as handling the application/x-amf media type.
Add support for dissecting AMF3.
Dissect AMF0 dates as milliseconds-since-the-Epoch.
Dissect AMF0 typed objects.
Add URLs for various Adobe specs for RTMP, AMF0 and AMF3.
svn path=/trunk/; revision=46047
Error: packet-ositp.c : {..., NULL} is required as the last XXX_string array entry: value_string tp_vpart_checksum_vals[]
svn path=/trunk/; revision=46044
Added the start of IPv6 support for I/O conversations (waiting for spec definitions to complete).
Added support for multiple messages in a single frame to be separated in the COL_INFO column.
ENIP
Added ListIdentity delay dissection
remove check_col()
CIP
Added TimeSync object dissection
svn path=/trunk/; revision=46020
number of SACK ranges found in the SACK option.
This involved extending the IP options framework to include an extra
void* data field, which in the case of TCP is filled in with the tap
struct - other users currently pass NULL.
I first implemented the graph to sort the SACK ranges and show (in red)
the unacknowledged regions between them, but this became confusing where
the number of ranges is limited by TCP padding bytes. i.e. you can't
tell how many SACKs could have been encoded, so some of the gaps between
ranges may already have been received.
svn path=/trunk/; revision=46006
Fix dissection of Server Name Indication extension in SSL/TLS traffic
From me:
Fix a few errors found by checkhf.pl and fix-encoding-args.pl
svn path=/trunk/; revision=46005
Catch exceptions thrown while registering the dynamically generated tpncp
fields, and take that as a hint that the .dat file is corrupt.
svn path=/trunk/; revision=46004
Make sure the array of names is always null-terminated, even if we have
enough names to fill the entire thing. Also use a gboolean instead of a
gint for one variable.
svn path=/trunk/; revision=46003
Makes L2CAP be independent from acl_data
When L2CAP is transferred through wireless it has no ACL incapsulation.
The patch makes it possible to chain L2CAP dissector based on LLC
bluetooth pid.
Part of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7633
svn path=/trunk/; revision=45918
The attached patch contains some improvements to the COL_INFO output of the
DCE/RPC dissector. The changes are:
- separate the informations by commas
- make output of Context ID always use "Ctx: %u"
- print names of RPC over HTTP PDUs on the protocol tree line (in addition to
COL_INFO)
svn path=/trunk/; revision=45888
- Now works for WebSocket packets not aligned with IP packets.
- Support subdissectors.
From me :
- Fix checkAPIs warning (about comments)
- Remove some whitespace
svn path=/trunk/; revision=45875
USBAudio dissector can reassemble SysEx commands.
MIDI SysEx dissector can (partially) dissect DigiTech protocol.
From me :
Fix a wrong encoding type found by fix-encoding-args tools
Add Modelines info
svn path=/trunk/; revision=45873
This patch will print the information if an
invalid string was entered. It would be better to have a button to click on in
the UAT dialog to show valid values, but I don't know how I could do that with
the UAT system. So I'm simply printing it now in the error dialog, which should
be good enough.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7949
svn path=/trunk/; revision=45866
According to Table 161 in ETSI 392-2 standard, the Class of MS field in
U-LOCATION UPDATE DEMAND in tetra.asn is incorrect. the type of Class of MS
field should be Type 2, not Type 1, and the length should be 24 bits, not
32bits.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7946
svn path=/trunk/; revision=45857
"application/octet-stream" default to OFF effectivly disabling the protocol as default as the use of this protocol should be limited
and false positives are seen.
svn path=/trunk/; revision=45846
Wireshark 1.8.3 does not decode the IPv6 Option Pad1 (RFC 2460 Section 4.2)
RFC say : NOTE! the format of the Pad1 option is a special case -- it does not have length and value fields.
#BACKPORT(1.8)
svn path=/trunk/; revision=45843
"in RSVP RESV message there incorrect
explanation of field "Flags" of Label subobject is appeared in Packet Details
section: value 0x01 of Flags field mistakenly defined as "Local Protection
Available" (I guess that this is borrowed from Flags field of IPv4 Address
subobject). Flags 0x01 in Label subobject means that particular label is global
(RFC 3209, Clause 4.4.1.3)."
