DHCPv6 dissector is pretty old, i.e., it needs some updates (provided in the patch).
For instance, RFC 5007 (leasequery) is not taken into account.
svn path=/trunk/; revision=23950
In packet-gsm_sms.c, in function dis_field_ud_iei, it is assumed that the UDHL
must be greater than 2 (because it is expected that IEIa and IEIDLa will be
one byte each and the rest will be IEIDa).
However, there are some cases in which UDHL can be 2. For example, in 3GPP 23.048.
svn path=/trunk/; revision=23945
In our communication systems, we make use of the RTP header extension to encode
signalling information in the form of a bit mask. To improve our debugging, we
extended the default RTP dissector to call back any subdissector registering
for a particular RTP payload type string. This allows to render the value of
the header extension in a different, more flexible way compared to the default
numeric representation, such as in form of a subtree.
svn path=/trunk/; revision=23943
When parsing nfsv4 GETATTR reply in attribute fs_location wireshark displays incorrect content for the attribute value. It looks like instead of parsing as rpc arrays, value gets parsed as
rpc linked list. This patch which fixes the problem
I also noticed that FATTR4_MOUNTED_ON_FILEID attribute is not getting parsed, so I added parsing for that as well.
svn path=/trunk/; revision=23917
have them use least some of the radio-information fields, so that the
same field name can be used for multiple radio header types. The AVS
header can supply the data rate in bits/second, so have that field be in
those units, and make it 64 bits to leave room for the future, Just In
Case. Display it as Mb/s, however.
svn path=/trunk/; revision=23911
During a regular Wireshark trace of UCP packets running over ethernet, I noted
that Wireshark said the login packet was malformed, even though it looked OK
and the server responded correctly. After looking at the UCP protocol, it
became clear that Wireshark was parsing a type 60 message which only has one
Reserverd field (RES1) and expecting it to have two Reserved fields (RES1 and
RES2) like a type 61 message. This is because it is using the same function to
parse both messages, and does not have a conditional for the type 60 field.
svn path=/trunk/; revision=23903
The attached patch checks sll_hatype field type and if suggest capture on GRE
interface, the packet will be dissected using GRE dissector table. Also prints
physical addresses with length 4 as IPv4 addresses.
This fixes bug 2105.
svn path=/trunk/; revision=23892
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
This patch adds a heuristic dissector to the ethernet trailer under the
keystring "eth.trailer". This allows for other protocol plugins which coopt
the ethernet trailer for their own devices to register for trailer traffic
without requiring any further changes to the executable.
svn path=/trunk/; revision=23880
capture file that were actually on the wire. The reassembly code waited for
the gaps to be filled in by retransmissions, which would never come.
With this fix all acknowledged data will be output with "[xxx bytes missing in
capture file]" inserted in every gap.
svn path=/trunk/; revision=23878
- NAL unit - Sequence parameter set
- NAL unit - Picture parameter set
for the trace I have and also dissect those NAL units in the RTP stream.
For "elements coded as ue(v), me(v), or se(v) are Exp-Golomb-coded" only ue(v) is implemented.
svn path=/trunk/; revision=23858
This dissector supports version 3.0 of the dlm (Distributed Lock Manager) protocol.
Actual implementation for the protocol is in linux kernel. See files under linux/fs/dlm/.
svn path=/trunk/; revision=23828
upset MSVC++ if the wrong code page is selected, and there's no
guarantee that all forms of output of dissected packets are in any
particular character encoding.)
svn path=/trunk/; revision=23819
When an ISOCHRONOUS URB was captured the packet-usb.c does not handle it.
Case URB_ISOCHRONOUS was added at two different places to handle it also.
svn path=/trunk/; revision=23817
Use G_GINT64_MODIFIER for gint64 and guint64 values. Use "u", rather
than "d", for unsigned values. Put whitespace in the proper place in
format strings.
svn path=/trunk/; revision=23762
null-terminated string that the format item used when scanning says it
is - i.e., 4 "char"s, including the null terminator.
(Thanks and a tip of the hat to "gcc (GCC) 3.3.5 (propolice)" on OpenBSD
4.2 for finding this.)
svn path=/trunk/; revision=23761
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
This simplifies the generation of dissectors for ROS-based protocols using the asn2wrs #.TABLE directive.
See the P7 dissector for an example.
svn path=/trunk/; revision=23706
There is a new check for the length, and the reported_length is added to the
offset, instead of the "theorical" length of the element.
This fixes bug 2052.
svn path=/trunk/; revision=23687
This patchs adds the
- requested check of tlv_len at top of the disection-loop
- length check for fields w/ variable length (expert_add_info_format)
svn path=/trunk/; revision=23673
The Packet decoder for CFM has a couple of small bugs.
1) The frame rate for CCM's is wrong for rate=4, it's shown as 1ms and it should be shown as 1s.
2) The flags display for a LTM packet has the wrong title for bit 7. It should be UseFDBonly, not RDI.
svn path=/trunk/; revision=23649
The startup timeout on Win32 is reduced to 80% without assembler and to 50% with assembler usage (which is optional)
proto.c
- do not look up in filed tree and inserts in two steps but do it at once
- next few small speedups
- some often called elementary functions can be optionally implemented in assembler
- dispart some functions to see more exact result from profiling
packet-tpnc.c
- do not reallocate memory for each filed
svn path=/trunk/; revision=23643
In capture_sync.c: Don't clobber the DLT value.
In packet-cops.c (modified by me): Instead of adding an item as a static,
mis-cast FT_UINT16 to the tree, add it as an FT_NONE.
In packet-802.11.c: Add the right address to the tree.
svn path=/trunk/; revision=23624
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
shorter integral type. Fixes bug 2027.
Rename the "bytes" pointer to "octetstring", and initialize it in a
fashion that makes it clearer that it points to the first of the basic
types, to make it clearer that it's for OctetString.
svn path=/trunk/; revision=23615
used by the mpeg-audio dissector: instead keep the data inside the wiretap
module and add accessor functions. I think this should fix
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677 and anyway it's
cleaner.
svn path=/trunk/; revision=23612
* change expert group from PI_MALFORMED to PI_CHECKSUM (as it should be!!!).
* set item hf_udp_checksum_[good|bad] as generated
svn path=/trunk/; revision=23599
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587