this construct is aligned on 4 byte boundaries in ndr and NOT
8 bytes as a real uint64 (== hyper) would be.
rename the existing dissect_ndr_uint64 ro dissect_ndr_duint32 (double uint32) to make it reflect better the alignment of the type.
svn path=/trunk/; revision=13184
otherwise, we're using it in a tvbuff and shouldn't free it (even if the
next level of reassembly isn't complete, so that al_tvb is ultimately
null).
svn path=/trunk/; revision=13134
Use "guint16" instead of "u_int16_t", "guint8" instead of "u_int8_t",
and "guint" instead of "u_int", to handle platforms lacking the latter
types. Make "ppp_heuristic_guess()" reeturn a Boolean, as it just
returns a "yes or no" answer.
svn path=/trunk/; revision=13132
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
to the end of the tvbuff.
Don't return a value from "dissect_h4501()" - the value isn't used, and
"dissect_h4501()" is registered with "register_dissector()", so it's not
supposed to return a value.
svn path=/trunk/; revision=13104
as the description - some aim_tlv tables have NULL in the end-of-table
entry.
For those that don't, replace "Unknown" with NULL; "Unknown" is now
redundant.
svn path=/trunk/; revision=13084
layer byte in the reassembled data - including it means we have to pass
to "tvb_new_real_data()" a pointer to the *second* byte of a mallocated
chunk of data, but that would require us to have the free routine for
the new tvbuff back that pointer up before freeing it (we aren't doing
that currently, which means that "free()" either complains bitterly or,
potentially, corrupts the arena, causing crashes later).
Put in some XXX comments about some issues seen when looking at the
code.
svn path=/trunk/; revision=13083
Add a DISSECTOR_ASSERT() macro, which is the usual type of assertion
macro, but throws a DissectorError exception with a message giving the
flien and line number and the failed test as a string. Use that macro
in "alloc_field_info()".
Report that exception in the Info column and the protocol tree, as well
as logging the exception failure with g_warning().
svn path=/trunk/; revision=13078
16-bit unsigned value into it, but we might round it up to a multiple of
4 bytes, which could overflow a guint16. Make arguments corresponding
to them "int" as well.
Use the reported length in "cops_analyze_packetcable_mm_obj()".
svn path=/trunk/; revision=13075
don't dissect attributes if there aren't any;
put each attribute into a subtree;
register the dissector by name.
Use "match_strval()" to check whether the message type is a known STUN
message type, and to generate the message type for the Info column.
Don't use "tvb_bytes_exist()" to check when we run out of data - use the
length fields from the packet. Check the sanity of those lengths, too.
svn path=/trunk/; revision=13063
come directly from packet data, so don't abort if they define a sequence
of keycodes that goes past 255 - just report errors for the keycodes
past 255.
Clean up indentation.
svn path=/trunk/; revision=13059
the modifier name for every keycode, just give the modifier name once
and then show all the keycodes), and use "proto_item_append_text()"
rather than building a string.
Clean up white space.
svn path=/trunk/; revision=13057
updates and enhancements:
- Added Cookie and L2-Specific sublayer support via preferences dialog.
- Added carried payload dissecting support from draft-ietf-l2tpext-pwe3-*
and draft-townsley-l2tpv3-mpls-02.txt
- Completed missing message types (call types) and result codes for stopccn
and cdn.
- Fixed conditionals for avp_vendor_id (Vendor-Specific AVPs)
- Changed Pseudowire Capabilities List AVPs to use subtree instead of tab
- Added numeric value of result and error codes
- Added Session ID for v3 data packets and missing flags and reserved
- Added version to the L2TPv3 protocol tree
- Changed `Tunnel Id' to `Control Connection Id' for v3
- Fixed offset for ctrl_tree on L2TPv3 over UDP
- Added `L2TPv3' in the COL_PROTOCOL and fixed handling of L2TP version
svn path=/trunk/; revision=13055
that doesn't mean it's padding at the end of a previous item - it might,
for example, be the *first* item in the chunk. Don't treat it as
padding.
Do, however, treat an item that begins with a zero byte as an item, but
break out of the loop processing items as soon as the item type is put
into the protocol tree, as there's no length field or data in an
RTCP_SDES_END item. Fix the comment for that loop to indicate that the
loop checks both for end-of-frame and for an RTCP_SDES_END item.
svn path=/trunk/; revision=13040
- Fix partly wrong cause values in the gmm (found by Miklos Szurdi)
- Fix high/low nibble swap of the force to standby field (found by
Miklos Szurdi)
- Dissect all elements
svn path=/trunk/; revision=13030
Have the DLSw dissector reject packets with an unknown version field.
