Need to add support for WAPI parameter set IE in management frames.
We already have WAI frames dissection support in place.
From me:
Small changes...
- Add links to WAPI specs
- Replace tabs by space
- Remove whitespaces
svn path=/trunk/; revision=48276
length.
While SPC-2 only has one byte for allocation length
Change this to treat allocation length as a 16 bit quantity starting one byte prior to the current single byte that wireshark dissects.
This makes it correct for SPC-3 and later and still works for SPC-2 since that first byte is reserverd, == must be 0, in SPC-2 and prior.
svn path=/trunk/; revision=48258
tipc: update link header according to spec
The bcastsequence gap have been removed, and the sequence field is now 13 bits.
svn path=/trunk/; revision=48238
Added functionality:
- SMB2 support for Export->Objects->SMB
- support for SMB_COM_CREATE, SMB_COM_OPEN, SMB_COM_READ and SMB_COM_WRITE commands
- Ability to choose between File Id and full file name as identifier for file re-building. Implemented as an option under Edit->Preferences->Protocols->SMB and Edit->Preferences->Protocols->SMB2.
Other minor changes and fixes:
- Full filename in file
- Inclusion of IP of SMB server when treeid name (i.e. hostname) is not known
- UTF-8 filenames encoding before passing them to Export Object Window
- Re-written insert_chunk function of export_object_smb.c to make it easier to debug
- Fixed of an error in insert_chunk function of export_object_smb.c (the verification of next free_chunk was always skipped after deleting one free_chunk).
- Removed duplicated code by inserting the function feed_eo_smb in packet-smb.c and packet-smb2.c
- Changed the label of Export->Objects->SMB menu into Export->Objects->SMB/SMB2
svn path=/trunk/; revision=48210
1. Convert more proto_tree_add_text to proto_tree_add_<something else>/expert_info. checkAPIs.pl is happy (for packet-rtps.c), but the raw number is a bit deceiving because of macros and wrappers.
2. Fixed the offending "uses snprintf + strlen to assemble strings" in packet-rtps.c. The exact same code is used in packet-rtps2.c, so just proper refactoring will fix it. There is still too much unnecessary use of g_snprintf/g_strlcpy/strlen, but that's for a later date.
3. Removed most of the "useless" wrapper functions. Again, the number of proto_tree_add_text is deceiving, so the number of hfs that really need to be created is much larger.
4. Whitespace cleanup. Removed a lot of whitespace so I could see more code on the screen, to help determine duplication between packet-rtps.c and packet-rtps2.c Comments/descriptions of fields remain untouched.
The more I trim, the more I think this should all be in a single dissector file, which will be the goal of the next update. Trying to patch this in somewhat manageable chunks.
Also need to submit sample traces generated for (fuzz)testing.
svn path=/trunk/; revision=48206
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
If we don't decode a tag, just say "Undecoded" on the top-level item;
the tag name or number is already on that item, and the length is
underneath it.
svn path=/trunk/; revision=48180
reject packets that don't look enough like GTP/GTP' packets. This fixes
bug 1706, and fixes some other cases where non-GTP/GTP' packets are
being dissected as GTP/GTP'.
svn path=/trunk/; revision=48118
packet-bssgp.c: In function 'de_bssgp_unconfim_send_state_var':
packet-bssgp.c:3318:13: error: variable 'state_var' set but not used [-Werror=unused-but-set-variable]
svn path=/trunk/; revision=48095
Fix indentation.
Fix a proto_tree_add_uint_format_value() call not to include the name of
the field - proto_tree_add_uint_format_value() will add that for you.
Have dte_address_util() take the offset of the address as an argument;
it's not always at the same offset from the beginning of the facility.
Have it return the pointer to the generated string directly, rather than
through a pointer argument.
Create only one subtree for each facility, and give it a text description
of the facility code rather than the numerical value of the facility
code. Make the top-level item for the facility cover all the bytes of
the facility, including code, length if present, and parameters.
