This simplifies the generation of dissectors for ROS-based protocols using the asn2wrs #.TABLE directive.
See the P7 dissector for an example.
svn path=/trunk/; revision=23706
There is a new check for the length, and the reported_length is added to the
offset, instead of the "theorical" length of the element.
This fixes bug 2052.
svn path=/trunk/; revision=23687
This patchs adds the
- requested check of tlv_len at top of the disection-loop
- length check for fields w/ variable length (expert_add_info_format)
svn path=/trunk/; revision=23673
The Packet decoder for CFM has a couple of small bugs.
1) The frame rate for CCM's is wrong for rate=4, it's shown as 1ms and it should be shown as 1s.
2) The flags display for a LTM packet has the wrong title for bit 7. It should be UseFDBonly, not RDI.
svn path=/trunk/; revision=23649
The startup timeout on Win32 is reduced to 80% without assembler and to 50% with assembler usage (which is optional)
proto.c
- do not look up in filed tree and inserts in two steps but do it at once
- next few small speedups
- some often called elementary functions can be optionally implemented in assembler
- dispart some functions to see more exact result from profiling
packet-tpnc.c
- do not reallocate memory for each filed
svn path=/trunk/; revision=23643
In capture_sync.c: Don't clobber the DLT value.
In packet-cops.c (modified by me): Instead of adding an item as a static,
mis-cast FT_UINT16 to the tree, add it as an FT_NONE.
In packet-802.11.c: Add the right address to the tree.
svn path=/trunk/; revision=23624
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
shorter integral type. Fixes bug 2027.
Rename the "bytes" pointer to "octetstring", and initialize it in a
fashion that makes it clearer that it points to the first of the basic
types, to make it clearer that it's for OctetString.
svn path=/trunk/; revision=23615
used by the mpeg-audio dissector: instead keep the data inside the wiretap
module and add accessor functions. I think this should fix
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677 and anyway it's
cleaner.
svn path=/trunk/; revision=23612
* change expert group from PI_MALFORMED to PI_CHECKSUM (as it should be!!!).
* set item hf_udp_checksum_[good|bad] as generated
svn path=/trunk/; revision=23599
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587
It looks like in dissect_nfs_open_claim_delegate_cur4() instead of dissection
stateid we are doing something wierd and dissecting uint64 instead(remnants of
rfc3010 where stateid was 64 bit number?). We already have function for
dissecting stateids, so just a matter of making a different call.
From me:
Also deleted the hf_nfs_stateid4_delegate_stateid entry.
svn path=/trunk/; revision=23571
Add basic support for NFSv4.1, as of about draft 13 of the current spec.
The protocol is not completely finished yet, and future patches will be
needed to bring it up to date.
From me:
- Add a check for valid pointers in nfsv4_operation_ett
- Always increase offset when calling dissect_nfs_devices4
- Added a default case in dissect_rpc_secparms4
svn path=/trunk/; revision=23570
This bugfix is focused only in the Sender ID TLV segment of code. This was to
address the possibility that the Sender ID TLV may not have a Management
Address Domain, and/or a Management Address. This bug was discovered when
testing the dissector using CFM-enabled Netopia modems.
svn path=/trunk/; revision=23534
text fields (data & sqlstatement). Also fix the options on the FT_STRINGZ
items - change them to FT_STRING and change BASE_DEC to BASE_NONE.
svn path=/trunk/; revision=23505
them with an expert info (PI_WARN).
Change "Duplicate TSN" expert info to "Retransmitted TSN" and make it PI_NOTE
instead of PI_WARN.
Change "More than 100 TSNs gap-acked" expert info to PI_WARN (from PI_NOTE).
Frame numbers (and count of retransmissions) are unsigned, display them that way.
svn path=/trunk/; revision=23502
Added a dissector assert on inconsistent data.
Do not align retransmission or duplicate acknowledgement data in COL_INFO.
Removed several _U_ for used variables.
Re-indented some if-blocks.
svn path=/trunk/; revision=23492
http://www.wireshark.org/lists/wireshark-dev/200711/msg00228.html
Only a single (private) capture file is currently available which contains only a few of the P7 operations, so testing has been minimal.
General attribute types, containing information from the X.400 envelope, are also included.
svn path=/trunk/; revision=23479
on the first fragment of a fragmented message. This allows us to continue
dissecting chunks even if one of the first chunks in the frame was fragmented.
(It's useful to keep doing this partial dissection just so we have some idea
what's in that chunk.)