Leave out some more fields when dissecting Capability Exchange packets,
as they're not used in those packets.
Show numbers in hex when appropriate.
Show the individual subfields of the flow control and SSP flags fields.
Show the frame direction field with val_to_str(), and show the raw
value.
Clean up indentation.
svn path=/trunk/; revision=13019
Add VENDOR_IETF to <epan/sminmpec.h>, and add an entry for it to
sminmpec_values[], so that the L2TP dissector can use them rather than
defining its own copy of the private enterprise number values and table
- and make it do so.
svn path=/trunk/; revision=12999
and de-boilerplate another part of the comment.
Fix a test of "octet_aligned" that was setting it to false rather than
testing whether it was false.
svn path=/trunk/; revision=12996
Clean up indentation.
The signatures are 4-byte strings - treat them as such.
Don't hide fields - dissectors should show what all bytes, other than
perhaps padding bytes, are.
Don't use the tvb_format_text-ified versions of strings as the value -
Ethereal already deals with non-printable characters when displaying
them.
When creating a subset tvbuff that runs to the end of the parent, use -1
as the length, don't calculate the length ourselves.
Use "tvb_reported_length()", not "tvb_length()", in loops that parse the
entire packet.
svn path=/trunk/; revision=12986
o BGPv4 SAFI-Specific Attribute support
- draft-kapoor-nalawade-idr-bgp-ssa-00.txt
o Tunnel SAFI support for BGP
- draft-nalawade-kapoor-tunnel-safi-02.txt
o Small length fix
svn path=/trunk/; revision=12977
Use "format_text()" or "tvb_format_text()" with the %s format, to handle
non-printable characters.
When uncompressing data into a new tvbuff, add it to the list of data
sources as we do elsewhere.
When putting items into the protocol tree from an uncompressed tvbuff,
use the offset into the tvbuff and the length of the item.
Fetch string lengths into a variable and use the variable rather than
repeatedly fetching the length from a tvbuff.
Use -1 rather than tvb_length_remaining() when putting a "to the end of
the tvbuff" item into the protocol tree.
Use "proto_tree_add_item()" to put items into the tree, rather than
"proto_tree_add_xxx" calls with a "tvb_get_yyy" call as the argument.
If we've fetched a value into a variable, don't re-fetch it in
"proto_tree_add_xxx" calls.
svn path=/trunk/; revision=12971
can register an OUI, and PIDs for that OUI, in the same fashion that
they can do so for SNAP (after which the 802a OUI Extended Ethertype is
clearly modeled).
svn path=/trunk/; revision=12967
Don't assign the result of a routine that mallocates data to a const
pointer - that forces us to cast the pointer when freeing the data.
svn path=/trunk/; revision=12960
Also, move up the freeing of the tag string to immediately after we're
done with it, so we don't leak it if we throw an exception getting the
value.
svn path=/trunk/; revision=12953
the top-level item for the buddy name, rather than extracting the string
into a mallocated buffer (and not freeing it...).
Put all the code to put stuff into the protocol tree inside "if(tree)".
svn path=/trunk/; revision=12950
- add more data to the Info structure of the h225 taps.
- Fix the output to the Info Column
This patch is not complete, but statistics should basically work now.
svn path=/trunk/; revision=12948
match what "register_tap_listener()" expects (rather than squelching
warnings about the differences by casting function pointers to "void
*").
Make static some functions not used outside the module in which they're
defined.
svn path=/trunk/; revision=12913
const pointer (so that we don't get complaints when we make the
tap-specific data argument to "tap_queue_packet()" a const pointer,
allowing dissectors to hand const data to a tap without a complaint), we
should make the tap per-packet function take a const pointer as an
argument as well. Do so.
In some taps, use _U_, or actually use the argument, rather than
sticking in dummy "X = X" assignments to fake use of parameters. (This
means that the tap functions in question no longer have the notion that
they act on a particular static structure wired in.)
svn path=/trunk/; revision=12910
Don't assign the const pointers passed to hash routines to non-const
pointers.
In "zonenm_to_str()", don't assume there's a null terminator in the
packet - use "tvb_get_string()" so that the buffer into which it's
copied is explicitly null-terminated.
Put the Domain & Port into the protocol tree as a "0xXXXXXXXX" string,
rather than as a string with one blank in it.
svn path=/trunk/; revision=12909
Don't assign the const pointers passed to hash routines to non-const
pointers.
