From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.
svn path=/trunk/; revision=34976
Add a configuration parameter of the NWG version for WiMAX ASN CP dissector.
The format and meaning of TLVs, as well as function types and messages changed
between the different NWG versions.
Added support for the version number of TLVs in the dictionary xml, its parser,
and of course in the packet itself.
Added support for the version number of function-types and message-types by
extending the value_string structure to contain also a "since" version number.
Successfully tested with a live capture and capture file, containing WiMAX ASN
packets (full Network entry).
Also fuzzed 500 passes successfully.
The XML doesn't contain all existing NWG versions, only selected ones. This is
a little tedious work to go over all TLVs of each version, so I'll add some
newer versions later on. can add a short how-to of adding a new version, for
others to use, if needed.
svn path=/trunk/; revision=34919
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
This patch adds support for displaying OPC UA ExtensionObjects.
An ExtensionObject is a mechanism to transport user defined structures as
serialized blobs. Some types of ExtensionObjects are already defined by the OPC
Foundation's OPC UA Specifications.
These types can be implemented by this dissector, because they are well-known.
Real user-defined or vendor-defined types are unlikely to be implemented by a
passive dissector, because this would require browsing of the UA server's
address space to retrieve the type information.
Currently only the following types are supported:
* DataChangeNotification
* EventNotification
Others OPC defined types will follow.
From me: fix warnings: "format not a string literal and no format arguments"
svn path=/trunk/; revision=34906
The attached patch adds many more DAAP codes to be parsed properly by the DAAP
dissector.
In addition, it fixes some prints.
svn path=/trunk/; revision=34899
The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
BACnet has a private transfer service which is vendor specific. The start of
each request and response contains the vendor identifier. I've added a way for
vendors to provide their own dissectors by registering their vendor identifier.
The packet-bacapp.c method fConfirmedPrivateTransfer has been modified to look
for a vendor specified dissector. If found it will be run. If not found we
default to running the standard dissection included in packet-bacapp.c.
I modified the summary column display for private transfer messages so that the
summary now displays the Vendor Identifier (V=xx) and the Service Number (SN=xx).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5250
From me: Rename sub-dissector tablle to "bacapp.vendor_identifier"
Change subdissector ui_name to "BACapp Vendor Identifier"
svn path=/trunk/; revision=34625
RFC 4447 describes new TLV called Generalised PWid FEC in LDP messages with the
id 0x81. This is related to PsuedoWire setup and maintenance.
Related to this, following are the TLVs which are defined in RFC 4447 and RFC 4446.
1. PW Status TLV
2. PW Interface parameters
3. PW Group TLV
From me: remove some unused variables; Mark fcn arg as unused.
svn path=/trunk/; revision=34606
It is a rework of PAP PPP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- add col_append_fstr to show information (Peer-ID, Password...)
svn path=/trunk/; revision=34604
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
The attached patch begins to add support for RPL to the ICMPv6 file. All
locations that RPL code have been added are marked with a comment allowing this
patch to be reverted at a future time if it is decided to e.g. move all the RPL
code to it's own dissector.
A few values await IANA assignment and are also clearly marked (in
packet-ipv6.h).
Only the 'metric' option is left unsupported, as it is primarily defined in
another I-D.
svn path=/trunk/; revision=34579
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
Hi a patch to enchance the PPTP Dissector
It is a rework of PPTP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- Replace not standard table and function by standard value_string
- ....
The code is checked and fuzzed (more 200 pass) ! with personnal PPTP Sample and
PPTP Sample from pcapr.net
svn path=/trunk/; revision=34504
The NFS dissector (all versions) show access types that have not been requested
to be checked as "not allowed" in the call and reply. This is incorrect and
misleading. At present one must manually compare what was requested in order
to assess if access was actually denied for that type. When there are hundreds
or thousands of these ACCESS requests in a capture, it is not possible or
practical to manually check each one.
The submitted patch does the following:
* Passes the access mask in the call to the reply for comparison
* Adds filterable fields for each supported (v4) and access type
* Adds a pseudo field, nfs.access_denied
* Lists the access types to be checked in the summary and tree
* Separately lists the supported, denied, and allowed access types in the
summary and tree
The changes are applied to all NFS versions.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34141
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5051
From me:
- Move proto_register... and proto_reg_handoff.. to the end of the file;
- Define a function as static;
- Minor reformatting and whitespace cleanup.
svn path=/trunk/; revision=33747
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
From me: A few minor changes:
- col-clear() not req'd;
- Use 'gint32 length' rather than 'guint8 length';
- Use ENC_NA instead of FALSE/TRUE in two cases;
- Move global tdmoe_handle to be local to proto_reg_handoff...
svn path=/trunk/; revision=33307
This functionality keeps track of all SMB objects contained in a capture,
and is able to export to a file a full or partial captured file that has
been transfered through the SMB protocol. In a partial capture, the holes
produced by the non-captured information are filled out with zeros.
It includes the needed modifications of the SMB dissector in the way it keeps
track of the opened SMB files and also to feed the eo_smb tap listener.
svn path=/trunk/; revision=33227