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7876
svn path=/trunk/; revision=45835
"use of window's own __try {} __finally {} and __except {}
mechanism" along with "macros based on kazlib's exception code"
has problems and does not always work properly.
svn path=/trunk/; revision=45831
There are a handful of fields in the IEEE802.11 dissector that are comprised of
a 16-bit value. The hf array for these fields has the necessary masks to
correctly parse a 16-bit value, yet some of the fields were being added as 1
byte. This patch corrects these fields with a proto_tree_add_item approach
(instead of proto_tree_add_[uint|boolean]).
svn path=/trunk/; revision=45828
- Remove 'if (tree)' around an indirect call to expert...();
- Create/use extended value strings as appropriate;
- Localize some variables;
- Remove unneeded initializers;
- Reformat hf[] array entries (use a consistent format);
- Use a consistent indentation and a consistent whitespace style.
svn path=/trunk/; revision=45821
Fix dissection of some GSM RR IEs which include length octet
From me:
Keep displaying those IEs as TLV to keep coherency with other TLV IEs
Fix dissection of Dynamic ARFCN Mapping
svn path=/trunk/; revision=45811
- rename variables to fix all "shadowed variable" warnings;
- remove certain 'if(tree)' statements;
(A new-style dissector) should return the same
'bytes processed' whether or not 'tree == NULL');
- simplify code in numerous places (including removing
redundant/repeated code);
- fix remaining uses of FALSE as 'encoding' arg;
- use consistent indentation and formatting.
ToDo: Changes to fix apparent cases of incorrect
dissection.
svn path=/trunk/; revision=45802
This is a portion of the patch supplied in bug 7902 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7902). Breaking the functionality up into smaller chunks.
This definitively breaks the Modbus dissection into 3 dissectors:
Modbus - real protocol PDU
Modbus/TCP - Encapsulation of Modbus over TCP (with a small header before PDU)
Modbus RTU - Originally an encapsulation of Modbus over serial (with smaller header + CRC), but can also be sent over TCP.
General cleanup/refactoring (including display filter names) based on the 3 dissectors.
Also included:
1. Enhanced dissection to include preferences for register data to be dissected as UINT16, UINT32 or FLOAT
2. Dynamic port registration
3. Additional fields now filterable
svn path=/trunk/; revision=45793
chapter 3 has redefined to mean years *after* 2036) were being represented as
times prior to 1968.
This has been broken since r35840 (apparently not many people see NTP
timestamps beyond 2036 :-)): apparently I over-optimized packet-ntp's code
while copying it into proto.c: that temporary variable is necessary for the
unsigned math to happen correctly before assigning the result to the (signed)
time_t.
Leave a comment in the code indicating why the temporary variable is needed.
Copy that comment to packet-ntp.c.
Fix the same problem in ntp_to_nstime(): it also did not use the temporary variable.
svn path=/trunk/; revision=45790
Allow dissection of ESM messages with integrity protection and EEA0 ciphering
From me:
Tighten heuristic to check for allowed EPS bearer identity values
svn path=/trunk/; revision=45789
parse EPSV response
from me
- no expert info under if(tree)
- use hf_ftp_epsv_port instead of hf_ftp_pasv_port
- don't use isdigit(), this is C99
- use temporary variable for IPv4 address
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7729
svn path=/trunk/; revision=45778
tvb_length_remaining -> tvb_reported_length_remaining.
Check return value of tvb_reported_length_remaining > 0.
Use tvb_reported_length to skip past all the bytes in the tvb.
svn path=/trunk/; revision=45776
during fuzz testing or randpkt testing; somebody might be putting bad
packets on the wire to try to, for example, crash or break into your
protocol implementation.
svn path=/trunk/; revision=45749
Note that, if you want EUI-64's to resolve the OUI in the display,
hacking individual dissectors to do it themselves and use AT_STRINGZ is
*not* the right way to do it.
svn path=/trunk/; revision=45743
Add a dissector for the America Online protocol (not the AIM protocol).
From me: always use ENC_NA for FT_UINT8 types.
svn path=/trunk/; revision=45731
- Ethereal --> Wireshark;
- gerald@ethereal.com --> gerald@wireshark.org;
- update FSF address;
- remove unneeded #includes;
- Fix ENC args for proto_tree_add_item() & etc;
- simplify/remove proto_reg_handoff...() as appropriate;
- remove some boilerplate comments;
- move proto_register...() and proto_reg_handoff...() to
the end of the file as per convention;
- remove some unneeded initializers.
