conversations large enough to hold the maximum setup method size plus a
trailing '\0'. Make the maximum setup method size 7, so that when the
trailing '\0' is included the total array length is a power of 2. (The
longest string currently used is "Skinny", which fits in 7 characters).
This fixes problems in the RTP and RTCP dissectors similar to the one
found in the T.38 dissector.
Undo the previous change to packet-t38.c, as it's now safe to store in
method[MAX_T38_SETUP_METHOD_SIZE], because the array now has
MAX_T38_SETUP_METHOD_SIZE+1 characters.
(Should we use "strlcpy()", and supply our own "strlcpy()" if the system
and/or C library doesn't supply it? Its semantics are a bit cleaner
than those of the "strncpy()"/null-terminate idiom, perhaps making it
less likely that mistakes of this sort will be made.)
svn path=/trunk/; revision=12803
fix two instances of wrong parameter list to proto_tree_add_string_format()
if we call proto_tree_string() the hf field has to be of a string format as well.
now it dissects christophe's capture without dumping core but it looks weird.
mmse and telco people can read the specs and find ut what it wrong.
svn path=/trunk/; revision=12801
dissect packets containing that filter type.
Note that if a dissector for a particular operation fails, we should
stop dissecting rather than trying to dissect the controls.
svn path=/trunk/; revision=12786
another part of the PROFINET dissectors (PN-CBA, including a lot of generic DCOM dissection) still some work to be done ...
svn path=/trunk/; revision=12776
I.e. when a segment is seen that would (as far as ethereal can tell from the ACKs it has seen in the other direction) fill the window completely.
It is similar to but not exactly the same as the XeroWindow detection since there are many instances where ZeroWindow detection would not work (i.e. an ACK where win==0 since many many situations occur where the window is full but no zerowindowack is ever generated)
Someone that has good english could, please, update the Wiki with this option.
It is very very useful to spot performance issues where the tcp window size is too small to accomodate the enmd-to-end latency.
svn path=/trunk/; revision=12774
it will not solve the problem in the c06- testmenageri capture that
contains unknown types of ldap commands but it will at least
stop the ldap controls dissector from dumping core.
someone interested in ldap might want to look at those "unknown ldap packets"
in the trace.
svn path=/trunk/; revision=12773
This has the effect that if you have a capture file with a hole in it, sa say when snoop or similar stops capturing packets for a while while writing the data to disk you often end up with a packet just after the hole that is a response packet and which ethereal mistakenly matches with a request/response from before the hole.
now, when the first response is seen to a request remove the entry from the unmatched table so that no other response can match the same request.
svn path=/trunk/; revision=12770
so that it will track pdu boundaries properly
not tracking pdu boundaries caused pain since it would miss too many
commands
svn path=/trunk/; revision=12769
==============
packet-ocsp.c:191: error: static declaration of 'Version_vals' follows non-static declaration
packet-x509af.h:39: error: previous declaration of 'Version_vals' was here
packet-ocsp.c: In function 'dissect_ocsp_T_response':
packet-ocsp.c:398: warning: pointer targets in passing argument 5 of 'dissect_ber_identifier' differ in signedness
packet-ocsp.c:398: warning: pointer targets in passing argument 7 of 'dissect_ber_identifier' differ in signedness
make[4]: *** [packet-ocsp.lo] Error 1
==============
This fix is in the generated file only - please fix in the right
source file too.
svn path=/trunk/; revision=12751
part of the packet's data.
If a packet has a starting and ending frame delimiter - i.e., the
delimiter at the end is followed by another delimiter - consider the
ending delimiter part of the first packet's raw data.
svn path=/trunk/; revision=12749
framing, and put the raw packet and fragment data at that layer.
Add a common routine to dissect un-escaped PPP data that might have 0xff
0x03, and use it both for the raw PPP in HDLC-like framing and for
processing un-escaped data.
Check for an escape byte not followed by another byte (e.g., because the
packet is too short).
Handle the case where a chunk of that raw byte data doesn't begin with
0x7e, but starts with cruft from a previous PPP packet split across
lower-level packets.
svn path=/trunk/; revision=12741
regenerated all dissectors
fixed the choice/sequence struct to use unsigned entities for class and tag
(to reduce some compiler warning and because it should be signed quantities)
svn path=/trunk/; revision=12740
create some missing makefiles for autogenerated dissectors
finish the transition to the new ber integer dissetor helper signature
and regenerate all ber dissectors
svn path=/trunk/; revision=12724
GSM SMS fixes:
- Made Timezone view human readable based on 3GPP TS 23.040 V6.5.0 (9.2.3.11).
- TP-UDHI field - located within bit no 6 one more place was left over from
previous patch by Viorel Suman made on 9 Dec 2004.
svn path=/trunk/; revision=12718
The ACL parser will attempt to decode as many ACE structures as are
specified in the ACL structure. If the number of ACE structures is
sufficiently large with one of the ACE structures specifying a size of
0, then the ACL parser will parse that ACE structure repeatedly,
eventually causing a denial of service to Ethereal.
