- most paramaters have data set to NULL, have them added to the tree
- avoid the context tracing mecanism bailing out if a ContextList appears in the packet.
- in q9150 do not attempt to dissect sdp unless we believe it is sdp
(BTW we need heuristics for sdp and other potential payloads of this parameter..)
svn path=/trunk/; revision=20649
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
The PERSISTENT REVERVE OUT dissectors uses the table of the PERSISTENT REVERVE
IN command to decode the Service Action field which is obviously not correct.
This patch fixes the problem.
svn path=/trunk/; revision=20631
Mikus. Add a buf_len parameter to ip_to_str_buf(), and make sure it's
enforced. Copy the release notes over from the 0.99.5 trunk and add a
note about the ISUP dissector (which is affected by the overrun).
svn path=/trunk/; revision=20607
Gerrit Renker fixed a bug in DCCP dissector about long timestamps. (bad offsets)
He wrote:
> attached is a patch which updates the offsets of the timestamps.
> I have verified this against [RFC 4342, sec. 13] and it seems correct.
Also fixed file properties
svn path=/trunk/; revision=20606
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
plus:
Add Kriang to the AUTHORS list (and once at it upate my own record)
svn path=/trunk/; revision=20580
the lack of SSID). Wildcarding combines the passphrase with the last
seen SSID and attempts decryption. The last-seen stack is only one
element tall, which means it may get clobbered on busy and diverse
networks. We can expand it if needed.
Make internal functions static in airpdcap.c. Rearrange the
AIRPDCAP_KEY_ITEM struct so that the passphrase and SSID don't get
clobbered when we set our PSK.
svn path=/trunk/; revision=20572
This patch fixes three problems with the SCSI persistent reserve in command:
- The Additional length starts at offset 4 and not 0
- The len field contains the length used by the keys and doesn't include the header length.
So don't substract the header length from the length.
- The key list is traversed from the beginning to end end and not the other way around.
svn path=/trunk/; revision=20568
scsi sense information potentially followed by iscsi event data.
this is used by a target to tell an initiator (among other things) that the lun configuration has changed and now is a good time to rescan the target for lun changes.
svn path=/trunk/; revision=20531
I found a rare situation in which the BSSAP dissector seems to wrongly
assume a packet.
When a RANAP DirectTransfer message contains the GSM Supplementary
Service 'Call Confirmed' this seems to yield a message that the BSSAP
dissector recognizes as a BSSMAP BLOCK message (and from the perspective
of BSSAP, this is perfectly correct).
My patch includes code that checks this very special case.
svn path=/trunk/; revision=20520
for consistency. The frame.pkt_len filter is now deprecated, but still
supported as a hidden field for an easy transition. The new field name is
frame.len.
svn path=/trunk/; revision=20519
This patch adds support for the IPv4 Commercial IP Security Option (CIPSO) as
defined in the IETF draft, draft-ietf-cipso-ipsecurity-01.txt. While this
draft has long since expired, it has become a de-facto standard for labeled
networking with support from several commercial Multi-Level Security (MLS)
operating systems such as HP-UX CMW and Trusted Solaris; in addition, Linux
Kernels 2.6.19 and later provide support for CIPSO in conjunction with
SELinux.
Copies of the expired CIPSO draft can be found at the NetLabel project page:
* http://netlabel.sf.net
svn path=/trunk/; revision=20506
having been reassembled.
Fix the comments in reassembly.c and reassembly.h regarding what the reassembly
routines actually return in the 802.11 and no-sequence-number cases when they
are given the first and last packet (that is, a non-segmented packet): in
particular the routines return a pointer to a list containing just the one
fragment.
svn path=/trunk/; revision=20505
code in each function is consistent (previously there were some sections of
code indented, oh, about 10 indentations too far). At the same time, remove
trailing white space and change spaces to tabs.
Remove one duplicated call to sccp_assoc() and s/isup_apm/sccp/g in the hf[]
array (apparently when the XUDT reassembly was put in it was copied from ISUP
but the filter names weren't changed).
svn path=/trunk/; revision=20502
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
* <epan/crypt/crypt-md5.h> must come after <glib.h> because of
'guint8' etc.
