The problem was that when dissecting the set, if a sub-dissector didn't consume any bytes it was assumed that the correct field hadn't been matched.
This fix matches the field if the sub-dissector consumes no bytes and we know that the length of the field is zero. This is only allowed on the first pass when we are not matching ANYs.
I think this is a fairly safe fix - I've tried it with some other ASN.1
I've also changed dissect_ber_octet_string() to show the zero length fields in the dissection. This shows the fields as "<MISSING>" which is not quite the right explanation as the field is definitely present. Something like "<EMPTY>" or "<ZERO LENGTH>" may be better - but I'm not sure of the reasoning behind "<MISSING>".
svn path=/trunk/; revision=20429
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
functions to strutil. Use GByteArrays to store SSIDs for decryption,
and let the user specify arbitrary byte strings using percent-encoded
strings. We should probably add percent encoding for pass phrases as
well, so you can escape the ":" character.
Move the key struct key conversion utilities to airpdcap.c, and remove
duplicate code from packet-ieee80211.c. Fix a lot of indentation.
svn path=/trunk/; revision=20388
Handle the following type of construct
CDMATargetMAHOInformation ::= SEQUENCE {
targetCellID [3] IMPLICIT TargetCellID,
cdmaPilotStrength [65] IMPLICIT CDMAPilotStrength,
cdmaTargetOneWayDelay [61] IMPLICIT CDMATargetOneWayDelay
}
CDMATargetMAHOList ::= SEQUENCE OF [135] IMPLICIT CDMATargetMAHOInformation
ansi_map:
- Correct an Enummeration
- add Missing OPTIONAL to Tags
- Handle parameter if it's one or two octets long.
svn path=/trunk/; revision=20386
The number of rfci's in rate control messages is read in the wrong place.
We have created a patch for this, in the patch we have also added CRC checks
for header and payload.
svn path=/trunk/; revision=20295
cannot be stored in guint32).
- Makes the threshold preference value an absolute value.
- There is now a separate expert info item for -ve roundtrips
N.B. There is still a problem with filtering -ve values on this
FT_INT32 field, i.e. rtcp.roundtrip-delay < 0 never matches with
frames that it should (even if rtcp.roundtrip-delay == -3 can
be used to match specific frames...).
svn path=/trunk/; revision=20264
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
Stop displaying the application data (in this case, HTML) in the tree and
and "Decrypted SSL data" tab twice since each already includes both of the
application data record layers combined.
svn path=/trunk/; revision=20247
returns nothing, so it should be void), and make it static like the
other functions.
Make the ipmi_cmd_array[] table static - and const, while we're at it.
svn path=/trunk/; revision=20235
distcheck failure. Move the nmake build targets for airpdcap from
epan/dissectors to epan. This will probably break the Windows build.
svn path=/trunk/; revision=20231
move the files until these changes are checked in). Add an AC_DEFINE
for airpdcap (which will be removed once the changes have settled).
Update the airpdcap code to compile on non-Windows systems. Fix up
comments and whitespace to conform more closely to the rest of the
code base. Verified to compile under Windows and OS X.
svn path=/trunk/; revision=20227
Here is a patch for the management of the bad/good checksum for ISIS (like TCP/UDP/IP).
support added for:
- booleans hf_isis_lsp_checksum_good, hf_isis_lsp_checksum_bad in the tree,
- information in the info column if bad checksum,
- expert info for bad checksum,
svn path=/trunk/; revision=20214
The attached patch changes the way the ssl-session-id is displayed.
Currently it is not shown, only the length is shown like this:
Session ID Length: 32
Session ID (32 bytes)
To me, it is not useful to repeat the length and omit the ID itself.
With this patch the ssl-session-id is shown like this:
Session ID Length: 32
Session ID: A4B2FB0EE6D8F58DEFF68E38B1E5B4C25F1869D4BC86A96E...
svn path=/trunk/; revision=20212
As per NetFlow V9 protocol, Template ID is guaranteed to be unique per
Observation Domain (identified by Source ID) and the Exporter
(identified by the source IP address of NetFlow PDU).
The former code was ignoring these information for simplicity, but
noticing such a necessity.
svn path=/trunk/; revision=20182
for the quite unusual case when we need to do this multiple times in a row for the same PDU.
This fixes the issue reported by Xiaoguang Liu on the mailinglist
where wireshark did not manage to properly reassemble a big HTTP header spanning several (more than two) tcp segments.
svn path=/trunk/; revision=20179
Update the Camel ASN1 definition to version 3GPP TS
29.078 7.3.0 Release 7.
Some definitions for element SIZE have been replaced to use the capSpecificBound variables, and some decoding problemes, like for Establish temporary connection have been solved.
I did notice that the CalledPartyBCDNumber (ISDN-AddressString (1..9) ) is not inline with the last definition (1..41), but I did not update it.
svn path=/trunk/; revision=20153
Introduce the support for "expert info" in the BER decoding module.