- simplify some code;
- replace "" in hf[] blurb by NULL.
svn path=/trunk/; revision=45728
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2611:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2617:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
svn path=/trunk/; revision=45711
../../../epan/dissectors/packet-btatt.c:299:25: error: too many arguments for format [-Werror=format-extra-args]
../../../epan/dissectors/packet-btatt.c:254:12: error: unused variable 'col_info' [-Werror=unused-variable]
svn path=/trunk/; revision=45710
Add support for HCI 3.0+HS and v4.0, Bluetooth Low Energy. This includes
dissection of additional HCI commands and events, Attribute Protocol and
Security Manager Protocol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7872
svn path=/trunk/; revision=45709
2) Use proto_item_append_text instead of proto_item_set_text, since this is
called within a loop.
3) Increment the offset correctly using blocklen-4 instead of
tvb_length_remaining, which makes no sense.
svn path=/trunk/; revision=45657
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back;
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
svn path=/trunk/; revision=45651
increment offset to point to the first byte after the options
(the code used to set an absolute position, if that was 0, we were stuck
in an endless loop)
svn path=/trunk/; revision=45646
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (9 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- remove some unneeded initializers;
- unsigned --> guint;
- remove unneeded #includes.
- whitespace changes.
svn path=/trunk/; revision=45642
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (10 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- Remove unneeded #includes;
- whitespace (e.g., use consistent indentation).
svn path=/trunk/; revision=45641
- Fix incorrect use of ENC_BIG_ENDIAN instead
of FALSE (3 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined as 0x0000000];
- use proper ENC arg for a proto_tree_add_item();
- whitespace.
svn path=/trunk/; revision=45640
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (10 instances);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- create/use extended value strings as appropriate;
- remove unneeded initializers;
- reformat hf[] entries;
- whitespace.
svn path=/trunk/; revision=45638
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (3 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- Remove 'if(tree)' around calls to subdissector;
- whitespace & formatting.
svn path=/trunk/; revision=45635
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000];
- use proto_tree_add_item() instead of proto_tree_add_uint() when appropriate;
- move proto_register...() to just before proto_reg_handoff..()
as per convention;
- proto_reg_handoff...() doesn't need 'if (!initialized)'
- remove unneeded #includes;
- remove some "boilerplate" comments;
- remove unneeded forward declaration;
- whitespace.
svn path=/trunk/; revision=45631
indentation, whitespace, long-lines, etc.
Also;
- replace two usages of fprintf(stderr,...) by g_warning();
- revert incorrect replacement of FALSE by ENC_BIG_ENDIAN
done a while back (2 cases);
[The incorrect use of ENC_BIG_ENDIAN was benign since
ENC_BIG_ENDIAN is currently defined ad 0x0000000]
svn path=/trunk/; revision=45625
- Revmove 'if (tree...)'; col_...() shouldn't be called under same;
- Add an XXX comment;
- Remove not req'd #include <epan/prefs.h>;
- Address cppcheck msg: "Clarify calculation precedence for >> and ?";
- Localize certain variables & remove unneeded initializers;
- Do some whitespace changes.
svn path=/trunk/; revision=45617
and it apparently either has the value 0x00000044 or 0x00000041. If
those bytes aren't the magic number for an AVS header and aren't one of
those "message code" values, assume there's no Prism header, just an
802.11 frame - that fixes at least one capture where some packets have
AVS radio headers and other packets have no radio header.
Note that this might also let us handle big-endian Prism headers (see
which byte order the message code is in, and assume everything else is
in the same byte order).
Display the message code in hex, not decimal.
svn path=/trunk/; revision=45609
- Calls to expert...() and col_...() should not be under 'if (tree)'
- Move proto_reg_handoff...() to the end of the file as per convention;
- Localize a few variables
- Fix some whitespace (e.g., convert what appear to be '4 space tabs' to spaces)
svn path=/trunk/; revision=45591
tvb_length_remaining() may return -1
if that happens in dissect_rdp_fields(), return an error
the caller that calls dissect_rdp_fields() from a for loop detects the error
and exits (others should handle the error as well, this is missing for now)
svn path=/trunk/; revision=45566
http://home.martin.cc/linux/prism
there's a set of DID type values different from the ones we were using,
and there are captures out there that use values from both sets.
