The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
BACnet has a private transfer service which is vendor specific. The start of
each request and response contains the vendor identifier. I've added a way for
vendors to provide their own dissectors by registering their vendor identifier.
The packet-bacapp.c method fConfirmedPrivateTransfer has been modified to look
for a vendor specified dissector. If found it will be run. If not found we
default to running the standard dissection included in packet-bacapp.c.
I modified the summary column display for private transfer messages so that the
summary now displays the Vendor Identifier (V=xx) and the Service Number (SN=xx).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5250
From me: Rename sub-dissector tablle to "bacapp.vendor_identifier"
Change subdissector ui_name to "BACapp Vendor Identifier"
svn path=/trunk/; revision=34625
RFC 4447 describes new TLV called Generalised PWid FEC in LDP messages with the
id 0x81. This is related to PsuedoWire setup and maintenance.
Related to this, following are the TLVs which are defined in RFC 4447 and RFC 4446.
1. PW Status TLV
2. PW Interface parameters
3. PW Group TLV
From me: remove some unused variables; Mark fcn arg as unused.
svn path=/trunk/; revision=34606
It is a rework of PAP PPP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- add col_append_fstr to show information (Peer-ID, Password...)
svn path=/trunk/; revision=34604
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
The attached patch begins to add support for RPL to the ICMPv6 file. All
locations that RPL code have been added are marked with a comment allowing this
patch to be reverted at a future time if it is decided to e.g. move all the RPL
code to it's own dissector.
A few values await IANA assignment and are also clearly marked (in
packet-ipv6.h).
Only the 'metric' option is left unsupported, as it is primarily defined in
another I-D.
svn path=/trunk/; revision=34579
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
Hi a patch to enchance the PPTP Dissector
It is a rework of PPTP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- Replace not standard table and function by standard value_string
- ....
The code is checked and fuzzed (more 200 pass) ! with personnal PPTP Sample and
PPTP Sample from pcapr.net
svn path=/trunk/; revision=34504
The NFS dissector (all versions) show access types that have not been requested
to be checked as "not allowed" in the call and reply. This is incorrect and
misleading. At present one must manually compare what was requested in order
to assess if access was actually denied for that type. When there are hundreds
or thousands of these ACCESS requests in a capture, it is not possible or
practical to manually check each one.
The submitted patch does the following:
* Passes the access mask in the call to the reply for comparison
* Adds filterable fields for each supported (v4) and access type
* Adds a pseudo field, nfs.access_denied
* Lists the access types to be checked in the summary and tree
* Separately lists the supported, denied, and allowed access types in the
summary and tree
The changes are applied to all NFS versions.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34141
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5051
From me:
- Move proto_register... and proto_reg_handoff.. to the end of the file;
- Define a function as static;
- Minor reformatting and whitespace cleanup.
svn path=/trunk/; revision=33747
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
From me: A few minor changes:
- col-clear() not req'd;
- Use 'gint32 length' rather than 'guint8 length';
- Use ENC_NA instead of FALSE/TRUE in two cases;
- Move global tdmoe_handle to be local to proto_reg_handoff...
svn path=/trunk/; revision=33307
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227
Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
The wireless meshing protocol B.A.T.M.A.N. Advanced changed their packet format
in such a way that now versions can be identified and so correct dissection of
the packets can be supported by wireshark.
Since it is a ever moving target it is very possible that the packet format is
changing slightly. The dissector was written in such a way that new version can
be supported relative easy.
I hope that it sufficient for the inclusion in wireshark.
I tried to fuzzing it some hours and no error was reported.
From me:
Initialize our dissector handles.
Merge packet-batadv.h into packet-batadv.c. It isn't included anywhere else.
Fuzz 500 passes using attached capture files.
svn path=/trunk/; revision=33052
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
This is an extension to the Wireshark context sensitive protocol help. Rows in
TreeView window are analyzed and suitable help file (as HTML) is opened in a
browser.
The help part (large file, 23 MB) of the Protocol Help can be downloaded under
www.inacon.com/dowload/stuff/protocol_help.tar.gz
This protocol help "light" provides descriptive content for the most frequently
used standard protocols, including IP, TCP or SMTP.
From me:
Changes:
Rename "ph_" in some function names to "proto_help_". Move the protocol
help code to its own module.
Make a bunch of functions static. Remove unused code.
Use browser_open_url() instead of a custom function.
Increase the logging levels. Don't clobber the normal log handler.
Update some Doxygen comments to match the format in the rest of the code
base.
Removed GTK version checks. We've been 2.x only for a while.
Move ph_replace_string to string_replace() in epan/strutil.[ch].
Fix a bunch of memory leaks.
Add a NULL pointer check.
Reformat the overview menu label.
Document the file format and locations.
Add Edgar to AUTHORS.
svn path=/trunk/; revision=32995
Call the various flavors of OS X integration just "OS X integration",
not anything with "IGE" in it - it appears that, in some places,
"ige-mac-integration" refers only to the older Carbon-based functions,
although the library still appears to be called -ligemacintegration.
Update the URLs for the information about the OS X integration
libraries.
Clean up help message for --with-pcap-remote.
Clean up white space a bit.
Speaking of white space, it's "Mac OS X", not "MacOS X".
svn path=/trunk/; revision=32941