This matches the style used for Wi-Fi Display and gets rid of a minimal
header file for functionality that extends packet-ieee80211.c.
svn path=/trunk/; revision=49594
ENC_BIG_ENDIAN or ENC_LITTLE_ENDIAN.
Treat the AP PS Buffer State subfield of the QoS field the same way we
treat other subfields in the second byte of the QoS field - show it as
the upper 8 bits of the (shown as big-endian) QoS field. Fix a bitmap
while we're at it.
Show the channel map as an FT_NONE - it's a structure with two bytes.
svn path=/trunk/; revision=48924
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
Add support for 11R RIC IE's: Data and Descriptors for both FT-Over-Air and FT-Over-DS
Add 802.11 Tag RIC Data (57)
Add 802.11 Tag RIC Descriptor (75) (Not tested...)
From me:
- Remove tabs and whitespace
- Fix fix-encodings-args "warning"
svn path=/trunk/; revision=48421
Needed to convert use of old IEEE802.11 preference strings to UAT. Since UAT is self-contained within its own file, the entire preference file doesn't need to be rewritten/saved when UAT values are changed.
svn path=/trunk/; revision=48308
Need to add support for WAPI parameter set IE in management frames.
We already have WAI frames dissection support in place.
From me:
Small changes...
- Add links to WAPI specs
- Replace tabs by space
- Remove whitespaces
svn path=/trunk/; revision=48276
If we don't decode a tag, just say "Undecoded" on the top-level item;
the tag name or number is already on that item, and the length is
underneath it.
svn path=/trunk/; revision=48180
In the array of WME AC names, the name for tid 3 is wrongly named as "Video" it should be "Best Effort" instead.
#BACKPORT(1.8,1.6)
svn path=/trunk/; revision=48062
(Only display the value in decimal don't yet display the Average Access Delay , See 8.4.2.41 BSS Average Access Delay element )
svn path=/trunk/; revision=48057
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
If the SSID isn't valid UTF-8 truncate it and indicate that we did so.
(As bug 5738 points out this is part of a more general problem but in
the meantime this keeps us from crashing.)
Don't try to decrypt too-long SSIDs.
I feel compelled to change my SSID at home to a series of carriage
returns, linefeeds, and SNOWMAN (U+2603).
svn path=/trunk/; revision=47871
Minor corrections to the VHT IE decode
* Correct the Rx, Tx and Basic MCS map decodes. The number of Spatial streams should run from 1-8 (not 0-7).
* Change Several misstyped Mhz into MHz
From me:
Remove comma for big number (use space)
Add Octets unit in some hf description
svn path=/trunk/; revision=47858
In some cases these malformed frames trigger a DISSECTOR_ASSERT() in proto.c's proto_item_set_len(). This happens when packet-ieee80211.c's dissect_ieee80211_mgt() calls packet-ieee80211.c's get_tagged_parameter_tree() with a "size" parameter value of -1.
From me:
Replace by proto_tree_add_item with -1 length (and use FT_NONE ftype)
svn path=/trunk/; revision=47795
and a couple of SET_ADDRESS()s.
Use proto_tree_add_item() instead of proto_tree_add_ether() called with a
pointer into the TVB.
Leave a comment for a place where a bunch of code in several case statements
could probably be collapsed into much less code.
svn path=/trunk/; revision=46682
- Use/create extended value strings as appropriate;
- Reformat hf[] entries;
- Do whitespace, & etc changes to use a consistent formatting style;
- Reformat some long lines;
- Localize some variables; remove some unneeded initializers;
- expert...() shouldnt be called under 'if (tree)' (packet-wimaxasncp);
- Move proto_register...() & etc to the end of the file (packet-ieee80211);
- Misc.
svn path=/trunk/; revision=46489
are like the non-TVB versions except that they take a TVB and an offset
instead of (frequently) a pointer into the TVB.
Calling tvb_get_ptr() before modifying the rest of the fields should help fix
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7960 (though I can't
reproduce that problem).
Replace a bunch of calls like:
SET_ADDRESS(..., AT_XXX, length, tvb_get_ptr(tvb, offset, length));
with:
TVB_SET_ADDRESS(..., AT_XXX, tvb, offset, length);
svn path=/trunk/; revision=46324
There are a handful of fields in the IEEE802.11 dissector that are comprised of
a 16-bit value. The hf array for these fields has the necessary masks to
correctly parse a 16-bit value, yet some of the fields were being added as 1
byte. This patch corrects these fields with a proto_tree_add_item approach
(instead of proto_tree_add_[uint|boolean]).
svn path=/trunk/; revision=45828
The changes fix definite problems or
are done "just in case" for cases not esily determined
to be a problem by quick inspection.
Note: in some cases for loop index variables have been renamed
to ensure all required codes changes detected.
##backport
svn path=/trunk/; revision=45477
wlan_mgt.ht.capabilities bits 8-15 incorrectly decoded (from wrong packet offset)
The bug is that the code defines the bit fields as 16 bit, but increments the
offset in-between decoding B0-B7 and B8-B15 which causes the wrong bits to be
decoded.
Also fix to change "Capability" to "Capabilities" to match spec
From me : Fix wrong length for A-MPDU
svn path=/trunk/; revision=45431
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
TKIP dissection : wrong IS_TKIP macro
In [1] "11.4.2.2 TKIP MPDU formats", we could see below sentence.
"WEPSeed[1] is not used to construct the TSC, but is set to (TSC1 | 0x20) &
0x7f."
But the IS_TKIP macro only checks (WEPSeed[1] & 0x20).
So sometimes IS_TKIP macro mis-dissects a CCMP frame as a TKIP frame.
This patch changes IS_TKIP macro to do more better check.
[1] IEEE Std 802.11.-2012
#BACKPORT(1.8, 1.6)
svn path=/trunk/; revision=44790
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
it as appropriate in the code to read Network Instruments Observer
captures (rather than tweaking the "protected" flag in the packet data),
and use that flag in the 802.11 dissector.
Fix indentation while we're at it (tabs are not *ipso facto* 4 spaces).
svn path=/trunk/; revision=43795
implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
Wireshark > 1.4 does not correctly read Association ID for PS Poll packets
Wireless Frame with subtype 0x1a don't interpret the Association ID (always 0).
Fix :
proto_tree_add_uint() wasn't changed to proto_tree_add_item()
#BACKPORT
svn path=/trunk/; revision=43556