(One could rightfully argue that you should only see a fragmented chunk
bundled with another chunk when retransmitting but, well, I'm staring at
traces of an implementation--to remain nameless to protect the guilty--which
is sometimes fragmenting and then bundling the fragments into one packet.)
svn path=/trunk/; revision=23471
Uses the ber_callback mechanism to call the rtse oid callbacks, rather than the default ber oid callback list.
A couple of fixes to packet-ber.c to mark [in]direct references as present and call the ber_callback if it has been specified.
svn path=/trunk/; revision=23450
Updated dissector for LINX protocols
* Linx Ethernet Connection Manager protocol is updated from version 2 to
version 3.
* Linx RLNH protocol has been updated from version 1 to version 2.
The updated dissector is backwards-compatible allowing correct dissection of
all versions.
svn path=/trunk/; revision=23444
Since the use of the function 'dissect_ber_tagged_type' for DialoguePortion,
the file tcap.cnf must be updated to remove the decoding of the tag and length.
This decoding is now done in the new function 'dissect_ber_tagged_type'.
The file tcap.cnf has been updated to take into account this change.
But this leads to a change in tcap.asn too, for the definition of the
ExternalPDU.
I think this part of the ASN1 file is specific to Wireshark and can be
modified.
In the meantime, I did update the DEBUG part for packet_ber.c for the function
(dissect_ber_tagged_type)
svn path=/trunk/; revision=23442
move TRY block in its own function.
__attribute__((noinline)) does not compile with MS VC 6
nor does __declspec(noinline)
Applied the patch without it.
svn path=/trunk/; revision=23424
for the same tvb. This keeps us from freeing the same memory twice and
crashing on some systems.
This might be the same bug Brian Vandenberg was looking for in
http://www.wireshark.org/lists/wireshark-dev/200705/msg00406.html .
svn path=/trunk/; revision=23415
When offset parameter is 0 replace tvb_bytes_exist() with the faster tvb_length().
On the other hand
if (tvb_bytes_exist(tvb, 0, 20)
is more readable than
if (tvb_length(tvb) >= 20
so only do it in heuristic function
svn path=/trunk/; revision=23412
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
This uncomments the OID registration of pkixcmp and adds 2 Cryptlib OIDs
Changed to use oid_add_from_string for adding names.
svn path=/trunk/; revision=23316
Makes more fields searchable
Also fixes some typos and indentation errors
Fixes bug http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1802 for edonkey
dissector: every field defined by the dissector is now contained under the
PROTOABBREV=edonkey "root" key
svn path=/trunk/; revision=23315
nine or so packets are handled to accommodate authentication type none and
to allow cleaner future improvements. Includes a few touch ups to the
rest of the dissector as well.
svn path=/trunk/; revision=23310
- parameterized object class assignment
- octet string with extensible size constraint
- RELATIVE-OID type (still not supported in packet-per/ber)
packet-per
- octet string with extensible size constraint
more dissect_per_... functions exported from libwireshark.dll
PER dissectors regenerated
add forgotten packet-h323-template.h
fix svn properties for h323 files
svn path=/trunk/; revision=23309
This dissects the initial Connect-Initial and Connect-confirm pdus of
setting up t.125
The dissector needs to be enhanced to also decode the data payload so
that it can decode any furhter packets on the connection after these two
initial handshake packets
svn path=/trunk/; revision=23307
asn1 template file plus generated .[hc] files;
Note that the generated files include changes which are a result of previous
changes to snmp.cnf (SVN #23252) and of other changes (eg: svn 21145).
svn path=/trunk/; revision=23302
When doing TCP_SEQ analysis, if the packet is a SYN, then it's
not a lost packet but the tcp ports are being reused. This is often
seen in load-balanced environments where client ports are preserved
on the server-side.
This time it is fixed by creating a new conversation whenever a
new SYN is received for an existing conversation. This fixes the
following:
- bug 1680: Error in TCP Sequence number analysis
- TCP-conversation timestamps for new TCP-sessions with the addresses
and ports as a previous TCP-conversation in the trace-file.
svn path=/trunk/; revision=23299
According to http://www.iana.org/assignments/bootp-dhcp-parameters, suboptions
from 1 to 10 have been defined. 3 is reserved, and most of the others have
their own RFC. For a start I've attached a patch that decodes suboption 6 just
as 1 and 2, and also suboption 3. This might not be entirely correct, since
suboptions 1 and 2 are opaque values (RFC3046), while 6 is an ASCII text
string.