I've attached a diff against HEAD that corrects the problem. The diff
also corrects a few decoding errors in the NT ACL & ACE structures. A
pcap is attached that reproduces the problem.
svn path=/trunk/; revision=12706
Various GSM SMS fixes:
- Wrong positions of the fields, located within the first octet
of the GSM SMS TPDU.
- One byte is skipped during RP-ERROR vs. RP-ACK detecting:
Offset must be increased only when RP-ERROR is detected in
order to avoid one byte skipping.
- Improper dissect method is used to dissect SMS-DELIVER-REPORT.
svn path=/trunk/; revision=12703
The "if()" gets rid of one GCC warning, but adds another one - we could
leave the warning in place, as a reminder that the dissector needs to be
finished, or we could just tag the parameter with _U_ to suppress the
warning.
svn path=/trunk/; revision=12695
packet-ipmi.c:3568: warning: ISO C forbids initialization
between function pointer and 'void *'
by declaring a proper function variable.
svn path=/trunk/; revision=12692
Net-SNMP expects this in the MIBS environment variable, so don't use
":" in the default MIB list if we're running under Windows.
svn path=/trunk/; revision=12681
couple of problems when reading the PROTOS SNMP captures. Check for
integer overflows in dissect_snmp_pdu and asn1_null_decode.
svn path=/trunk/; revision=12609
Ethernet frames, one for encapsulated frames that include an FCS and one
for encapsulated frames that don't include an FCS. Use the appropriate
versions.
In the ISL dissector, do the same sort of processing we do in the
Ethernet dissector to figure out whether the frame has a trailer or not
and whether it has an FCS or not.
svn path=/trunk/; revision=12593
The compression option isn't just the compression protocol, it can
include options for the protocol, so name the ett_ variable for its tree
appropriately.
svn path=/trunk/; revision=12572
1. Add Preferences:
a. To allow specification of a hint as to TDS protocol being decoded
(Unspecified/TDS4/TDS5/TDS7/TDS8); Default: 'unspecified'
The 'hint' is used only when needed to do a correct decode.
If the protocol is unspecified, the decode is as previous.
b. To allow specification of 'ranges' of TCP ports to be treated as
'TDS tcp ports'; i.e. if the source or destination port of a tcp
connection matches a specified range, then the connection should be
considered to be TDS.
c. To allow specification of a hint as to whether TDS being decoded is
'little-endian' or 'big-endian'. Default: 'little-endian'.
A hint is just that; E.G. if TDS7+ packets are encountered the decode
is always 'little-endian'.
2, Register tcp MS SQL default ports (1433, 2433) as TDS ports
('dissector_add'). This also enables TDS as a choice for 'decode as'.
3. 'netlib_check_login_pkt' changed to check 'TDS tcp port' range(s) as
entered in preferences;
4. Change 'dissect_tds_query_packet' to handle TDS4 ascii in addition to
TDS7/8 UCS-16.
5. Change 'dissect_tds_rpc' to:
a. handle TDS4 ascii RPC in addition to TDS7/8 UCS-16 RPC;
b. handle Microsoft 'encoded' rpc_name;
c. fix memory leak (not freeing memory obtained using
'tvb_fake_unicode');
6. Change 'dissect_tds_response' to:
a. handle tds4 tokens 'tds_col_name' and 'tds_col_info';
b. dissect tokens 'tds_doneinproc' and tds 'doneproc' similarly to
'tds_done'
c. reclaim memory allocated for 'tds_col' structures when finished
processing response
(Additional memory was being allocated each time a
tokenized tds5 response was processed)
7. New function 'dissect_tds_col_info_token' (similar to
'read_results_tds5') associated with handling TDS4 responses.
8. New functions 'dissect_tds_query5_packet', 'dissect_tds5_lang_token'
9. Rework TDS token size calculation; Some TDS tokens have a length field
of other than 2 bytes. (e.g.: the length field
for TDS_LANG_TOKEN is 4 bytes)
10. Update token definitions and usages;
a. Update based upon info from current version of FreeTDS 'tds.h'
as well as info from Sybase TDS5 document;
example: TDS_124_TOKEN renamed to TDS_PROCID_TOKEN
b. TDS_124_TOKEN [TDS_PROCID] was incorrectly not considered
a 'fixed-size' token in function 'tds_is_fixed_token'
svn path=/trunk/; revision=12566
add the "unknown sequence number" flag;
fix dissection of unreachable destinations in RERR messages;
fix prefix size in draft-perkins-manet-aodv6-01 RREP
messages to be 7 bits, not 5 bits;
put the message dissection under the top-level AODV tree rather
than at the top level;
fix labeling of source IPv6 address in RREP messages.
