A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
strings, and note that, for older AFP clients and servers, we might need
a way to say to use some Mac encoding instead.
Use tvb_strsize() rather than tvb_get_ephemeral_stringz() to just get
the length of a null-terminated string.
Use FT_GUID for UUIDs.
The low-order bit in the MessageBitmap in the FPGetSrvrMsg reply does
not, at least according to the current AFP spec, specify whether there's
a message at all, it specifies whether it's a server message or a login
message. The spec *does* now mention the "message is UTF-8" bit; use
it.
Fix a blurb.
svn path=/trunk/; revision=39063
- Don't use 'l' as a variable name;
- Use 'tvb_strsize();proto_tree_add_item();' iso 'tvb_get_ephemeral_stringz(); proto_tree_add_string();'
- Use ENC_NA/ENC_BIG_ENDIAN iso FALSE as appropriate for proto_tree_add_item().
svn path=/trunk/; revision=39047
proto_tree_add_item() calls.
For strings, add ENC_UTF_8. (Yes, the byte order is irrelevant for
those - but they should arguably be FT_UINT_STRING, as they're counted
strings, and the byte order *is* relevant for FT_UINT_STRING.)
svn path=/trunk/; revision=39041
"The PostgreSQL dissector do not fully support the frontend StartupMessage (see
"StartupMessage" in
http://developer.postgresql.org/pgdocs/postgres/protocol-message-formats.html).
The couples parameter name/parameter value in this kind of message are reported
as a block of text ("name: value") by the dissector whereas reporting them as
parameter name/parameter value would be more appropriate.
I've fixed it, so now the username and the database sent by the frontend can be
handled in, for instance, the CSV output of TShark.
I've also added a "val_count" field to contain the number of values (row
descriptions or row data) included in RowDescription/DataRow messages. This
information is useful when analyzing the CSV of TShark since in a CSV row, many
row descriptions or row data may be packed together."
Patch changes from me:
- No need to fetch ephemeral string anymore so just use tvb_strsize()
to get string length;
- Change field-filtername from pgsql.val.count to pgsql.field.count
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6343
svn path=/trunk/; revision=39030
If the GAS Query Request/Response Length field is incorrect, the
dissector function may return a value that is larger than the remaining
packet buffer. This results in a Tagged parameters item being added with
-1 byte length since tvb_reported_length_remaining() reports -1 once the
offset goes beyond the end of the packet. Clicking on that item results
in Wireshark dying on Gtk-ERROR. Note: this does not show up in tshark
and as such, cannot apparently be triggered with fuzz-test.sh.
Fix this by refusing to dissect GAS frames that have too large length
field value. In addition, verify that tvb_reported_length_remaining() is
returning a value larger than 0 instead of non-zero (which could be -1)
to make the IEEE 802.11 dissector more robust against this type of
issues.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6345
svn path=/trunk/; revision=39024
- Dissect ANQP Network Authentication Type
- Dissect ANQP Domain Name List
- Dissect Interworking element
- Dissect Roaming Consortium element
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39023
Graeme Lunt