Add support for dissecting TDLS (IEEE 802.11z) frames.
These are mostly used as Action frames that are encapsulated in Data frames (to go through any AP).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5493
svn path=/trunk/; revision=35208
When I coded the decoding of the feature group indicator, I decided to do not display the feature group content when it is not supported. After further thinking I find it more useful to always display the features of a given indicator whether it is supported or not.
svn path=/trunk/; revision=35200
It seems that Hay Systems Limited (HSL) is using stream 0xDD to transport
human-readable debug messages from the BTS to the BSC.
svn path=/trunk/; revision=35196
As it seems, there are systems that use an IPA multiplex layer but don't use
it on the standard ports that ip.access is using them for the A-bis interface.
This patch adds a user-configurable preference for the TCP and UDP ports the
IPA dissector should work on.
svn path=/trunk/; revision=35195
Bug 5494 - FP-Hint: Display correct DCH-ID value
In FP-Hint, DCH-IDs are stored as a 5-bit value. While a 5-bit value can
hold values from 0..31, DCH-IDs in the NBAP, RNSAP and RRC protocols
have values from 1..32.
This patch adds 1 to the DCH-ID in FP-Hint in order to display the
correct DCH-ID value in the protcol tree.
svn path=/trunk/; revision=35190
header as the "Routing Domain" field as introduced in RFC 1388 [January 1993]
and obsoleted as of RFC 1723 [November 1994]. Defaults to FALSE.
svn path=/trunk/; revision=35187
- Initialize a few static global variables;
- Remove two unnecessary calls to g_hash_table_foreach_remove;
- Do whitespace cleanup and use consistent indentation;
- Fix a few typos and fix up several comments.
svn path=/trunk/; revision=35183
Enhancements to BACnet's bacapp dissector
Details:
1) Added the low and high instance parameters of the who-is command to the
summary view, if present.
2) Added dissecting of the property active-cov-subscriptions.
3) Added tag details to the decoded view of ProcessId.
4) Fixed the indent levels of the recipientProcess decoding.
5) Fixed the indent tree levels for ReadPropertyMultiple-ACK when decoding
error response.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5473
svn path=/trunk/; revision=35170
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
Various fixes for AgentX protocol decoding:
1/ Fixed the decode of get & getnext PDU to correctly iterate over range lists.
2/ Re-adjust PDU header highlighting to hightlight all 20 octets instead of
only the first 4.
3/ Altered the decode hierarchy so that PDU bodys are no longer a sub-component
of the PDU header, but is now at the same level as the header.
4/ Corrected the highlighted length of decoded OIDs.
5/ Added bitwise decoding of the PDU 'flag' octet.
From me:
- Remove unnecessary includes.
- Some indentation/white space cleanup.
- Remove (new) duplicate blurbs
svn path=/trunk/; revision=35141
bug #5466 with some minor whitespace modifications from me and a fix of an
invalid offset introduced with the patch. Fuzz testing still needs to be done.
I can't seem to get the fuzz tester to work with the capture files attached to
the bug report.
svn path=/trunk/; revision=35137
Comment in the code asked....
/*XXX: 2 bytes skipped ?? */
Here is what I have found.
The high byte (1) indicates the Classification Engine ID
The low bytes (3) indicate the application ID
Engine ID of 5 is NBAR Standard.
Engine ID of 6 is NBAR Custom.
Attached patch displays all 4 bytes (type and ID) in a readable way. Also
allows better filtering.
svn path=/trunk/; revision=35116
MongoDB dissector improperly decodes cursorID in OP_KILL_CURSORS command.
The size of the CursorID is 64 bits, while the code assumes they are 4 bits,
though correctly incrementing the pointer. Fix this typo.
svn path=/trunk/; revision=35103
The scsi_persresv_type_val field in packet-scsi.c contains a mapping of
persistent reservation opcodes to their descriptive types. The opcode for the
Exclusive Access - Registrants Only field is incorrectly set to 7, when the
correct opcode is 6 (as per SPC-2 onward). The attached patch corrects this
discrepancy.
The attached patch also adds support for dissecting opcodes 7 and 8, the two
all registrants reservation types present in SPC-3 onward.
svn path=/trunk/; revision=35099
The information which is used to determine which sub-dissector to use for the
various Data messages within an SCCP connection is only present within the
initial Connection Request, so even with connection tracking on, unless the
trace contains the Connection Request no sub-dissector is called. It is common
for traces to only contain a single carried protocol anyway - e.g. RANAP.