Support both sets.
That page also says that a "status" value of 0 means "supplied"; treat
zero as meaning "supplied", and, if it's not zero for a field, don't
include it.
The "Mac Time" is, according to that page, the lower 32 bits of the MAC
timestamp; report it as such.
Fix some field names that were copied-and-pasted but not changed.
The RSSI and signal quality values are numbers, so show them in decimal.
The "signal" and "noise" values appear to be signed numbers, so make
them signed rather than unsigned and show them in decimal.
Show the data rate in the same style as it's shown in the radiotap
dissector.
Show the frame length in decimal; we probably have relatively few users
with 16 fingers.
svn path=/trunk/; revision=45545
extensions were incorrectly made ephemeral, rather than seasonal, in
r44662. They need to be seasonal, as they're used for dissecting all
packets in the X session.
Redo a couple of loops as for loops to make it a little clearer what
they're doing.
svn path=/trunk/; revision=45539
- Init COL_PROTOCOL before fetching from tvb;
- Remove some unneeded variable initializers;
- Localize some variables;
- Misc including whitespace revisions.
svn path=/trunk/; revision=45537
- Dissection of monitors config message (SPICE_DISPLAY_MONITORS_CONFIG message)
- Better dissection of capabilities (added several more capabilities for main
and display channels)
From me:
- Remove (now) unused variables.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7859
svn path=/trunk/; revision=45534
Label the data sources for reassembled fragments as "Reassembled
6LoWPAN".
Fix the capitalization of "6LoWPAN".
Also, label the data sources for decompressed fragments as "Decompressed
6LoWPAN xxx".
svn path=/trunk/; revision=45529
Label the data sources for them as "6LoWPAN xxx", where "xxx" is the
type of compression, and label the data sources for reassembled
fragments as "Reassembled 6LoWPAN".
Fix the capitalization of "6LoWPAN".
Note that if reassembly fails, continuing dissection is not the right
thing to do, at least not if it failed because we don't *yet* have all
the fragments.
svn path=/trunk/; revision=45527
Interface Information object for ICMP is *NOT* null-terminated. Use
tvb_format_text() for now, to properly null-terminate the display string
and to cope with non-ASCII data. (It should ultimately be a named field
with an encoding of UTF-8.)
svn path=/trunk/; revision=45525
Use a full 32-bit literal instead of just a 16-bit one. Fixes case where
the value we're &-ing with just slips over 2^16, making us get stuck
in an infinite loop.
I'm not sure this matches the iscsi spec anymore, the comment in the code
about padding bytes is ambiguous as to whether they're leading or trailing.
svn path=/trunk/; revision=45524
IPsec ESP: allow filtering by ICV verification result
Add hf_esp_icv_good and hf_esp_icv_bad (similar to IP checksums), to allow
filtering based on the ICV check results.
svn path=/trunk/; revision=45483
packet-smb.c does not handle truncated frames well when dealing with TRANS2 FIND_{FIRST/NEXT} responses
The current code simply throws an exception if any of the expected data is
missing, even though there might be several file's worth of data available.
I will attach a patch that does a better job of handling truncated frames in
such cases.
svn path=/trunk/; revision=45480
packet-smb.c does not correctly dissect INFO_QUERY_EAS_FROM_LIST
[MS-CIFS].pdf makes it clear that, contrary to what packet-smb.c says, handling
the response to a TRANS2/FIND_{FIRST,NEXT} with a level of
INFO_QUERY_EAS_FROM_LIST is not the same as handling INFO_QUERY_EA_SIZE.
svn path=/trunk/; revision=45479
Done on general principles altho upon inspection
none of the cases changed would have actually
resulted in an infinite loop.
svn path=/trunk/; revision=45478
The changes fix definite problems or
are done "just in case" for cases not esily determined
to be a problem by quick inspection.
Note: in some cases for loop index variables have been renamed
to ensure all required codes changes detected.
##backport
svn path=/trunk/; revision=45477
The changes fix possibly problematical cases
(not clear upon quick inspection).
