this allows us to use g_hash_table_new() instead of g_hash_table_new_full() and thus make it compileable under gtk1.2
this should probably be completely converted into se_tree's and se_alloc to completely remove the hashtable altogether
svn path=/trunk/; revision=20758
* Remove macros_dlg, the DFMacros UAT goes in the menu with all the rest
* in packet-user_encap.c WTAP_ENCAP=XXX has become useless information for the user leave just the DLT#
svn path=/trunk/; revision=20753
In the attached patch, the K12 wiretap now saves the content of record
after captured packet data. The K12 dissector then could extract them and provide
useful information to properly dissect FP frames (user plane of UTRAN Iub
interface).
svn path=/trunk/; revision=20749
not the data length (the packet might've been cut short by a snapshot
length).
Fetch the reported length with an accessor.
svn path=/trunk/; revision=20743
The file epan/dissectors/packet-k12.c uses the function
strcasestr() which is not available on e.g. Windows. So I cooked
up a patch to epan/strutil.c to add epan_strcasestr() (is there a more
suited place for such a function?)
svn path=/trunk/; revision=20734
dissect_ansi_map_sms_originationrestrictions()
Also close a couple of comments, remove one /* embedded in a comment,
remove a couple unused variables (still lots of unused params in there),
and fix indentation of some proto_item and proto_tree variable declarations.
svn path=/trunk/; revision=20730
This patch adds decodes for 802.11n information elements. Since 802.11n
isn't a formal standard yet they are not using the final packet
structures or ie type numbers. But there are already 802.11n pre
release devices out there and these decodes do seem to correctly decode
the IEs that they use.
svn path=/trunk/; revision=20725
- new: ICBALogicalDevice2::PBAddressInfo
- enhanced: GROUPERRORDEF
simplify ett registration
add a callback for SAFEARRAY data dissection
svn path=/trunk/; revision=20723
Wireshark complains about bogus udp length when processing last fragment of UDP data.
It compares length field from UDP header with payload size of last fragment.
Attached is my attempt to fix this by referring to tvp->length instead of pinfo->iplen - pinfo->iphdrlen.
Also set some items attribute to generated.
svn path=/trunk/; revision=20722
Fix an obvious error in the nfs4 stateid parsing. The stateid is used in a number of common operations (such as open and setattr), so this caused a lot of misparsing.
svn path=/trunk/; revision=20700
Wed, Jan 31, 2007 at 7:24 PM
To: wireshark-dev@wireshark.org
Hello,
Please consider for checkin the following new dissectors, for the FMP protocol.
FMP (File Mapping Protocol) is the network protocol basis for EMC's HighRoad (MPFS) technology. Highroad is used to allow multiple clients to share access to NAS-shared files while allowing clients to directly access data volumes (via, for example, Fibre Channel or iSCSI). EMC currently uses this technology in our Celerra NAS servers, and we're currently in the process of open sourcing portions of the technology.
FMP actually consists of two ONC/RPC-based protocols - the core FMP protocol, and FMP/Notify. The latter is used as an asynchronous callback to inform clients of status changes, such as lock revocation.
We'd like to offer these dissectors to Wireshark users for help in debugging or otherwise troubleshooting MPFS-related problems. There are still a few minor changes that need to be made ( i.e. a handful of fields that aren't decoded) but the dissector is overall fairly complete and very usable.
Let me know if there are questions or feedback, or otherwise if other info is needed (like sample captures, which I don't want to send out to the mailing list).
Thanks,
Ian Schorr
EMC Corporation
svn path=/trunk/; revision=20679
- most paramaters have data set to NULL, have them added to the tree
- avoid the context tracing mecanism bailing out if a ContextList appears in the packet.
- in q9150 do not attempt to dissect sdp unless we believe it is sdp
(BTW we need heuristics for sdp and other potential payloads of this parameter..)
svn path=/trunk/; revision=20649
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
The PERSISTENT REVERVE OUT dissectors uses the table of the PERSISTENT REVERVE
IN command to decode the Service Action field which is obviously not correct.
This patch fixes the problem.
svn path=/trunk/; revision=20631
Mikus. Add a buf_len parameter to ip_to_str_buf(), and make sure it's
enforced. Copy the release notes over from the 0.99.5 trunk and add a
note about the ISUP dissector (which is affected by the overrun).
svn path=/trunk/; revision=20607
Gerrit Renker fixed a bug in DCCP dissector about long timestamps. (bad offsets)
He wrote:
> attached is a patch which updates the offsets of the timestamps.
> I have verified this against [RFC 4342, sec. 13] and it seems correct.
Also fixed file properties
svn path=/trunk/; revision=20606
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
plus:
Add Kriang to the AUTHORS list (and once at it upate my own record)
svn path=/trunk/; revision=20580
the lack of SSID). Wildcarding combines the passphrase with the last
seen SSID and attempts decryption. The last-seen stack is only one
element tall, which means it may get clobbered on busy and diverse
networks. We can expand it if needed.
