also change one (of several:-( ) arrays to be accessed through accessor functions so proper bounds checking is done.
there are many other inbstances of arrays in this dissector that are accessed with no proper bounds checking and the same thing should be done for them
svn path=/trunk/; revision=16891
Hi list,
On the Ethereal Wiki is a CDP capture of a Broadcom BCM1100 VoIP chipset.
It has a power consumption TLV, which was not yet dissected. The attached
patch does that.
svn path=/trunk/; revision=16890
make the dissection of the ACL check the type for each individual ACE and only dissect as access mask and sid those ACEs we know how to handle.
this prevents ethereal from dumping on w32 if we encounter any of these "special" ACE entries, such as the ones used for storing location data for offline files.
svn path=/trunk/; revision=16881
- Better nameing of tfs_ arrays
- Name and dissect "version" field (previously unknown)
- Name and dissect "add tag scheme" (previously unknown)
- Add lots of comments about meanings in the port data
- The first byte in the set command is probably some salt value
svn path=/trunk/; revision=16871
Taking a random dissector from the list on the Wiki I picked packet-enip.c. Nothing wrong with this one, I still ememified it.
From Bart Braem:
packet-mip.c does not have support for all registration denials by the foreign agent, code 77 was left out. The attached patch fixes that.
svn path=/trunk/; revision=16868
Fix a memory leak found by valgrind:
Although dir isn't a directory it may still use memory
packet-xml.c:
Reformat the relevant function in packet-xml.c to be readable on systems
where a tab is 8 spaces.
svn path=/trunk/; revision=16865
Three patches here:
eth-ed-2.diff
-------------
1) The handling of HashSet Answer messages was wrong
2) Add dissection of some more eMule extension packets to do with
error recovery
eth-bt-1.diff
-------------
New versions of the Azureus BitTorrent client implement a new extension to the protocol, which is effectively a text based encapsulation of the binary BitTorrent protocol, embedded within the BitTorrent protocol. Who knows why they thought that was a good idea, but this patch can pick apart their new headers.
eth-bt-2.diff
-------------
By registering a normal dissector as well as the heuristic one, BitTorrent shows up on the Decode As... list so you can manually override its mistake.
svn path=/trunk/; revision=16856
- New Dissector Novell Cluster Services
1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"
svn path=/trunk/; revision=16844
This idl file is required by wkssvc.idl since wkssvc references Platform_id
There are still some minor changes required for pidl to prettify the output for both wkssvc and srvsvc before these two dissectors should be used.
note that this idl is significantly different from the samba4 idl since it contains all the additional functions and structures the handwritten dissector has that is lacking from s4 idl.
it is expected that s4 will take up the authorative version of this idl soon so there will only be one master copy of this idl.
svn path=/trunk/; revision=16831
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
svn path=/trunk/; revision=16828
"preferences/mtp3 must be changed accordingly (it is explicitly indicated that the "network address format" is ..."
Change the text and som names.
svn path=/trunk/; revision=16827
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.
-packet-ieee80211.c
Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.
-From Kan Sasaki
A patch for packet-ospf.c is attached:
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
- lldp Bugfix Bug 596 LLDP TIA Network Policy Decode is not correct
- Camel make it possible to dissect based on OID.
svn path=/trunk/; revision=16822
This patch adds support for draft-nguyen-ospf-lls-05.txt, draft-nguyen-ospf-oob-resync-05.txt and draft-nguyen-ospf-restart-05.txt. These are an alternative way to do OSPF graceful restart.
These drafts are implemented by cisco and several other vendors that want to interoperate with cisco. My patch adds a dissectors for LLS TLVs.
I had to modify the existing ospf dissector as it assumed that all the data after IP header is OSPF packet. This is not true anymore and probably was not true before as well.
Also please find attached an example of OSPF packets with LLS data blocks.
--
svn path=/trunk/; revision=16818
* DOP - This has now been successfully tested and so is now enabled by default and workaround code removed.
Also now uses the correct EXPORTs from the other modules/dissectors.
