I would like to handle the rare situation of Little Endian encoded
IP addresses, so i added a function which reads the address with
tvb_get_ipv4(), then swaps the bytes before SET_ADDRESS().
svn path=/trunk/; revision=21397
- Break out and display A-MSDUs
- HT Control field (currently disabled)
- Action No Ack
- HT Information IE
- HT Capability IE
- Block Ack Request
- Secondary Channel Offset Tag
- Measurement Request Tag
- Measurement Report Tag
...along with a bunch of other updates, including displaying the
type/subtype as a hex value (first nibble: type, second nibble: subtype).
svn path=/trunk/; revision=21391
New dissector support, SHIM6
checked in with the following modifications :
- use of proto_tree_add_item whenever possible (addition of several hf_items),
- use distinct subtree idx for each subtree,
- addition of some subtrees,
- split shim_opts in several functions,
- accurate incrementation of offset in locator preferences (in case of option length > 3)
- add true_false_string for critical options and protocol differentiation (hip, shim6)
- add ipv6.shim6.checkksum_good, ipv6.shim6.checkksum_bad, cksum expert info
section added to AUTHORS
svn path=/trunk/; revision=21390
This patch adds an option to IEEE 802.11 to ignore the wep bit with IV,
as mentioned in
http://www.wireshark.org/lists/wireshark-dev/200704/msg00021.html
I also fixed a bug where the packet is dissected different in the Packet
List with and without "Colorize Packet List" (actually when dissecting
with and without "tree"). Try toggling "Colorize Packet List" with my
previous posted ieee80211-wep.pcap without this patch to see the bug.
The patch is tested on OSX.
svn path=/trunk/; revision=21384
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1377
and complaints to the mailing list that a bogus (empty or non-ASCII contents)
dialog box was popped up when getting the list of interfaces. The problem was
that 'get_airpcap_interface_list()' wasn't setting the returned error value
when it found that AirPcap was not loaded. If whatever was in that variable
happened to be 1 when a non-AirPcap user requested the list of interfaces
then the bogus dialog would show up.
svn path=/trunk/; revision=21380
- changed dissect_ssl2_hnd_client_hello to use hf_ssl_handshake_version instead
of hf_ssl_record_version. SSLv2 client hello's did not display when the filter
ssl.handshake.version == 0x0002 was used, only SSLv2 server hello's were
displayed. Now they are both displayed
- Added generated hf_ssl_record_version to SSLv2 handshake. Since the SSLv2
does not include a record layer version field (unlike SSLv3), this field is
generated so that all packets with a SSLv2 record layer can be filtered out.
[this is actually what bug 1503 was all about]
svn path=/trunk/; revision=21373
wireshark SHOULD be able to filter on multiple hf's with the
same field-name, BUT there is a little bug in the code. I have pinpointed it to
the following in epan/dfilter/dfvm.c:
...
It actually loops through all the hf's with the same name, but only checks
against the original (first) hf.
svn path=/trunk/; revision=21372
remaining that I'm not sure exactly what to do with at the moment:
the one in packet-frame probably should be there, the others probably
shouldn't but they also should never fail unless there's a compile or build
problem (AFAICS).
svn path=/trunk/; revision=21367