Instead of overflowing an unsigned int when determining the number of
items in a range, use a signed int and check for a negative value. Make
sure our offset increments as we step through each item. This should
avoid large/inifinite loops.
Fix the size of hf_dnp3_al_range_stop32.
svn path=/trunk/; revision=22811
packet-netflow.c is lack of the capability to decode ipv6 address related fields in netflow v9.
This patch enables dissecting the following fields:
Type 27 IPV6_SRC_ADDR,
Type 28 IPV6_DST_ADDR,
Type 29 IPV6_SRC_MASK,
Type 30 IPV6_DST_MASK and
Type 62 IPV6_NEXT_HOP.
svn path=/trunk/; revision=22793
use g_hash_table_new() on gtk1 and leak memory instead
this should actually a be using an se_tree instead of hashtables
svn path=/trunk/; revision=22789
This patch adds a new feature to dissect HSRPv2 packets.
One of the main features of HSRPv2 can enable using HSRP on IPv6. In order to
achieve this new feature, HSRPv2 packet format is totally different from
HSRPv1. HSRPv2 introduces new TLV formats.
This patch can decode these new formats of HSPRv2.
svn path=/trunk/; revision=22781
RTP analysis' jitter values are thrown off by RTP events
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1076
a) Ephemeral string (packet duration) was inserted into long-term hash of
dynamic payloads
b) There was no clock_rate mapping for MIME type "telephone-event".
svn path=/trunk/; revision=22780
tvb_reported_length_remaining(), not by tvb_length_remaining() -
tvb_length_remaining() shows only the amount of *captured* data
remaining, but the capture might have been done with a snapshot length
that cut the packet data short.
The payload length from the PPPoE header could legitimately be different
from the actual length of the PPPoE payload if there's not enough PPPoE
payload to avoid padding at the E(thernet) level. Only complain if
there shouldn't have been any padding.
Report an "expert" warning if the payload length looks wrong.
Update a comment to reflect current reality (as of many many years ago,
when we went all-tvbuff).
svn path=/trunk/; revision=22770
Fix for bug 1807. This patch corrects the decoding of the NotificationParameters.
I fuzz tested with these and other captures (Pass > 100).
svn path=/trunk/; revision=22766
not a lost packet but the tcp ports are being reused. This is often
seen in load-balanced environments where client ports are preserved
on the server-side.
We only want to report port reusage once, so the SYN/ACK is excluded
from TCP_SEQ analysis.
svn path=/trunk/; revision=22762
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
- Added ASN.1 integer values for StandardExtension, ExtensionAttributeType
and TokenDataType.
- Added expert info for unknown standard-extension, extension-attribute-type
and tokendata-type.
- Added expert info for unknown built-in content-type.
svn path=/trunk/; revision=22730
- As noted by Thomas Anders values are not added to the tree anymore. Move the calling of subdissectors to the end of the function, so that the value is added to the tree.
- add port 8161 to be decoded as SNMP (hey, it's on IANA's services file!)
UAT:
- do not have the uat reloaded.
OIDS:
- do not complain if renaming an OID to an identical name
svn path=/trunk/; revision=22704
rename dcerpc_smb_fetch_pol to dcerpc_fetch_polhnd_data and also make
it take an additional parameter to return the "type" of the policy
handle, if such a type was stored.
extend the pol_value structure used to track policy handles to also
store a type to represent what created the policy handle
types could be USER/ALIAS/CONNECT/... etc handles returned from the
SAMR interface
add a new helper function dcerpc_store_polhnd_type()
track policy handles between request/responses for dcerpc
update the samr.cnf file to make the samr dissectors for
SetSecurity/QuerySecurity dissect the specific bits for the security
descriptor correctly based on whether the policy handle refers to a
CONNECT/DOMAIN/USER/ALIAS or GROUP
svn path=/trunk/; revision=22703
- reimplement the "snmp.variable_oid" dissector table
- oids.[ch]
- get rid of keytype_implicit in oid_value_type_t we won't use it.
- have the windows base path for mibs be consistent to where we've put the mibs
- oid_get_from_encoded() and oid_get_from_string(): have the subids array being computed in a prior statement of where the side-effected argument is going to be used... worked on gcc, not on windows... I deserve "have daemons flying out of my nose" for that :-).
svn path=/trunk/; revision=22684
Place two DISSECTOR_ASSERT() guards to avoid an (I believe impossible) buffer overflow of the ep_allocated subid array in oid_string2subid() and oid_encoded2subid().
svn path=/trunk/; revision=22656
1. Priority field decode.
The 802.1q tag field of a frame is separated from its frame body in
a ERSPAN packet.
Current packet-cisco-erspan.c decodes only the vlan id field of the
802.1q tag.
This patch can also decode the priority field of the 802.1q tag.
2. Direction of a captured frame decode.
A ERSPAN packet includes the additional information of the direction
a captured frame as below.
If a caputred frame comes from outside to a switch port, this means an
'Incoming' frame. If a caputred frame goes out of a switch port,
this is an 'Outgoing' frame.
Added an extra unknown value for the bit between direction and spanid.
svn path=/trunk/; revision=22649
- Decodes all valid Restart Signaling CLVs
- The restart flags are now shown in a tree and have display filters for them
- The Remaining hold time field now has a display filter
- The Restarting Neighbor Id field is now decoded
- Corrected another CLV decoder that assumed the length of a system ID was 6
and hard coded that value instead of using the id_length variable
Rearranged the Restart Signaling Flags to show the most significant bit first
svn path=/trunk/; revision=22646
Stig Bjørlykke