs, Guy Harris and
Bill Meier improved batman-adv."
See Bug #4384: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4834
From me: Add back a few 'if (check_col()) ...';
I probably went just a bit too far in changes I made in packet-batadv.c
svn path=/trunk/; revision=33062
The wireless meshing protocol B.A.T.M.A.N. Advanced changed their packet format
in such a way that now versions can be identified and so correct dissection of
the packets can be supported by wireshark.
Since it is a ever moving target it is very possible that the packet format is
changing slightly. The dissector was written in such a way that new version can
be supported relative easy.
I hope that it sufficient for the inclusion in wireshark.
I tried to fuzzing it some hours and no error was reported.
From me:
Initialize our dissector handles.
Merge packet-batadv.h into packet-batadv.c. It isn't included anywhere else.
Fuzz 500 passes using attached capture files.
svn path=/trunk/; revision=33052
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
Add support for the IBM TN5250 data stream protocol.
http://wiki.wireshark.org/TN5250
From me:
Move most of the contents of the header file to the .c file.
Replace blurbs that match the hf name with NULL.
Replace empty-string blurbs with NULL.
Fix some abbreviations (hf_tn5220_xxx -> tn5220.xxx).
Make some functions static.
Cast some offset increments to unsigned to make sure we don't go backwards
(which could create a loop). This includes making most of the subdissection
functions return an unsigned number.
Use find_or_create_conversation().
svn path=/trunk/; revision=32838
This is mostly to recognize the packets and a start to reverse engineer
the currently undocumented protocol. It's very far from complete/correct!
svn path=/trunk/; revision=32542