Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
headers.
Fix capture_radiotap() to check for padding between the 802.11 header
and the 802.11 payload and to call different capture routines depending
on whether it's present or not, and create capture_ieee80211_datapad()
to handle the case where it's present.
Fix capture_radiotap() to convert the Radiotap header length from
little-endian, and to do some sanity checking of that length.
Fix capture_ieee80211_common() to use the offset supplied to it to fetch
the frame control field, as that offset isn't necessarily 0.
svn path=/trunk/; revision=17083
1. Fix a bug in caclulating the 802.11 header length for QoS
data frames (way bad regression from previous code).
2. Add support for packets w/ data padding between the 802.11
header and the payload (as indicated in the radiotap flags).
3. Add support for handling FCS indication in the radiotap
flags.
4. Fix display of TSF (previous code was not byte swapping).
5. Update ieee80211_mhz2ieee in radiotap.c to handle more
channels.
6. Nuke some #if 0 code I left in radiotap.c a while back.
Also, clean up the various macros that extract stuff from 802.11 header
fields or define bitfields within those header fields:
group them by the fields from which they extract and the values
they extract, or the header fields to which they belong;
get rid of some of the COOK_ in the names - COOK_ really doesn't
indicate anything useful, such as the field from which they're
extracting (we should get rid of the rest);
put in some more comments explaining what they do;
get rid of some unused macros;
get rid of some values that aren't flag values - they're values
to test whether something's a data frame with a particular byte
set in the subtype field, but they're only used on data frames,
so we only need to test the bit in question, so we define macros
to test the bit and name them to indicate that they're for use
on data frames.
Consistently use "CF-Ack" and "CF-Poll" in the strings for various data
frame type/subtype values, and get rid of "802.11" (it should be obvious
to one and all that this is 802.11...).
Comment out some variables used only in commented-out code.
Get rid of some unused variables.
Fix up one "proto_tree_add_text()" call where the format string didn't
match the arguments.
svn path=/trunk/; revision=17080
This patch for the STUN dissector fixes a bug (wrong value for DATA_INDICATION attribute) and adds the decoding of IPv6 address in attributes.
svn path=/trunk/; revision=17078
add a check to fragment_add_common() if the given tvb parameters are ok, otherwise throw a DissectorError
add some more symbols to libethereal.def
svn path=/trunk/; revision=17073
This can't be done in every error throwing case, as e.g. throwing a ReportedBoundsError might happen a lot even if no bugs are involved. Anyway, extending this to other errors can be done manually while debugging.
svn path=/trunk/; revision=17072
This way we (hopefully) can continue dissecting with the next packet, even if a more serious exception had occured, e.g. a memory access violation or a divide by zero exception.
Obviously, not all problems solved, as SEH won't protect us from other problems, e.g. endless loops and such
svn path=/trunk/; revision=17070
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
This fixes bug 523, but exposes more of bug 658.
The TACACS and SDP dissectors don't call inet_aton(), so don't include it.
svn path=/trunk/; revision=17056
separate buffer. Fixes the current Buildbot failure.
Don't let the sprint_realloc_* functions reallocate ep_allocated memory.
Add comments warning against this in the future.
In emem.c, make sure we don't use an extra 100k every stinkin' time
someone wants to allocate memory when debugging is enabled.
Fixup whitespace.
svn path=/trunk/; revision=17051
packet-wccp.c: Fix incorrect use of g_snprintf return
packet-cops.c: Fix incorrect use of g_snprintf return value
packet-wtp.c: Fix incorrect use of g_snprintf return value
svn path=/trunk/; revision=17046
- Beginning of incorrect g_snprintf retval ussage fixes
- Make qbss station count a byte again until we know
whether the count is a 2 byte le value instead
svn path=/trunk/; revision=17045
packet-ntp.c: Rather confused and incorrect use of g_snprintf return value
packet-pim.c: whitespace change
packet-icmpv6.c: g_snprintf takes trailing \0 into account, fix off by 1 error
packet-clnp.c: Fix incorrect use of g_snprintf return value
packet-isakmp.c: g_snprintf takes trailing \0 into account
packet-tr.c: Fix incorrect use of g_snprintf return value
packet-radius.c: Fix incorrect use of g_snprintf return value
packet-radius.h: constify a string variable
packet-ldap.c: The return value isn't needed, so don't use it incorrectly
packet-tcp.c: Fix incorrect use of g_snprintf return value
packet-windows-common.c: Remove unneeded DISSECTOR_ASSERT
packet-smb-sidsnooping.c: g_snprintf takes trailing \0 into account
packet-pvfs2.c: g_snprintf takes trailing \0 into account
packet-ptp.c: Remove #include snprintf
packet-ppp.c: Fix incorrect use of g_snprintf return value
packet-ospf.c: Fix incorrect use of g_snprintf return value
packet-mip6.c: snprintf -> g_snprintf
packet-bootp.c: Remove a commented out bad use of g_snprintf
packet-ber.c: snprintf -> g_snprintf, g_snprintf takes trailing \0 into account
2do:
52 packet-ieee80211.c: 2DO
2 packet-nfs.c: 2DO - too many side effects
33 packet-bgp.c: 2DO
18 packet-dns.c: 2DO
14 packet-dcm.c: 2DO
13 packet-x11.c: 2DO
11 packet-kerberos.c: 2DO
10 packet-diameter.c: 2DO
9 packet-snmp.c: 2DO
9 packet-pgm.c: 2DO
7 packet-nbns.c: 2DO
6 packet-fcswils.c: 2DO
5 packet-wccp.c: 2DO
5 packet-cops.c: 2DO
4 packet-wtp.c: 2DO
svn path=/trunk/; revision=17038
Find attached a couple of changes for t38:
- Use the dissector to reassemble t30 frames
- Dissect t30 protocol
- Move the "Fax t38 analysis" to the "VoIP Calls". Now when selecting
"Statistics"->"Fax t38 analysis" option, there is a message that
redirect the user to use the "Voip calls" instead. We may keep this
option for one release, and then remove it ?