Make internal functions static in airpdcap.c. Rearrange the
AIRPDCAP_KEY_ITEM struct so that the passphrase and SSID don't get
clobbered when we set our PSK.
svn path=/trunk/; revision=20572
This patch fixes three problems with the SCSI persistent reserve in command:
- The Additional length starts at offset 4 and not 0
- The len field contains the length used by the keys and doesn't include the header length.
So don't substract the header length from the length.
- The key list is traversed from the beginning to end end and not the other way around.
svn path=/trunk/; revision=20568
scsi sense information potentially followed by iscsi event data.
this is used by a target to tell an initiator (among other things) that the lun configuration has changed and now is a good time to rescan the target for lun changes.
svn path=/trunk/; revision=20531
I found a rare situation in which the BSSAP dissector seems to wrongly
assume a packet.
When a RANAP DirectTransfer message contains the GSM Supplementary
Service 'Call Confirmed' this seems to yield a message that the BSSAP
dissector recognizes as a BSSMAP BLOCK message (and from the perspective
of BSSAP, this is perfectly correct).
My patch includes code that checks this very special case.
svn path=/trunk/; revision=20520
for consistency. The frame.pkt_len filter is now deprecated, but still
supported as a hidden field for an easy transition. The new field name is
frame.len.
svn path=/trunk/; revision=20519
This patch adds support for the IPv4 Commercial IP Security Option (CIPSO) as
defined in the IETF draft, draft-ietf-cipso-ipsecurity-01.txt. While this
draft has long since expired, it has become a de-facto standard for labeled
networking with support from several commercial Multi-Level Security (MLS)
operating systems such as HP-UX CMW and Trusted Solaris; in addition, Linux
Kernels 2.6.19 and later provide support for CIPSO in conjunction with
SELinux.
Copies of the expired CIPSO draft can be found at the NetLabel project page:
* http://netlabel.sf.net
svn path=/trunk/; revision=20506
having been reassembled.
Fix the comments in reassembly.c and reassembly.h regarding what the reassembly
routines actually return in the 802.11 and no-sequence-number cases when they
are given the first and last packet (that is, a non-segmented packet): in
particular the routines return a pointer to a list containing just the one
fragment.
svn path=/trunk/; revision=20505
code in each function is consistent (previously there were some sections of
code indented, oh, about 10 indentations too far). At the same time, remove
trailing white space and change spaces to tabs.
Remove one duplicated call to sccp_assoc() and s/isup_apm/sccp/g in the hf[]
array (apparently when the XUDT reassembly was put in it was copied from ISUP
but the filter names weren't changed).
svn path=/trunk/; revision=20502
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
* <epan/crypt/crypt-md5.h> must come after <glib.h> because of
'guint8' etc.
* Include <wiretap/file_util.h> because of eth_fopen().
svn path=/trunk/; revision=20456
The problem was that when dissecting the set, if a sub-dissector didn't consume any bytes it was assumed that the correct field hadn't been matched.
This fix matches the field if the sub-dissector consumes no bytes and we know that the length of the field is zero. This is only allowed on the first pass when we are not matching ANYs.
I think this is a fairly safe fix - I've tried it with some other ASN.1
I've also changed dissect_ber_octet_string() to show the zero length fields in the dissection. This shows the fields as "<MISSING>" which is not quite the right explanation as the field is definitely present. Something like "<EMPTY>" or "<ZERO LENGTH>" may be better - but I'm not sure of the reasoning behind "<MISSING>".
svn path=/trunk/; revision=20429
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
functions to strutil. Use GByteArrays to store SSIDs for decryption,
and let the user specify arbitrary byte strings using percent-encoded
strings. We should probably add percent encoding for pass phrases as
well, so you can escape the ":" character.
Move the key struct key conversion utilities to airpdcap.c, and remove
duplicate code from packet-ieee80211.c. Fix a lot of indentation.
svn path=/trunk/; revision=20388
Handle the following type of construct
CDMATargetMAHOInformation ::= SEQUENCE {
targetCellID [3] IMPLICIT TargetCellID,
cdmaPilotStrength [65] IMPLICIT CDMAPilotStrength,
cdmaTargetOneWayDelay [61] IMPLICIT CDMATargetOneWayDelay
}
CDMATargetMAHOList ::= SEQUENCE OF [135] IMPLICIT CDMATargetMAHOInformation
ansi_map:
- Correct an Enummeration
- add Missing OPTIONAL to Tags
- Handle parameter if it's one or two octets long.
svn path=/trunk/; revision=20386
The number of rfci's in rate control messages is read in the wrong place.
We have created a patch for this, in the patch we have also added CRC checks
for header and payload.
svn path=/trunk/; revision=20295