Also: fix several bugs wherein an inner 'for' loop used
the same index variable name as an outer loop thus
messing up the outerloop.
##backport
svn path=/trunk/; revision=45476
../../../epan/dissectors/packet-giop.c: In function 'get_CDR_typeCode':
../../../epan/dissectors/packet-giop.c:3341:15: warning: variable 'ti' set but not used [-Wunused-but-set-variable]
../../../epan/dissectors/packet-giop.c: In function 'decode_ServiceContextList':
../../../epan/dissectors/packet-giop.c:3871:7: warning: variable 'temp_offset' set but not used [-Wunused-but-set-variable]
../../../epan/dissectors/packet-giop.c: In function 'dissect_giop_request_1_2':
../../../epan/dissectors/packet-giop.c:4443:10: warning: variable 'response_flags' set but not used [-Wunused-but-set-variable]
../../../epan/dissectors/packet-giop.c: In function 'get_giop_pdu_len':
../../../epan/dissectors/packet-giop.c:4837:81: error: unused parameter 'offset' [-Werror=unused-parameter]
svn path=/trunk/; revision=45473
Updated wireshark_gen.py to generate hf_ variables for all of the IDL "types". The "simple" types use proto_tree_add_* (not text), while the "complex" types use the GIOP dissector API. checkhf.pl generates some warnings because (some of) the hf_ variables are being generated for the "complex" types, but are not being used. That will be done in Part 2.
expert_add_info_format now linked to a real item instead of being attached to a duplicative proto_tree_add_text(). This cleaned up literally thousands of unnecessary proto_tree_add_text()s
svn path=/trunk/; revision=45472
I also did a small bit of cleanup dissection while I was there, but it could definitely use more. I just want to fix the fuzztest crash I discovered before the buildbots get a hold of it.
svn path=/trunk/; revision=45469
Done on general principles altho none of the cases
changed would have actually resulted in an infinite
loop because a Bounds error would eventually occur.
svn path=/trunk/; revision=45462
not "for (i = 1; i < N+1; i++)".
Even if it weren't the idiom, it'd be safer, at least for unsigned
values, as, if i and N are the same width, and N has the maximum
possible value for that width, the first of those runs i from 0 to N-1,
all of which fit in a variable of that width, and the second of those
runs i from 1 to N, the latter of which doesn't fit into a variable of
that width, so modulo arithmetic turns it into 0 and the loop keeps
running forever.
Fixes bug 7844.
svn path=/trunk/; revision=45459
wlan_mgt.ht.capabilities bits 8-15 incorrectly decoded (from wrong packet offset)
The bug is that the code defines the bit fields as 16 bit, but increments the
offset in-between decoding B0-B7 and B8-B15 which causes the wrong bits to be
decoded.
Also fix to change "Capability" to "Capabilities" to match spec
From me : Fix wrong length for A-MPDU
svn path=/trunk/; revision=45431
col_append_str(pinfo->cinfo, COL_INFO, ", with session description"); is redundant if some one has a different opinion fel free to revert.
svn path=/trunk/; revision=45428
Minor bugfixes to packet-msrp.c and packet-mrp-mvrp.c
Major updates to packet-ieee17221.c
Changes to ieee17221.c update dissector from draft revision 18 / 19 code to
draft revision 21.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7779
svn path=/trunk/; revision=45419
Cleans up the mask used for the "High" part of the sub-carrier modulation
to match (modulus the 4-bits shifting) the one used for the "Low" part.
svn path=/trunk/; revision=45382
Fix bug #7772: dissect only the number of active HomePlug AV subcarriers
The dissector currently dissects all 1156 sub-carriers available in the Tone
Map Characteristisc Confirmation frame no matter what is the number of active
ones.
This is not valid, because the frame only contains the number of active
sub-carriers, even though it is padded to 1156 sub-carriers. This is also an
issue for newest HomePlug AV devices with a 500Mbits/sec PHY rate, because
those will have up to 2690 sub-carriers, and we would only dissect the first
1156 active ones.
svn path=/trunk/; revision=45381
- ipv6.traffic_class.dscp use ext string so and need BASE_EXT_STRING flag (fix SIGSEGV)
- dscp_vals was removed from .h file, so make it static
- export dscp_vals_ext
svn path=/trunk/; revision=45380
Guy Harris