Don't use "tvb_get_ptr()" to get a pointer to a data structure, and
dereference that pointer - there's no guarantee that the structure in
question will be located on an appropriate boundary in the data from the
packet (regardless of whether it's properly aligned within the data for
the protocol being dissected).
Put the record length for an EFP request into the protocol tree.
Check the sanity of the payload length for that request.
In "zonenm_to_str()", don't assume there's a null terminator in the
packet - use "tvb_get_string()" so that the buffer into which it's
copied is explicitly null-terminated.
Put the Domain & Port into the protocol tree as a "0xXXXXXXXX" string,
rather than as a string with one blank in it.
svn path=/trunk/; revision=12905
Don't assign the const pointers passed to hash routines to non-const
pointers.
Don't assume that strings the spec says are null-terminated are
necessarily null-terminated in the packet - use "tvb_strsize()" to find
the length of the purported null-terminated string; it'll throw the
appropriate exception if no null is found.
svn path=/trunk/; revision=12904
Don't supply our own definition of AF_INET or our own declaration of
"inet_pton()" - use the system ones if they're available.
"mkipv4_address()" doesn't modify the string passed to it - make it a
const pointer.
svn path=/trunk/; revision=12894
"ip_to_str()" and "ip6_to_str()".
Check the length of items for IPv4 and IPv6 addresses before displaying
them as such.
svn path=/trunk/; revision=12893
pointers.
Now that "col_set_str()" takes a "const char *" as the second argument,
we don't have to cast away the constness of strings passed to it.
svn path=/trunk/; revision=12892
to resolve it to a name.
Fix up some const-pointer-to-non-const-pointer, and
function-pointer-to-void-*, conversions.
Fix some comments.
svn path=/trunk/; revision=12863
vendor-name-and-next-three-bytes-in-hex) resolution for Ethernet/802.x
hardware addresses.
Move the ARP hardware types into a header file, for use by dissectors
other than the ARP dissector.
svn path=/trunk/; revision=12839
least 3 - 2 for type+length and 1 for the tag - so treat a "tagged
string" field as bad if there isn't at least one byte of data. (It's a
bit odd that the RFC says that the tag must be in the range 0x01-0x1F -
that sounds suspiciously as if they're saying "printable characters
aren't valid tags", to allow untagged strings, which might suggest that
a field with a length of 2 should be interpreted as an empty string.)
svn path=/trunk/; revision=12817
Clean up indentation.
Add a comment asking whether the revision in an ACL is *really* 2 bytes
and the ACE count is *really* 4 bytes.
svn path=/trunk/; revision=12816
we do in several places into a subroutine. We need to do it also with the
4-byte time stamps that are dissected all over the place.
I had thought that that last unknown in the returned structure might be
a count of the number of clients that have the file open, but a simple test
suggests that that is not the case.
svn path=/trunk/; revision=12812
is >= 0 (if it's not, that's a bug), and make the buffer index and total
length variables int as well, to match the length.
svn path=/trunk/; revision=12811
case branches up, so the case branches are in the same order as the
elements of the enum are, and add length checks to RADIUS_TIMESTAMP and
RADIUS_INTEGER4_TAGGED.
svn path=/trunk/; revision=12810
we're fetching from the AVP.
In the case of a tagged string, if the length is 2 (meaning the data
length is 0), assume there's no tag.
svn path=/trunk/; revision=12808
conversations large enough to hold the maximum setup method size plus a
trailing '\0'. Make the maximum setup method size 7, so that when the
trailing '\0' is included the total array length is a power of 2. (The
longest string currently used is "Skinny", which fits in 7 characters).
This fixes problems in the RTP and RTCP dissectors similar to the one
found in the T.38 dissector.
Undo the previous change to packet-t38.c, as it's now safe to store in
method[MAX_T38_SETUP_METHOD_SIZE], because the array now has
MAX_T38_SETUP_METHOD_SIZE+1 characters.
(Should we use "strlcpy()", and supply our own "strlcpy()" if the system
and/or C library doesn't supply it? Its semantics are a bit cleaner
than those of the "strncpy()"/null-terminate idiom, perhaps making it
less likely that mistakes of this sort will be made.)
svn path=/trunk/; revision=12803
fix two instances of wrong parameter list to proto_tree_add_string_format()
if we call proto_tree_string() the hf field has to be of a string format as well.
now it dissects christophe's capture without dumping core but it looks weird.
mmse and telco people can read the specs and find ut what it wrong.
svn path=/trunk/; revision=12801
dissect packets containing that filter type.