* Include <wiretap/file_util.h> because of eth_fopen().
svn path=/trunk/; revision=20456
The problem was that when dissecting the set, if a sub-dissector didn't consume any bytes it was assumed that the correct field hadn't been matched.
This fix matches the field if the sub-dissector consumes no bytes and we know that the length of the field is zero. This is only allowed on the first pass when we are not matching ANYs.
I think this is a fairly safe fix - I've tried it with some other ASN.1
I've also changed dissect_ber_octet_string() to show the zero length fields in the dissection. This shows the fields as "<MISSING>" which is not quite the right explanation as the field is definitely present. Something like "<EMPTY>" or "<ZERO LENGTH>" may be better - but I'm not sure of the reasoning behind "<MISSING>".
svn path=/trunk/; revision=20429
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
functions to strutil. Use GByteArrays to store SSIDs for decryption,
and let the user specify arbitrary byte strings using percent-encoded
strings. We should probably add percent encoding for pass phrases as
well, so you can escape the ":" character.
Move the key struct key conversion utilities to airpdcap.c, and remove
duplicate code from packet-ieee80211.c. Fix a lot of indentation.
svn path=/trunk/; revision=20388
Handle the following type of construct
CDMATargetMAHOInformation ::= SEQUENCE {
targetCellID [3] IMPLICIT TargetCellID,
cdmaPilotStrength [65] IMPLICIT CDMAPilotStrength,
cdmaTargetOneWayDelay [61] IMPLICIT CDMATargetOneWayDelay
}
CDMATargetMAHOList ::= SEQUENCE OF [135] IMPLICIT CDMATargetMAHOInformation
ansi_map:
- Correct an Enummeration
- add Missing OPTIONAL to Tags
- Handle parameter if it's one or two octets long.
svn path=/trunk/; revision=20386
The number of rfci's in rate control messages is read in the wrong place.
We have created a patch for this, in the patch we have also added CRC checks
for header and payload.
svn path=/trunk/; revision=20295
cannot be stored in guint32).
- Makes the threshold preference value an absolute value.
- There is now a separate expert info item for -ve roundtrips
N.B. There is still a problem with filtering -ve values on this
FT_INT32 field, i.e. rtcp.roundtrip-delay < 0 never matches with
frames that it should (even if rtcp.roundtrip-delay == -3 can
be used to match specific frames...).
svn path=/trunk/; revision=20264
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
Stop displaying the application data (in this case, HTML) in the tree and
and "Decrypted SSL data" tab twice since each already includes both of the
application data record layers combined.
svn path=/trunk/; revision=20247
returns nothing, so it should be void), and make it static like the
other functions.
Make the ipmi_cmd_array[] table static - and const, while we're at it.
svn path=/trunk/; revision=20235
distcheck failure. Move the nmake build targets for airpdcap from
epan/dissectors to epan. This will probably break the Windows build.
svn path=/trunk/; revision=20231
move the files until these changes are checked in). Add an AC_DEFINE
for airpdcap (which will be removed once the changes have settled).
Update the airpdcap code to compile on non-Windows systems. Fix up
comments and whitespace to conform more closely to the rest of the
code base. Verified to compile under Windows and OS X.
svn path=/trunk/; revision=20227
Here is a patch for the management of the bad/good checksum for ISIS (like TCP/UDP/IP).
support added for:
- booleans hf_isis_lsp_checksum_good, hf_isis_lsp_checksum_bad in the tree,
- information in the info column if bad checksum,
- expert info for bad checksum,
svn path=/trunk/; revision=20214
The attached patch changes the way the ssl-session-id is displayed.
Currently it is not shown, only the length is shown like this:
Session ID Length: 32
Session ID (32 bytes)
To me, it is not useful to repeat the length and omit the ID itself.
With this patch the ssl-session-id is shown like this:
Session ID Length: 32
Session ID: A4B2FB0EE6D8F58DEFF68E38B1E5B4C25F1869D4BC86A96E...
svn path=/trunk/; revision=20212
As per NetFlow V9 protocol, Template ID is guaranteed to be unique per
Observation Domain (identified by Source ID) and the Exporter
(identified by the source IP address of NetFlow PDU).