Update the comments at the beginning (AODV is now RFC 3561), and note
that RFC 3561 says that, for IPv6, the only change is that the address
fields are enlarged.
Rename RREQ_DEST and RREQ_GRAT to more fully indicate what they are.
Fix the name of the draft in the description of the
draft-perkins-manet-aodv6-01 messages.
Fix description of Gratuitous RREP flag in RREQ messages.
svn path=/trunk/; revision=12562
asn2eth generates exports for CHOICE as of BER_CLASS_UNI while the handgenerated ones specified the calss as BER_CLASS_ANY.
make dissect_ber_sequence() look at the tag as well and if -1 its a wildcard and anything goes.
svn path=/trunk/; revision=12559
call a new function to start dissecting what unknown fields we can dissect.
Currently only PrintableString and INTEGER implemented but it will be easy to add other BER Universal types as needed later
svn path=/trunk/; revision=12544
i think it is high time to put makefiles down in asn1/ since this autogenerating dissectors "experiment" have payed off so well and it actual;ly works!
i dont know anything about how autogen stuff works :-(
svn path=/trunk/; revision=12522
Only one function is implemented so fat M-Get but it would be trivial to add all the missing ones once there are example captures.
svn path=/trunk/; revision=12521
It worked reasonably well mainly, I suspect, due to implicit tags are reasonably uncommon in the dissectors we have already implemented and that the bugs were masking eachothers.
my regression tests (limited test samples though) decodes this new one exactly the same as the old one.
As a bonus by not changing anythiong in the decode is that now it is possible to get dissection of implice items to work properly, hence CMIP
(and also x509 Extensions work now)
make heaps of dissector helpers implicit_tag aware.
change asn2eth to generate code to call the implicit_tag aware integer dissector helper.
svn path=/trunk/; revision=12520
make ethereal be able to measure the time it took to transfer a PDU atop TCP.
This is great for analyzing performance issues caused by network/frame loss/congestion.
See http://wiki.ethereal.com/TcpPduTime
svn path=/trunk/; revision=12516
Contact header in the REGISTER reply contains more then one binding.
Details: up to now each Contact header was counted as one binding. But that
is not correct, because several Contact headers (as several other SIP headers
as well) can be written in one line separated by commatas.
svn path=/trunk/; revision=12507
fix the heuristic code -- sometimes a conversation already
exists;
fix the dissect code to display all the tags in the PDU.
svn path=/trunk/; revision=12504
support 6 additional login message verbs;
correct a problem with displaying proper return code values in
the reply packets.
Clean up white space.
Use "tvb_reported_length_remaining()" instead of
"tvb_length_remaining()", and don't use either one to avoid throwing an
exception on a short or malformed packet.
Use "val_to_str()" rather than "match_strval()", so we don't crash if a
value happens not to be valid.
svn path=/trunk/; revision=12503
so they show up near the top of the list of fields in the dialog box for
adding a field to a filter - those are probably quite likely to be used
in filter expressions where you don't happen to remember the name of the
field, and those should show up at the top so you don't have to scroll
through the entire list of fields to find them. (I suspect most other
fields either will rarely be filtered on at all, or would be filtered
only mainly with the "Match" or "Prepare" filter items, where you don't
need to know the name or even the text of the field.)
svn path=/trunk/; revision=12489
might have 0 in what would be the Ethernet type field.
Also, handle the first 5 octets of the destination address of an ISL
frame being 0C-00-0C-00-00.
svn path=/trunk/; revision=12484
take stuff that has to be done regardless of whether a protocol
tree is being built outside "if (tree)";
handle PDUs with both data and control units.
svn path=/trunk/; revision=12481
key list. In the Nettle code, clear the key list and re-read the key
file when the key file preference changes.
Remove a redundant define in config.h.win32.
svn path=/trunk/; revision=12471
use it ("sec_rgy_pname_t_size" had been used as an hf_ value, but it's
just a #define).
Fix the code for some strings to advance the offset by the string size
regardless of whether it's > 1 or not.
svn path=/trunk/; revision=12454
length of the UDP header itself, so subtract the length of the header
when using it to limit the length of the payload tvbuff.
Clean up the computing of the captured length of the payload tvbuff (we
really should get rid of the "length" argument to "tvb_new_subset()",
and have it compute the captured length based on the supplied reported
length and the amount of that data actually present in the parent
tvbuff).
Don't fetch the length and checksum fields until we use them (so that we
don't throw an exception until then, and fail to process the source and
destination ports), and check whether the length is bogus regardless of
whether we're building a protocol tree or not.
svn path=/trunk/; revision=12444
should be the length of the packet being dissected, so that if we throw
an exception dissecting it, the item covers the entire packet (because
it's incomplete, and thus *all* of it is the beginning of the header).
Instead, we should pass the length of the part of the header prior to
the protocol field as an argument to "dissect_ppp_common()", and it
should use that to set the length of that item.
svn path=/trunk/; revision=12441