Dissect the end-to-end transit delay and priorities facilities
completely. Also, fix an incorrect use of "transmit delay" to say
"transit delay".
Get rid of the last of the spaces preceding colons in "Field: value"
descriptions and in a "default:" case label.
Do the data vs. non-data packet thing ith
if (PACKET_IS_DATA(pkt_type)) {
...
} else {
...
}
rather than, in effect, doing the "else" with a break; that makes the
code a bit clearer.
Put the logical channel number into the protocol tree in common code for
the default case, rather than doing it separately for data and non-data
packets. Clean up the dissection of non-data packets to add entries
before updating the columns, so that we don't throw an exception
updating the columns before we get to add items that wouldn't throw
exceptions. Clear the Info column early in the dissection, in case we
throw an exception before getting to set it and thus leave behind the
column information for the protocol atop which we're running.
svn path=/trunk/; revision=48093
1. Cleanup COL_INFO processing
2. Add expert_info for "octet_to_next_header" ranges
3. Check "RTPS" all at once
4. Remove some unnecessary function declaration.
Next is probably consolidating packet-rtps.c and packet-rtps2.c as there seems to be a lot of duplicative functionality.
svn path=/trunk/; revision=48082
hf_gtp_next.
Don't do "dummy" dissection of extension headers that we don't actually
dissect - we label them by next extension header type, and dissect them
in the default case, which should suffice (until somebody adds
dissection for those types).
svn path=/trunk/; revision=48075
Extend RTP dissector with ED-137 extension
From me: Don't try to dissect a non-existent payload (see comment #9
on the bug).
svn path=/trunk/; revision=48069
Give URLs for the 3gpp.org pages for all those specs.
Add #defines for all the GTP v1 extension header types we handle.
"gtp_prime" is a Boolean; make it a gboolean.
Dissect the first 4 octets of the header one field at a time, so that if
the packet is cut short by a snapshot length we at least dissect what's
there.
32.295 isn't entirely clear on what the 20-byte header for GTP' v0 is;
assume it's the same as the header for GTP v0.
Once we've fetched the length field from the fixed-length portion of the
header, set the length of the tvbuff to the sum of the offset past the
fixed-length portion and the length field, to catch running past that
value.
Use GTP_E_MASK|GTP_S_MASK|GTP_PN_MASK as the mask for testing for the
presence of those fields, to make it a bit clearer what's being checked
for.
Don't actually add those fields to the protocol tree unless the flag for
the field is set.
We only need one chunk of code to handle extension headers.
Make that chunk a loop, and put the header in as an FT_NONE item, with
the length, header data, and next header under it. Put the initial next
header field in as well. (We treat this like IPv6 extension headers,
with the next header field being part of the previous header, rather
than like a set of TLVs, with the next header field being the type value
of its header.)
Fail if the extension header length is zero.
Use the reported length when processing IEs or T-PDU payload.
svn path=/trunk/; revision=48068
In the array of WME AC names, the name for tid 3 is wrongly named as "Video" it should be "Best Effort" instead.
#BACKPORT(1.8,1.6)
svn path=/trunk/; revision=48062
(Only display the value in decimal don't yet display the Average Access Delay , See 8.4.2.41 BSS Average Access Delay element )
svn path=/trunk/; revision=48057
human-friendly version of the value followed by the raw value, is to put
the human-friendly name first, with the raw value after it in
parentheses. Follow that convention for the command code.
svn path=/trunk/; revision=48029
representation for you; the format string should not include the field
name.
Add protocol items to the SliMP3 tree, not to the top-level tree.
If we're fetching a 16-bit value from the protocol tree and multiplying
it by 2, it won't necessarily fit in a guint16; make the variables used
for that guints.
The sequence field of the MP3 data ack packet isn't being fetched from
the packet, so just use proto_tree_add_item() for it (rather than using
a value fetched for a previous field).
Use %u to format unsigned values.
svn path=/trunk/; revision=48028
before the point at which it's added to the protocol tree.
Put the ATM channel in the ATM tree rather than the top-level tree.