The former code was ignoring these information for simplicity, but
noticing such a necessity.
svn path=/trunk/; revision=20182
for the quite unusual case when we need to do this multiple times in a row for the same PDU.
This fixes the issue reported by Xiaoguang Liu on the mailinglist
where wireshark did not manage to properly reassemble a big HTTP header spanning several (more than two) tcp segments.
svn path=/trunk/; revision=20179
Update the Camel ASN1 definition to version 3GPP TS
29.078 7.3.0 Release 7.
Some definitions for element SIZE have been replaced to use the capSpecificBound variables, and some decoding problemes, like for Establish temporary connection have been solved.
I did notice that the CalledPartyBCDNumber (ISDN-AddressString (1..9) ) is not inline with the last definition (1..41), but I did not update it.
svn path=/trunk/; revision=20153
Introduce the support for "expert info" in the BER decoding module.
It is usefull if you have to analyze long capture files, containing few malformed messages.
With changes to make it compile with MSVC6.
svn path=/trunk/; revision=20152
a little patch against revision 20088 in packet-isis-lsp.c for the
following :
- hf_isis_lsp_remaining_life declared but unused
- replacing a proto_tree_add_uint useless with proto_tree_add_item
svn path=/trunk/; revision=20148
this fixes some issues with some really ancient cifs implementations where the previous tests and statemanagement would cause it to fail othervise.
svn path=/trunk/; revision=20136
I have added a new dissector for DMP (STANAG 4406 Direct Message
Profile) as defined in STANAG 4406 Annex E. The DMP protocol has no
assigned UDP port number yet, so the default value in this dissector
is 0 (I suppose this is som sort of "disabled"?) until we get this
registered.
The dissector has been tested on OSX Intel/PowerPC and Solaris SPARC.
Changes in this patch:
* Added DMP dissector
* Added a new CRC table and functions in crc16.c
* Made NonDeliveryReasonCode and NonDeliveryDiagnosticCode available
from X.411
* Made NonReceiptReasonField and DiscardReasonField available from X.420
svn path=/trunk/; revision=20133
This is a new dissector for STUN v2, that is currently in WGLC at the IETF.
- Keep packet-stun.c for the RFC 3498 protocol, plus the STUN and TURN
drafts up to draft-ietf-behave-rfc3489bis-02 and
draft-rosenberg-midcom-turn-08, as there is some huge deployments using
this. There will be no modification to this dissectors in the future,
excepted perhaps to add support for retransmission or things like this.
- Add a new dissector packet-stun2.c for the new STUN (currently in
WGLC), the STUN relay-usage (formerly known as TURN) and the other
usages that will be added in the future (IPv6, NAT Behavior, etc...).
svn path=/trunk/; revision=20131
and associate it with the conversation properly.
do the same for supportedMech in the negTokenTarg
This will allow wireshark to decode the blob in negTokenTarg even when no supportedMech is provided.
svn path=/trunk/; revision=20129
messy and you shouldn't do it unless you REALLY have to. Change several
routines to use standard tvb_get_* accessors instead of operating on raw
packet data. This fixes an integer overflow in dissect_vendor_ie_rsn()
found by Neil Kettle.
Use value_strings instead of duplicating their functionality with our
own routines. Print the WME surplus bandwidth allowance factor. Fix
some compiler warnings.
Update the release notes.
Some of the changes are untested due to a lack of capture data.
svn path=/trunk/; revision=20126
the "checksum bad" and "checksum good" flags as generated fields, add
an expert info item on a checksum error, and put a "checksum incorrect"
indication in the Info column.
Clean up indentation.
svn path=/trunk/; revision=20092
change some hf definitions where FT_BOOLEAN types had the wrong length specified
(BASE_[HEX|DEC] instead of length of field in bits)
svn path=/trunk/; revision=20082
support.
WEP key preferences have been overloaded to allow WPA keys. The
decryption code currently uses Windows-specific data types, but can be
converted to use glib equivalents.
Add a few text and whitespace fixups.
svn path=/trunk/; revision=20049
As a workarond for the problem that accsessing a state with a state id > the stored
minimum access length fail, only store and compare the state with the minimum access
lengt specified in the standard of 6 bytes.
svn path=/trunk/; revision=20041