Note that if a dissector for a particular operation fails, we should
stop dissecting rather than trying to dissect the controls.
svn path=/trunk/; revision=12786
another part of the PROFINET dissectors (PN-CBA, including a lot of generic DCOM dissection) still some work to be done ...
svn path=/trunk/; revision=12776
I.e. when a segment is seen that would (as far as ethereal can tell from the ACKs it has seen in the other direction) fill the window completely.
It is similar to but not exactly the same as the XeroWindow detection since there are many instances where ZeroWindow detection would not work (i.e. an ACK where win==0 since many many situations occur where the window is full but no zerowindowack is ever generated)
Someone that has good english could, please, update the Wiki with this option.
It is very very useful to spot performance issues where the tcp window size is too small to accomodate the enmd-to-end latency.
svn path=/trunk/; revision=12774
it will not solve the problem in the c06- testmenageri capture that
contains unknown types of ldap commands but it will at least
stop the ldap controls dissector from dumping core.
someone interested in ldap might want to look at those "unknown ldap packets"
in the trace.
svn path=/trunk/; revision=12773
This has the effect that if you have a capture file with a hole in it, sa say when snoop or similar stops capturing packets for a while while writing the data to disk you often end up with a packet just after the hole that is a response packet and which ethereal mistakenly matches with a request/response from before the hole.
now, when the first response is seen to a request remove the entry from the unmatched table so that no other response can match the same request.
svn path=/trunk/; revision=12770
so that it will track pdu boundaries properly
not tracking pdu boundaries caused pain since it would miss too many
commands
svn path=/trunk/; revision=12769
==============
packet-ocsp.c:191: error: static declaration of 'Version_vals' follows non-static declaration
packet-x509af.h:39: error: previous declaration of 'Version_vals' was here
packet-ocsp.c: In function 'dissect_ocsp_T_response':
packet-ocsp.c:398: warning: pointer targets in passing argument 5 of 'dissect_ber_identifier' differ in signedness
packet-ocsp.c:398: warning: pointer targets in passing argument 7 of 'dissect_ber_identifier' differ in signedness
make[4]: *** [packet-ocsp.lo] Error 1
==============
This fix is in the generated file only - please fix in the right
source file too.
svn path=/trunk/; revision=12751
part of the packet's data.
If a packet has a starting and ending frame delimiter - i.e., the
delimiter at the end is followed by another delimiter - consider the
ending delimiter part of the first packet's raw data.
svn path=/trunk/; revision=12749
framing, and put the raw packet and fragment data at that layer.
Add a common routine to dissect un-escaped PPP data that might have 0xff
0x03, and use it both for the raw PPP in HDLC-like framing and for
processing un-escaped data.
Check for an escape byte not followed by another byte (e.g., because the
packet is too short).
Handle the case where a chunk of that raw byte data doesn't begin with
0x7e, but starts with cruft from a previous PPP packet split across
lower-level packets.
svn path=/trunk/; revision=12741
regenerated all dissectors
fixed the choice/sequence struct to use unsigned entities for class and tag
(to reduce some compiler warning and because it should be signed quantities)
svn path=/trunk/; revision=12740
create some missing makefiles for autogenerated dissectors
finish the transition to the new ber integer dissetor helper signature
and regenerate all ber dissectors
svn path=/trunk/; revision=12724
GSM SMS fixes:
- Made Timezone view human readable based on 3GPP TS 23.040 V6.5.0 (9.2.3.11).
- TP-UDHI field - located within bit no 6 one more place was left over from
previous patch by Viorel Suman made on 9 Dec 2004.
svn path=/trunk/; revision=12718
The ACL parser will attempt to decode as many ACE structures as are
specified in the ACL structure. If the number of ACE structures is
sufficiently large with one of the ACE structures specifying a size of
0, then the ACL parser will parse that ACE structure repeatedly,
eventually causing a denial of service to Ethereal.
I've attached a diff against HEAD that corrects the problem. The diff
also corrects a few decoding errors in the NT ACL & ACE structures. A
pcap is attached that reproduces the problem.
svn path=/trunk/; revision=12706
Various GSM SMS fixes:
- Wrong positions of the fields, located within the first octet
of the GSM SMS TPDU.
- One byte is skipped during RP-ERROR vs. RP-ACK detecting:
Offset must be increased only when RP-ERROR is detected in
order to avoid one byte skipping.
- Improper dissect method is used to dissect SMS-DELIVER-REPORT.
svn path=/trunk/; revision=12703
The "if()" gets rid of one GCC warning, but adds another one - we could
leave the warning in place, as a reminder that the dissector needs to be
finished, or we could just tag the parameter with _U_ to suppress the
warning.
svn path=/trunk/; revision=12695