It is usefull if you have to analyze long capture files, containing few malformed messages.
With changes to make it compile with MSVC6.
svn path=/trunk/; revision=20152
a little patch against revision 20088 in packet-isis-lsp.c for the
following :
- hf_isis_lsp_remaining_life declared but unused
- replacing a proto_tree_add_uint useless with proto_tree_add_item
svn path=/trunk/; revision=20148
this fixes some issues with some really ancient cifs implementations where the previous tests and statemanagement would cause it to fail othervise.
svn path=/trunk/; revision=20136
I have added a new dissector for DMP (STANAG 4406 Direct Message
Profile) as defined in STANAG 4406 Annex E. The DMP protocol has no
assigned UDP port number yet, so the default value in this dissector
is 0 (I suppose this is som sort of "disabled"?) until we get this
registered.
The dissector has been tested on OSX Intel/PowerPC and Solaris SPARC.
Changes in this patch:
* Added DMP dissector
* Added a new CRC table and functions in crc16.c
* Made NonDeliveryReasonCode and NonDeliveryDiagnosticCode available
from X.411
* Made NonReceiptReasonField and DiscardReasonField available from X.420
svn path=/trunk/; revision=20133
This is a new dissector for STUN v2, that is currently in WGLC at the IETF.
- Keep packet-stun.c for the RFC 3498 protocol, plus the STUN and TURN
drafts up to draft-ietf-behave-rfc3489bis-02 and
draft-rosenberg-midcom-turn-08, as there is some huge deployments using
this. There will be no modification to this dissectors in the future,
excepted perhaps to add support for retransmission or things like this.
- Add a new dissector packet-stun2.c for the new STUN (currently in
WGLC), the STUN relay-usage (formerly known as TURN) and the other
usages that will be added in the future (IPv6, NAT Behavior, etc...).
svn path=/trunk/; revision=20131
and associate it with the conversation properly.
do the same for supportedMech in the negTokenTarg
This will allow wireshark to decode the blob in negTokenTarg even when no supportedMech is provided.
svn path=/trunk/; revision=20129
messy and you shouldn't do it unless you REALLY have to. Change several
routines to use standard tvb_get_* accessors instead of operating on raw
packet data. This fixes an integer overflow in dissect_vendor_ie_rsn()
found by Neil Kettle.
Use value_strings instead of duplicating their functionality with our
own routines. Print the WME surplus bandwidth allowance factor. Fix
some compiler warnings.
Update the release notes.
Some of the changes are untested due to a lack of capture data.
svn path=/trunk/; revision=20126
the "checksum bad" and "checksum good" flags as generated fields, add
an expert info item on a checksum error, and put a "checksum incorrect"
indication in the Info column.
Clean up indentation.
svn path=/trunk/; revision=20092
change some hf definitions where FT_BOOLEAN types had the wrong length specified
(BASE_[HEX|DEC] instead of length of field in bits)
svn path=/trunk/; revision=20082
support.
WEP key preferences have been overloaded to allow WPA keys. The
decryption code currently uses Windows-specific data types, but can be
converted to use glib equivalents.
Add a few text and whitespace fixups.
svn path=/trunk/; revision=20049
As a workarond for the problem that accsessing a state with a state id > the stored
minimum access length fail, only store and compare the state with the minimum access
lengt specified in the standard of 6 bytes.
svn path=/trunk/; revision=20041
Please apply this patch (made against Wireshark 0.99.4). It defines the
NTLMSSP_NEGOTIATE_ANONYMOUS flag as described in
<http://davenport.sourceforge.net/ntlm.html>.
svn path=/trunk/; revision=20022
Much simplified patch to use column fences on the COL_INFO field to
prevent sebsequent calls to the SSL dissector for the same packet
clearing the information placed by earlier calls. After each SSL record
is processed a col_set_fence() call is now issued to preserve what has
been written.
svn path=/trunk/; revision=20020
The attached patch fixes decoding of the "X-Mms-Reply-Charging-Deadline" header.
According to the OMA-TS-MMS-ENC specs, this header is encoded like this:
Reply-charging-deadline-value = Value-length \
(Absolute-token Date-value | Relative-token Delta-seconds-value)
svn path=/trunk/; revision=20019
null. This allows the encrypted payload's dissector to fill in columns such
as protocol and info without turning on packet coloring or otherwise rescanning
the packet list.
svn path=/trunk/; revision=20018
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
I have a little additional patch, that makes it easier to see what which bytes
are not caught by the sub_dissector.
And it makes it easy to select and export the full payload to a file.
svn path=/trunk/; revision=19987
"off by 1" bug in
packet-smb-common.c: dissect_ms_compressed_string_internal()
was causing a 1 character buffer overflow thus causing the canary to sing !
Fixes bug #1241
svn path=/trunk/; revision=19983
New dissector for ETSI DCP (ETSI TS 102 821).
