Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
"The method used in packet-nfs.c to calculate a 32-bit hash representing the
32-byte filehandle is faulty in that the hash often matches multiple
filehandles."
"This patch uses CRC-32 to calculate the hash.
We (EMC GNS) have tested this patch for the past two years and we have not
found a single case where the hash matched more than one filehandle."
See Bug #4839: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4839
svn path=/trunk/; revision=33079
Avoid triggering a malformed packet error when decoding a simple UE terminated Detach Request when the EMM cause IE is not present:
svn path=/trunk/; revision=33071
Add field 'nfs.ops.count' in the detail pane of NFSv4 calls and replies that
displays the number of operations in NFSv4 COMPOUND requests/replies.
From me: change the blurb wording a bit.
svn path=/trunk/; revision=33069
Display the fsid (filesystem ID) in decimal as well as hex in the "attributes"
section of the header in NFSv3/v4 replies.
svn path=/trunk/; revision=33068
Mesa moved its API description file again.
Also, while I'm here, I noticed that they stopped using signed tags, so add
--tags to "git describe" for a better description of the mesa version used to
build the X11 dissector.
svn path=/trunk/; revision=33067
"v10 of the packet format was added recently and could be added
to the wireshark dissector"
See: Bug #4833: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4833
From me:
- Fix a compile error: ...version=tvb_get_ntohs...
- Fix a missing = NULL.
svn path=/trunk/; revision=33066
Note that the number of UDVM cycles MUST NOT be increased if a
request for additional compressed data fails.
so we *shouldn't* increase the cycle count further when
SIGCOMP_INSTR_INPUT_BYTES fails. That does *NOT* of course, mean that
we shouldn't increase the cycle count by 1 for a failed INPUT-BYTES
instruction - that would leave UDVM vulnerable to infinite loops (as per
bug 4826), and I *really* doubt that was their intent; presumably, it
means it should not be increased *by the number of cycles for the
additional data*:
Additionally, if the UDVM successfully requests n bits of
compressed data using one of the INPUT instructions then the
number of available UDVM cycles is increased by n *
cycles_per_bit once the instruction has been executed.
if the attempt to get that additional data fails.
svn path=/trunk/; revision=33065
From reading the rawshark(1) manpage my assumption was that rawshark
could be used like
$ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ...
However rawshark either expects the -r argument to be -
(read from stdin) or a pipe which results in the following error
message:
rawshark: ".../test.pcap" is neither an interface nor a pipe
The proposed rawshark.pod patch updates the -r description to
the implemented rawshark functionality.
The patch also applies to the current SVN version.
svn path=/trunk/; revision=33063
"Different people made changes to enhance the batman-adv dissector. It seems
that the batman dissector wasn't touched and misses those changes. Following
patchset should improve the dissector the same way Gerald Combs, Guy Harris and
Bill Meier improved batman-adv."
See Bug #4384: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4834
From me: Add back a few 'if (check_col()) ...';
I probably went just a bit too far in changes I made in packet-batadv.c
svn path=/trunk/; revision=33062
The wireless meshing protocol B.A.T.M.A.N. Advanced changed their packet format
in such a way that now versions can be identified and so correct dissection of
the packets can be supported by wireshark.
Since it is a ever moving target it is very possible that the packet format is
changing slightly. The dissector was written in such a way that new version can
be supported relative easy.
I hope that it sufficient for the inclusion in wireshark.
I tried to fuzzing it some hours and no error was reported.
From me:
Initialize our dissector handles.
Merge packet-batadv.h into packet-batadv.c. It isn't included anywhere else.
Fuzz 500 passes using attached capture files.
svn path=/trunk/; revision=33052
Introduced some state to remember last dissected Tag/Length so that they can be recalled if an IMPLICIT tag is encountered and stripped. This allows its to be determined if the value has a constructed value - and so can be reassembled.
In this case, it is a IMPLICIT constructed OCTET STRING at the presentation layer.
Many thanks to Fred Gruman for identifying - and apologies for the delay in commiting.
svn path=/trunk/; revision=33048
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
This patch adds a new '-o' option to capinfos (enabled by default) to report if
the packets within a particular capture file are in strict chronological time
order or not.
svn path=/trunk/; revision=33041
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
Gerald Combs