Fix the name for the CPI field (copy-and-pasteo).
svn path=/trunk/; revision=48015
1. Convert proto_tree_add_text to proto_tree_add_item/expert info
2. Change to "new style" dissector
3. Use standard malformed packet interface
Reviewed by Francesco Fondelli
svn path=/trunk/; revision=48009
Centralize logic related to per-interface conversations, and expose it for use
by class-specific dissectors.
Class-specific descriptor dissectors also need to know the interface in whose
context they are called to work.
This is a prerequisite for a USB Video Class dissector, which needs to decode
many class-specific descriptors.
svn path=/trunk/; revision=47990
New dissector for the honeypot-feeds protocol.
From me: Misc. tweaks to expert info layout and remove a few unneeded initializers.
svn path=/trunk/; revision=47962
commented-out/#if-ed-out "Data1" field, as it's the same field.
Give the flags in that field names including "flags".
Shuffle the fields around to put "Flags" (a/k/a Data1) where Data1 was,
and put the bits in that field after it.
Update the URL for the spec at IBM.
Reformat the entries in hf_netb[] to use the same style.
svn path=/trunk/; revision=47933
A detailed diagnostic information contains either a SMS-SUBMIT-REPORT or a SMS-DELIVERY-REPORT. Set P2P direction accordingly.
svn path=/trunk/; revision=47927
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
put the length, identifier, and value as visible sub-items underneath
it. If the length is bad, add an expert info indication under the item
for the length, rather than using proto_malformed. Add checks for the
lengths of each type of subvector.
Add some more subvector types from IEEE 802.5-1998, and use the names
from that spec.
svn path=/trunk/; revision=47923
the compressed data, put the entries for particular parts of that data
under that entry, and, when we have a problem decompressing, add an
expert info item to that entry, rather than just adding text or using
proto_malformed. Do so for *all* decompression problems; in particular,
check for decompressed_entry() returning NULL, which it can do.
tvb_new_child_real_data() won't throw an exception, so don't bother
checking for that.
If, after the first pass, we can't find the uncompressed data for a
frame, report it as a dissector bug.
Check whether we have room for a byte in the uncompressed data buffer
*before* copying it.
Other cleanups.
svn path=/trunk/; revision=47922
way we don't keep two copies of the fragments in memory until the file is
closed.
wmem is probably a better alternative to this.
svn path=/trunk/; revision=47897
Support AES-GCM ipsec encryption using CTR (since libgcrypt doesn't support
GCM). Using CTR instead gets us decryption, but does not verify authentication.
svn path=/trunk/; revision=47886
If the SSID isn't valid UTF-8 truncate it and indicate that we did so.
(As bug 5738 points out this is part of a more general problem but in
the meantime this keeps us from crashing.)
Don't try to decrypt too-long SSIDs.
I feel compelled to change my SSID at home to a series of carriage
returns, linefeeds, and SNOWMAN (U+2603).
svn path=/trunk/; revision=47871
- fix dissection of type 0 packets with large CID
- add dissection of type 1 and 2 packets (extension 3 dissection to be done)
- add dissection of UDP checksum
svn path=/trunk/; revision=47869
Minor corrections to the VHT IE decode
* Correct the Rx, Tx and Basic MCS map decodes. The number of Spatial streams should run from 1-8 (not 0-7).
* Change Several misstyped Mhz into MHz
From me:
Remove comma for big number (use space)
Add Octets unit in some hf description
svn path=/trunk/; revision=47858
Don't pass a length longer than the strlen of the string into
format_text(). This can happen if the length we ask for from the
tvb overflows, for example.
svn path=/trunk/; revision=47839
- use a gboolean instead of an int where appropriate
- comment out an unnecessary variable assignment
- move some other assignments to before the address of the variable is taken;
this makes the data flow more natural and cleans up some cppcheck warnings
svn path=/trunk/; revision=47811
1. Allow to DecodeBy payload over AVCTP
2. Fix L2CAP CID payload recognize after disc
3. Removed unneeded _U_
4. Fall back to control channel in AVRCP
5. Fix time-tracking for passthrough and capability AVRCP commands
From Michal Labedzki, bug 8367 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8367)
svn path=/trunk/; revision=47810
In some cases these malformed frames trigger a DISSECTOR_ASSERT() in proto.c's proto_item_set_len(). This happens when packet-ieee80211.c's dissect_ieee80211_mgt() calls packet-ieee80211.c's get_tagged_parameter_tree() with a "size" parameter value of -1.