Code rearranged to look more like other Wireshark dissectors and some warnings/errors
on Windows fixed.
svn path=/trunk/; revision=19981
I created two patches:
1.) move the handling of the compressed strings in CLDAP 'netlogon' replies into a generic place.
2.) implement dissection of SMB_NETLOGON cmd's 0x17 and 0x19
svn path=/trunk/; revision=19970
1)
A small change in the number of teleservices recognized
2)
Finally finished a lot of the changes for IOS 5 support.
The attached files must be used together.
Built in Windows XP Pro using Visual Studio C++ with the latest repository.
packet-ansi_map.c.gz
packet-ansi_a.gz
This file contains both packet-ansi_a.c and packet-ansi_a.h changes.
libwireshark.def.gz
ansi_a_stat.c.gz
svn path=/trunk/; revision=19955
reported by Benjamin Meyer
WireShark marks DCE RPC FACKs as "malformed" if they do not have a body.
According to DCE RPC Spec. 1.1 FACKs "may contain" a body PTU.
I am unable to build WireShark (lack of time to install all neccessary stuff)
but I looked at the SourceCode. I think, at least this has to be fixed:
file: epan/dissectors/packet-dcerpc.c
function: static gboolean dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree)
*snip*
case PDU_FACK
dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr);
break;
*snap*
I guess, it should look like "case PDU_NOCALL:" directly above.
svn path=/trunk/; revision=19952
Hi,
The rease/release commands are also usable on SSC devices. This patch adds them to the valid SSC command.
Patrick
_______________________________________________
svn path=/trunk/; revision=19947
Hi,
Attached is a patch for packet-rpc.c and packet-rpc.h.
Update support for pseudo-flavors that used in RPCSEC_GSS
Also fixed a problem where rpc.reqframe and rpc.repframe where
reversed.
Alex.
svn path=/trunk/; revision=19946
http://wireshark.org/lists/ethereal-dev/200605/msg02351.html
- dtd_parse.l:
be more liberal on what a name can be (a number now can be a name)
- packet-xml.c
if proto-name is given use it instead of the root element name as prefix for generated fields
svn path=/trunk/; revision=19903
when it encountered a proxy http connect to port 80. This was caused by
the dissector calling itself over and over. Now if the connect to port is
one of the defined http ports, it calls the data dissector.
svn path=/trunk/; revision=19899
This patch changes the name of "Link Configuration" Packets to "Neighbour Discovery" - as preferred by the creator of TIPC - and shows the TIPC src/dst in the columns instead of the MAC address for those packages.
svn path=/trunk/; revision=19887
a new more accurate fix for bug #1163. Thanks to Graeme Lunt for pointing out that the first patch broke a different capture with legitimate SES data in it. My patch also corrects the check for number of bytes existing from 4 to 2 as the minimum length of an SES PDU is only 2 bytes: 1 byte type, 1 byte length.
svn path=/trunk/; revision=19886
* makes checksum computation dependent
upon the header CsCov field (cf. RFC 4340, 5.1)
* removes the case where checksums are zero
(unlike UDP/packet-udp, from which the code stems,
zero checksums are illegal in DCCP (as in TCP))
* fixes a minor typo - missing bitshift of the
CCVal field
svn path=/trunk/; revision=19885
Check for an invalid channel frequency. Pass the channel, data rate,
and quality to the 802.11 dissector, so that they show up there
as well. Clean up whitespace.
svn path=/trunk/; revision=19878
it broken in one of the previous bugfixes to tcp
add a function to print an emem tree to the console for easier emem tree debugging
svn path=/trunk/; revision=19877
there used to be a bug in tcp reassembly that even if the dissector only asked for x more bytes from the next segment the entire segment would still be added to reassembly.
this caused some issues when there was a new multisegment pdu that started at the end of the segment but this bug was fixed when tcp reassembly was refactored semi-recently.
there was also another "bug" in the http reassembly that it would only ask for one more byte at a time when doing reassembly.
this did work well however when we still had the bug in tcp reassembly but made wireshark become very very very slow once this tcp bug was fixed since it is very very very slow to reassemble a huge http pdu just one byte at a time.
this patch adds partial support (what we need for http which does not use tcp_dissect_pdus() ) for the desegmentation flag : DESEGMENT_ONE_MORE_SEGMENT and also to the http dissector so that reassembly of http headers spanning multiple semgents now become fast again
svn path=/trunk/; revision=19859
will correspond to which bit fields. Don't use them.
Use #defines rather than numbers in the appropriate places.
Constify some arguments.
Get rid of C++ comments.
svn path=/trunk/; revision=19854
Patch attached to convert usage of ntohl() -> g_ntohl(). On HP-UX,
ntohl() isn't available unless you -D_XOPEN_SOURCE_EXTENDED but there
are other uses of g_ntohl().
svn path=/trunk/; revision=19844
put this stuff into an external file but just doing a forward
declaration to squelch a compiler warning isn't the way to go - it
needs to be done right one day.
svn path=/trunk/; revision=19827