I added something for the other values as well...
svn path=/trunk/; revision=23293
The description of the most significant bit of the "Device Revision" byte of
the response to a "Get Device ID" is the wrong way round. 1 means "device
provides Device SDRs" and not the contrary according to IPMI specs 1.5 and 2.0.
Also, I noticed in that file that "Chassis" is spelled "Chasis".
svn path=/trunk/; revision=23292
Enhancement:
- TIPC is available in a new version (1.7), adding/removing fields while
keeping the same version number (2).
Minor bugs:
- In NAME_DISTRIBUTOR messages the origianting and destination node are
switched.
- The used size of BUNDLER messages payload is not calculated correctly when
size%4=0, this leads to the wrong assumption that the message would be
malformed.
svn path=/trunk/; revision=23291
The GIOP Fragment message type was added as of GIOP 1.1. However the Fragment
message header (containing a request id) was only added as of GIOP 1.2. The
GIOP Fragment dissector incorrectly attempts to process the request id for a
version 1.1 request.
To fix add a version check to the dissect_giop_fragment function in
packet-giop.c:
svn path=/trunk/; revision=23289
RFC3315 says that the vendor-specific information option must encapsulate each
option in the format code/length/value. The current dhcpv6 dissector does not
differentiate these fields, it just puts it all together as one option-data
field. Attached is a patch that addresses this issue.
svn path=/trunk/; revision=23284
(where the initial length isn't readily available when item is first added)
Note that this still won't work where an initial length of 0 is given for
the item that will later be extended using proto_item_set_len(), as the
pointer value part of the zero-length array will reamin NULL...
svn path=/trunk/; revision=23253
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
Removed some workaround code in the .cnf file.
There is still some code for handling an EXTERNAL (EXTERNALt) as the RTSE dissector has its own set of callbacks and consequently can't (currently) use the packet-ber.c functions.
svn path=/trunk/; revision=23242
Note that there is still a problem with 'Apply as filter' filters. They seem to remember the initial length of the item, and not the final length set using proto_item_set_len() (this is the case for groups of TBs/PDUs). Will investigate when time allows...
svn path=/trunk/; revision=23239
sFlow datagrams can contain sampled headers from conversations on the network.
Often it is convenient to have wireshark dissect these payload headers, but
doing so can also have undesirable side effects. Dissected payload headers may
match filters looking for header fields that also happen to occur in the
payload. This can cause surprising results.
Also TCP analysis will almost always flag errors on sampled headers. They are,
after all, just a sample and many sequence numbers are sure to be missing.
There is probably a more general way to resolve these issues, but adding
preferences to enable/disable tcp analysis and dissection of sampled headers
will be a good start. This will make it possible to examine the details of
sampled headers if desired or to disable dissection if the side effects of
dissecting sampled headers cause issues.
svn path=/trunk/; revision=23230
H.225
- change RysMessage_vals to h225_Rasmessage_vals
- use #.PDU directive for H323-UserInformation and RasMessage instead of implementing it by hands
- register RasMessage_PDU as "h225.ras" dissector for calling it from H.460
asn2wrs make PDUs exportable
svn path=/trunk/; revision=23226
- Generic Extensible Framework helper
- Annex M1 (QSIG over H.323)
- Annex M4
- Annex R
H.225/H.245 support for Generic Extensible Framework (GEF)
H.235 register MIKEY into new H.225/H.245 GEF tables
regenerate H.225,H.245,H.235,H.450,H.450-ROS,T.35 from new makefiles
svn path=/trunk/; revision=23216
When a SYN/ACK is missing in the capture, the base_seq used in
relative sequence numbers was not set correctly. I made the
setting of fwd->base_seq and rev->base_seq a little more solid.
svn path=/trunk/; revision=23213
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
Author :
Richard Kuemmel <r.kuemmel[AT]beckhoff.de>
Updates and bugfixes:
Peter Johansson <peterjohansson73[AT]gmail.com>
svn path=/trunk/; revision=23174
I would like to submit the dissector that will add support for dissecting CFM
packets with the ethertype 0x8902 defined by the IEEE proposal for 802.1ag
Draft 8.1. This code has been tested using the CFM feature implemented on a
pre-GA build of the Spirent TestCenter, and the Alcatel-Lucent 7330 ISAM
product. Code has been reviewed and tested by the design team at
Alcatel-Lucent in the Access Network Department (AND).
I have also added some elements for the ITU proposal Y.1731, where it will
recognize all additional opcodes for that proposal, and it will fully dissect
the AIS PDU.
Fuzztest has been performed and has passed.
svn path=/trunk/; revision=23170