* X509SAT - Most of the selected attributes are now supported in addition to the DirectoryString syntax attributes. This includes restoring the correct DirectoryString syntax and also providing the basic syntaxes (e.g. OBJECT IDENTIFIER, PrintableString). The latter requires a sed line in the Makefile which I assume should be OK? Not all the SAT can be defined in x509sat - so some have been included in x509if and x509af - though x509sat.cnf contains the master list and references the other dissectors where appropriate.
(I still prefer a syntax registration approach but I don't think that is going to be agreed in the short term.)
* X509IF - a mechanism to register some formating, based upon the hf_index, that is used in the cnf file.
* A couple of fixes identified by Stig.
svn path=/trunk/; revision=16814
Patch for COTP reassembly.
There does not seem to be any reasonable or cleaner way to fix COTP
reassembly than adding the frame.[ch] patch.
svn path=/trunk/; revision=16813
Make the dissector new-style and add simple (better than nothing) heuristics so that it can reject some packets that are obviously not modbus.
change the constants to upper case
the horrors:
replace two instances where tvb_memcpy() were used to read straight into a structure to instead read the structure field by field using tvb_get_...()
This may allow the modbus dissector to actually work.
svn path=/trunk/; revision=16811
dissect (so that we report a packet cut short by the snapshot length).
Get rid of an unused variable..
As we restore "pinfo->fragmented" from "save_fragmented" regardless of
whether we're defragmenting or not, we have to save its previous value
in "save_fragmented" regardless of whether we're defragmenting or not.
svn path=/trunk/; revision=16808
> Two patch files are attached adding UDP-Lite dissection to the UDP
> dissector. Wiki page is available at the normal location, including
> sample captures courtesy of Gerrit Renker of the University of
> Aberdeen Electronics Research Group. The patch has been tested with
> both the sample captures and Fuzz test.
And add Marc Petit-Huguenin to AUTHORS
svn path=/trunk/; revision=16801
This is a patch that add support for the latest drafts[1] in the STUN dissectors. I choose to add TURN directly in the STUN dissector instead of creating a new dissector because of the decision at the latest IETF meeting[2] to redefine TURN as an use case of STUN.
[1] ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-behave-rfc3489bis-02.txt
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-rosenberg-midcom-turn-08.txt
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-camarillo-midcom-turn-ipv6-00.txt
[2] http://www3.ietf.org/proceedings/05nov/minutes/behave.txt
svn path=/trunk/; revision=16797
same, and have only one bit set, "(a & b) == c", which is what is
intended, is the same as "a & b".
In addition, we don't want to do desegmentation if "isup_apm_desegment"
isn't set, so that test should be ANDed with the other two tests.
svn path=/trunk/; revision=16792
means "a & (b != c)", not "(a & b) != c".
Put in a comment noting a potential problem with defragmentation,
pointed out by a compiler warning that apm_Segmentation_local_ref might
not be set before it's used.
svn path=/trunk/; revision=16779
Catch a TypeError that gets thrown if we don't use any conversion
specifiers during string formatting.
H.248:
Don't dereference a null pointer. Fixes bug 626.
svn path=/trunk/; revision=16773
-add codepoint to name resolution for Juniper IFMT, IFLE extension TLVs
-bugfix: DLT_JUNIPER_PPP, correct the calculate offset for PPP payload
-bugfix: DLT_JUNIPER_CHDLC, add CHDLC handler
-bugfix: add a more flexible TLV value extraction function which
does not bail if the assumed TLV length does not match
svn path=/trunk/; revision=16764
(http://yersinia.sourceforge.net/index.html)
by Alfredo Andres and David Barroso. There's more information to be put
into Ethereal but it's a start.
svn path=/trunk/; revision=16756
fields as BASE_DEC; bitmaps are typically displayed in hex in Ethereal,
so it should generate BASE_HEX instead. (Submitted to
bugzilla.samba.org as bug 3313.)
A couple of the IDL files use "unistr"; define it as "[string] uint16",
so that the resulting dissectors work correctly.
Regenerate dissectors.
svn path=/trunk/; revision=16754
For OID fields of type FT_STRING, put back the code to append the OID
name. (Ultimately, we should probably convert them all to type FT_OID.)
svn path=/trunk/; revision=16734
bytes you'll be checking are available in the tvbuff first.