From me:
Replace by proto_tree_add_item with -1 length (and use FT_NONE ftype)
svn path=/trunk/; revision=47795
The problem is when Wireshark dissect CAPWAP packets from Cisco without preference "Cisco Wireless Controller Support"
In this case the whole packet decoded wrong, not only Wireless Specific Information field in CAPWAP header
I suggest following patch to dissect_capwap_header function to always return correct length of CAPWAP header based on HLEN header field
From me:
Add expert info to display a warning about Calculate length and Header length are different (and suggest to activate Cisco Wireless Controller Support Preference)
svn path=/trunk/; revision=47793
1) hf_reload_dmflags is 8 bytes, not 64 bytes.
2) Swap dissection order of dmflags and length.
3) Register ett_reload_self_tuning_data and ett_reload_diagnosticrequest.
#BACKPORT(1.8)
svn path=/trunk/; revision=47789
In fixing this bug, also fix another: Be sure to use tvb_length() and not tvb_reported_length() in get_utp_version(), since this is essentially where the heuristics are being applied to decide whether to accept the packet or not.
svn path=/trunk/; revision=47761
tvbuff and runs to the end of the tvbuff? Let me count the ways....
Replace a bunch of different ways of doing that (some incorrect, in that
they're not properly handling tvbuffs where the captured and reported
lengths are different) with tvb_new_subset_remaining().
svn path=/trunk/; revision=47751
checksummed, which is the length of the TPDU, not that length + 1.
Calculate the TPDU length correctly - use
tvb_reported_length_remaining(), not tvb_length_remaining() (we want the
*actual* length, not the amount of captured data we have), and take the
offset handed to the dissector routine into account. Don't take the
length indicator into account for TPDUs with user data, as they run to
the end of the lower-level packet containing the TPDU(s). The CLTP UD
TPDU contains user data.
Note that this dissects both COTP *and* CLTP (that's why it's
"packet-ositp.c", not "packet-cotp.c").
Separate some groups of #includes with blank lines.
svn path=/trunk/; revision=47745
it's been used in an rtp_set_address() or srtp_set_address() call and,
if that Boolean is set, don't free the hash table; this fixes a case
where the hash table was freed while it was in use.
svn path=/trunk/; revision=47740
an int, so don't use enums for special values of the PLP length field.
In addition, use G_GINT64_CONSTANT() to tag them as appropriate for a
guint64.
svn path=/trunk/; revision=47737
Misc. fixes to the SML dissector:
- one more define added
- removed data_handle (unused)
- removed "check = tvb_get_guint8(tvb, temp_offset);" (value hasn't changed)
- added PI_NOTE
- CRC fixed, calculation now correct if CRC is transmitted as UINT8
From me:
- clean up indentation
- change modelines to actually match the indentation most commonly used
svn path=/trunk/; revision=47736
Feed the tap before trying to dissect the payload. This prevents a malformed
payload from blocking the tap, resulting in incorrect RTP statistics.
svn path=/trunk/; revision=47729
Additionally:
1) Remove check_col()'s
2) Don't call expert_add_info_format() from within an if (tree) {} block.
3) tvb_reported_length_remaining() can return -1; be sure to handle it.
4) Misc. whitespace changes.
svn path=/trunk/; revision=47722
With small additional changes by me
Make many of the length and offset fields in the websocket dissector unsigned.
This fixes a case where we could attempt to malloc (unsigned)-1 bytes of memory.
Also fix one small copy-paste string typo.
svn path=/trunk/; revision=47700
Stig Bjørlykke