- Added in the "Voip calls" the ability to detect a t38 call if there
are not signaling associated with it. For example, when using "Decode
as.." to dissect t38 packets, it is possible to use the "Voip calls" to analyze that call.
- Display "SDP (t38)" in the "Voip calls graph" for SDP t38 sessions.
Regards
Alejandro Vaquero
svn path=/trunk/; revision=17033
- Change proto_tree_add_uint ( ...., tvb_get_guint8(...)) to
proto_tree_add_item ( ....) for all qbss dissection code
- Change all qbss occurrences scount to be 16 bits (I may have
gotten endianess wrong! Testers / sample captures needed)
- Change wlan_mgt.tag.aironet... filter to wlan_mgt.aironet...
svn path=/trunk/; revision=17028
Attached is a patch that fixes several decoding problem is the gsm_a
dissector. The bugs are also submitted to bugzilla id #684 and #687.
svn path=/trunk/; revision=17027
Win32 only: reading a pathname from an environment var requires us to read it in as unicode somehow and convert it to utf8. Using _wgetenv should work under all circumstances on NT, using getenv and g_locale_to_utf8 on Windows OT is the best we can do in this case.
svn path=/trunk/; revision=17024
-rework the GGSN dissector to proper parse meta extensions -more graceful magic-number detection - for better (JUNOS 6.4)
downwards compatability
-correct calculate the offset to ATM cookies when there
are meta-extensions present
svn path=/trunk/; revision=17016
instead of clobbering a canary. This replicates its pre-canarification
behavior (which may not be correct).
Fixup whitespace.
svn path=/trunk/; revision=17001
proto.c uses the wrong pointer in error msg.
Me:
Be more verbose in case of illegal characters when
registering filter names.
svn path=/trunk/; revision=16986
Here is a patch that:
- Replaces the arrow labels by the beginning of the COLINFO column if available (usually containing message names/types).
- Change the comment area to be "protocol: colinfo_content"
From Anders
Added ID tag
Camel
Use col_set_str to remove TCAP info in col_info
svn path=/trunk/; revision=16975
I fixed fBACnetPropertyValue in the BACnet packet-bacapp.c dissector
where an optional decoding for Priority wasn't being optional. A valid
packet with a confirmedEventNotification that did not have the optional
priority made this bug evident by indicating Malformed Packet.
Me:
Fixed some signedness warnings, #if 0'ed out unused functions.
svn path=/trunk/; revision=16957
>From the Debian bug database this bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342588
The rates information element with zero tag length leads to uninitialised
memory access, presenting bogus data for the element. The attached patch
takes care of that.
Me:
One space in the map listing is enough.
svn path=/trunk/; revision=16947
Ethereal does not take into account the protocol field of the IP header
when reassembling fragmented packets as specified in RFC791. This can
lead to incorrect reassembly of packets with an identical src address,
dst address, and identification number, but with differing protocols.
The attached patch includes the protocol in the generation of the id
used to index into the reassembly table.
svn path=/trunk/; revision=16937
I keep finding finding traces that show new problems with this code. This patch fixes 2 problems:
- I've seen RTCP frames containing a SR and RR with identical source info and the lsr matching the current MSW/LSW timestamp of the SR. Don't want to do calculation without real roundtrip info
- calculating the gap between the 2 frames was still wrong (sigh)
svn path=/trunk/; revision=16934
Over the last year or so there have been several developments in the 3GPP2 specifications. One of the areas that saw significant changes was A11 interface between PDSN and PCF. With the introduction of QoS support on this interface, the specification includes a lot of new information elements in this protocol
svn path=/trunk/; revision=16933
- Keep track of terminations (link wildcarded ones to real ones)
- Keep termination info and link aal2 terminations to alcap legs
svn path=/trunk/; revision=16914
create a new dissector table where MAC algorithms for dns/tsig can be registered.
register gssapi for the algorithm "gss.microsoft.com" since this is what w2k uses when performing dns updates.
svn path=/trunk/; revision=16895
also change one (of several:-( ) arrays to be accessed through accessor functions so proper bounds checking is done.
there are many other inbstances of arrays in this dissector that are accessed with no proper bounds checking and the same thing should be done for them
svn path=/trunk/; revision=16891
Hi list,
On the Ethereal Wiki is a CDP capture of a Broadcom BCM1100 VoIP chipset.