Don't require *all* of the packet data to be available, however.
Heuristic dissectors should return TRUE or FALSE. Non-heuristic
"new-style" dissectors should return the amount of data dissected or 0.
svn path=/trunk/; revision=16733
Fix a few problems.
CIGI 1 and 2 are only big-endian; CIGI 3 can be little-endian or
big-endian.
Remove the port preferences.
svn path=/trunk/; revision=16730
Log:
From Grame Lunt:
updated X.500 dissectors to include DOP support.
The "dop" dissector is the renamed "x501" dissector consequently the asn/x501 directory should be removed. The patch includes the changes to epan/dissectors/Makefile.common to reflect this.
As the DOP dissection is not fully tested, I have disabled it by default for now (like DSP) but it can be enabled by the user.
svn path=/trunk/; revision=16727
tipc: First stab at reassembly, as tipc reasembly is based on reading the message length from the first segmented packet and then just add the bytes received I didn't find a better way of doing it.
svn path=/trunk/; revision=16724
If known put the account name, domain name, host name and which frame the suer authenticated in in an expansion below UID in the SMB2 header
svn path=/trunk/; revision=16723
"tvb_get_string()"?
Why even bother with "tvb_get_string()" when you can just use
"proto_tree_add_item()" with a string item?
Make sure that the prefix in a PRIV item isn't bigger than the item
itself. That fixes bug 603.
svn path=/trunk/; revision=16716
Gate X and Y Offset are 16-bit integral numbers of degrees, not 32-bit
IEEE floating-point numbers, and the numbers in collision detection
segment definitions and collision detection volume definitions are
16-bit fixed-point numbers, not 32-bit IEEE floating-point numbers;
handle them as such - this fixes bug 605.
When displaying the packet length in the Info column, display the *real*
length, not the sliced length.
svn path=/trunk/; revision=16714
Hi, Some tiddly changes: pppoe- don't create an empty discovery tags tree when the payload length is 0 chap- make chap.value work as a filterable field rtcp- append the packet type to the protocol tree name
svn path=/trunk/; revision=16712
Hi,
The attached patch fixes the name of the version field, which I
previously mistook for an authorization cookie (which is in fact in a
TLV that follows this field).
svn path=/trunk/; revision=16711
a patch for the X.411, X420 and CMS dissectors to implement the remaining heading extensions and bodyparts.
This includes GeneralText BP, forwarded content BP (forwarded p22 and forwarded p772), PKCS#7 BP, and "business class" messaging extensions.
The X.411 extensions using the SIGNATURE macro have also been implemented. There is also a fix for a bug in the dissection of integer 22 content type.
Graeme
svn path=/trunk/; revision=16689
New protocol : CIGI (with minor updates to make it heuristic)
Hi,
This patch is for a CIGI dissector (complete versions 2 and 3). It has
been [fuzz] tested on GNU/Linux using the Ethereal 0.10.13 codebase.
However, the patch here is against the svn repository.
More information about CIGI can be found at http://cigi.sourceforge.net/
Kyle Harms
svn path=/trunk/; revision=16681
the generated dissector is still "ugly" compared to the handwritten one so there needs a bit of conformance file magic and maybe pidl enhancements before it can go in.
svn path=/trunk/; revision=16651
Gsmmap - Export asn1 structs used by Camel
Camel - Use functions from GSMMAp and ISUP
INAP - Rewrite of the asn1 code to correspond more to CS1 data types
Let ISUP and Q931 dissect apropriate stuff.
svn path=/trunk/; revision=16624
up front and realloc once ...
This will probably be the last changes I make on this dissector, as I want to
concentrate on using asn2eth for LDAP, as time permits.
svn path=/trunk/; revision=16619
Don't fetch CHAP fields until we need them, so that we can at least
partially dissect a short frame.
Even if the CHAP length is wrong, put it into the protocol tree using
the registered field.
Use "tvb_format_text()" to put text into the Info column, so we handle
non-printable characters by escaping them.
svn path=/trunk/; revision=16616