The supplied patch adds a user preference for a "default payload"
sub-dissector, which is called in preference to the Data dissector if nothing
else has claimed the packet first.
svn path=/trunk/; revision=35098
The packet-sccp.c has a bug in the declared valid ranges of the SSN and DPC
values in the user table used to match to a subdissector. The SSN range is 16
bits rather than 8 (not really an issue) but the DPC range is 16 bits rather
than 24 - so many traces cannot be matched by this table.
svn path=/trunk/; revision=35097
The attached patch against that dissector contains :
FIX:
- counting statistics over encrypted packages (line 610 ff)
NEW:
- tag sametime message type 0x0025 as known
MISC:
- better comment
- new line clean ups
svn path=/trunk/; revision=35077
I just found a small bug in LTE PDCP dissector with current top of tree.
If global preference global_pdcp_dissect_user_plane_as_ip is set to true, the dissector will try to decode an IP frame even with signalling plane.
PDCP-LTE
...0 0000 = Seq Num: 0
Signalling Data: 0800183aa808
MAC: 0x00000000 (0)
[Malformed Packet: IP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
With the attached patch, I get the correct output for both signalling and user plane PDUs.
svn path=/trunk/; revision=35076
This corrects the specific issue reported in Bug #3317
wherein the dissector decided there was a valid but unknown
header when dissecting a binary (non text) message with a ":"
as the last byte.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3317
Note that a larger issue remains: the IMF dissector
presumably shouldn't really even try to dissect a
binary payload (which is proably encrypted text).
svn path=/trunk/; revision=35017
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
For now, only enable it for logged PDCP frames, i.e. not for PDCP found inside RLC (that won't work properly until RLC re-assembly is implemented).
svn path=/trunk/; revision=35000
indicate that these fields are unused in this case and must be zero.
Furthermore, if the value is non-zero, add an expert info warning about it.
Fixes bug 3631.
svn path=/trunk/; revision=34998
text, etc. are "sane" before:
1) requesting enough bytes (from reassembly) to dissect them all
2) (and) attempting to add them all to the tree
Request all the bytes we'll need to dissect all those rectangles/sub-rectangles
before starting dissection rather than checking before dissecting each
rectangle/sub-rectangle.
Use tvb_get_ephemeral_string().
Use _U_ to mark unused arguments.
Fix up some indentation.
Get rid of one more DISSECTOR_ASSERT.
svn path=/trunk/; revision=34977
Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.
svn path=/trunk/; revision=34976
(Minor) use tvb_reported_length_remaining() rather than tvb_length_remaining() in a number of places;
Add a comment to get_sametime_message_len() about the minimum length of the tvb when the fcn is called.
svn path=/trunk/; revision=34961
Sort value_string_array in ascending order by value;
Reformat display of tag info to be more readable;
Rework TLV processing;
Remove unneeded variable;
Minor whitespace cleanup.
svn path=/trunk/; revision=34933
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
The attached patch adds many more DAAP codes to be parsed properly by the DAAP
dissector.
In addition, it fixes some prints.
svn path=/trunk/; revision=34899
The ZigBee security dissector was not recording the short to long address
mappings in Security Headers, preventing the decryption of some payloads. This
patch eliminates the Undecoded warnings in packets 1 and 19 in this test
capture: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5457
The keys to decrypt these packets are listed in the bug.
svn path=/trunk/; revision=34886
- Add new entries based on: http://www.iana.org/assignments/megaco-h248 last updated 2010-10-01;
- Fix a typo (incorrect value for an entry);
- Switch values between two entries to match the IANA list;
- Switch two entries so list is in ascending order by value.
svn path=/trunk/; revision=34881
I improved the coap dissector. It is resulted by the 2nd coap test event.
This patch is diff from 34794. The fuzzying test passed more than 62000.
Changed:
- removed "#if 0", and expanded exp2().
- added new error codes.
- improved looks of the block options
- renamed to "token" from "opaque_bytes" according to new draft.
From me: Use a use a left shift operation instead of multiplying by 2 many
times.
svn path=/trunk/; revision=34878
Change nbap.cnf to use val_to_str_ext to access protocolIE_ID value_string array.
Also: Minor whitespace cleanup in nbap.cnf.
svn path=/trunk/; revision=34876
- Set a default RNTI value for each type, in case optional RNTI value isn't supplied.
- Improve range checking of given type against acceptable range of values
- fix misplaced return (this fixed bug 5392)
svn path=/trunk/; revision=34859