It has a power consumption TLV, which was not yet dissected. The attached
patch does that.
svn path=/trunk/; revision=16890
make the dissection of the ACL check the type for each individual ACE and only dissect as access mask and sid those ACEs we know how to handle.
this prevents ethereal from dumping on w32 if we encounter any of these "special" ACE entries, such as the ones used for storing location data for offline files.
svn path=/trunk/; revision=16881
While looking into bug 239 I found a type mismatch in proto.c. Even
though tree_is_expanded is defined as a (gboolean *) the memory
allocation is carried out using sizeof (gint *). The attached patch
fixes this.
svn path=/trunk/; revision=16877
- Better nameing of tfs_ arrays
- Name and dissect "version" field (previously unknown)
- Name and dissect "add tag scheme" (previously unknown)
- Add lots of comments about meanings in the port data
- The first byte in the set command is probably some salt value
svn path=/trunk/; revision=16871
Taking a random dissector from the list on the Wiki I picked packet-enip.c. Nothing wrong with this one, I still ememified it.
From Bart Braem:
packet-mip.c does not have support for all registration denials by the foreign agent, code 77 was left out. The attached patch fixes that.
svn path=/trunk/; revision=16868
Fix a memory leak found by valgrind:
Although dir isn't a directory it may still use memory
packet-xml.c:
Reformat the relevant function in packet-xml.c to be readable on systems
where a tab is 8 spaces.
svn path=/trunk/; revision=16865
Three patches here:
eth-ed-2.diff
-------------
1) The handling of HashSet Answer messages was wrong
2) Add dissection of some more eMule extension packets to do with
error recovery
eth-bt-1.diff
-------------
New versions of the Azureus BitTorrent client implement a new extension to the protocol, which is effectively a text based encapsulation of the binary BitTorrent protocol, embedded within the BitTorrent protocol. Who knows why they thought that was a good idea, but this patch can pick apart their new headers.
eth-bt-2.diff
-------------
By registering a normal dissector as well as the heuristic one, BitTorrent shows up on the Decode As... list so you can manually override its mistake.
svn path=/trunk/; revision=16856
- New Dissector Novell Cluster Services
1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"
svn path=/trunk/; revision=16844
This idl file is required by wkssvc.idl since wkssvc references Platform_id
There are still some minor changes required for pidl to prettify the output for both wkssvc and srvsvc before these two dissectors should be used.
note that this idl is significantly different from the samba4 idl since it contains all the additional functions and structures the handwritten dissector has that is lacking from s4 idl.
it is expected that s4 will take up the authorative version of this idl soon so there will only be one master copy of this idl.
svn path=/trunk/; revision=16831
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
svn path=/trunk/; revision=16828
"preferences/mtp3 must be changed accordingly (it is explicitly indicated that the "network address format" is ..."
Change the text and som names.
svn path=/trunk/; revision=16827
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.
-packet-ieee80211.c
Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.
-From Kan Sasaki
A patch for packet-ospf.c is attached:
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
- lldp Bugfix Bug 596 LLDP TIA Network Policy Decode is not correct
- Camel make it possible to dissect based on OID.
svn path=/trunk/; revision=16822
This patch adds support for draft-nguyen-ospf-lls-05.txt, draft-nguyen-ospf-oob-resync-05.txt and draft-nguyen-ospf-restart-05.txt. These are an alternative way to do OSPF graceful restart.
These drafts are implemented by cisco and several other vendors that want to interoperate with cisco. My patch adds a dissectors for LLS TLVs.
I had to modify the existing ospf dissector as it assumed that all the data after IP header is OSPF packet. This is not true anymore and probably was not true before as well.
Also please find attached an example of OSPF packets with LLS data blocks.
--
svn path=/trunk/; revision=16818
The new oid_resolv.c OID handling is more strict on what an OID is. It now requires the OID string representation to be a sequence of dotted integers - particularly when looking up an associated name.
The X.411 and DISP dissectors have [ab]used the OID handling to support the dissection of x.411 standard-extensions (which are indicated by a single
integer) and where the OID is sufficient by itself (disp). Have a look at x411.cnf and disp.cnf
Attached is a small patch to restore the previous functionality in the new handling. If this is something you don't wish to continue to support in the OID handling, then I'll look at alternate mechanisms.
Graeme
svn path=/trunk/; revision=16816
Luis Ontanon