m3ua and not the binary one.
make the binary dissector check if it is really the text based one to be used and if so
call that dissector instead.
svn path=/trunk/; revision=15862
show the value of 1 1111 as "Continued" in the bitfield and the actual
tag value in the following bytes.
Show the BER identifier data before an OID if we're showing internal BER
fields.
svn path=/trunk/; revision=15856
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
into the protocol tree once.
Fix the offsets and lengths used to put the variable binding values into
the protocol tree.
svn path=/trunk/; revision=15837
This makes Ethereal build again - there's no real reason that
ethereal fails to build for such a long time on so many platforms.
svn path=/trunk/; revision=15835
commit replaces the hand written dcerpc initshutdown and winreg
interfaces with autogenerated ones.
The pidl generated code is still a bit rought around the edges but will
hopefully improve with time.
svn path=/trunk/; revision=15812
Use "tvb_format_stringzpad()" rather than "tvb_format_text()" on
strings, as some of them are null-padded. (XXX - are they null-padded
or null-terminated?)
Clean up the TLV length checks, and do many more such checks.
svn path=/trunk/; revision=15809
our own.
Get rid of MAC_to_str() - ether_to_str() suffices.
Don't copy to on-the-stack fixed-size string buffers, just save the
results of various formatting calls as pointers.
Use tvb_format_text() to get displayable versions of text strings.
Use tvb_get_ipv4() and tvb_get_ipv6().
Don't put an item into the protocol tree as text and then put in a
hidden item that, if unhidden, would display the same or almost exactly
the same; just put the item into the tree unhidden.
svn path=/trunk/; revision=15808
and the stuff you have to do is compiler-dependent, so use
G_GINT64_CONSTANT()).
Properly handle formatting 64-bit quantities (they don't format
correctly by magic, and the stuff you have to do is compiler-dependent,
so use PRI[duoxX]64).
Don't copy the result of tvb_bytes_to_str() to a string buffer and then
only use it as an argument to a "%s" - just use the result directly.
Don't copy constant strings to a buffer - just use the strings directly.
Fetch 64-bit integral quantities with tvb_get_ntoh64(); they're
presumably in a standard byte order, which is probably big-endian for
Internet-family protocols, and using tvb_memcpy() is *guaranteed* to be
wrong on some platforms.
Fix up a format string.
Fix up indentation a bit.
svn path=/trunk/; revision=15807
Support some new messages and fix a couple of bugs.
packet-fc.h - Added a #define for a Cisco MDS-specific frame called OHMS (online health mgmt srv) packet-fc.c - Support for OHMS frame, fixed an incorrect "malformed frame" error caused on ACK1 frames (they
don't contain anything but (encap hdr + FC hdr + encap trailer), fixed incorrect detection of
last-data-frame
packet-fcct.h - Support for new service type, "Fabric Controller", used in conjunction with FC-SW3 ESS message,
exported the service name value string definitions and
packet-fcct.c - Support for recognizing "Fabric Controller" service type and "vendor-specific" service
packet-fcswils.h - Support for ESS & MRRA messages, defined as part of FC-SW3 packet-fcswils.c - Support for ESS & MRRA messages, defined as part of FC-SW3
packet-scsi.c - Support for Verify and Write&Verify SBC commands.
svn path=/trunk/; revision=15799
fragment size. The limit is conservatively set at 65536 bytes. It may
have to be increased. Fixes bug 421.
Add an entry to the release notes.
svn path=/trunk/; revision=15789
A new dissector - cimd dissector. CIMD stands for Computer Interface to Message Distribution and it's used to transfer short messages between applications and Nokia Short Message Service Center.
svn path=/trunk/; revision=15777
column-utils.h, and add it to expert.h, so we check the arguments to
"expert_add_info_format()", at least if the format argument is a
constant string.
Fix some more calls to "expert_add_info_format()" to pass it a format
string.
Don't record BoundsError exceptions as expert events - they merely
reflect a capture done with a snapshot length too short to capture all
of the packet (any case where it's caused by something else is a bug).
svn path=/trunk/; revision=15776
format string - the arbitrary string might contain "%" characters, so
the routine might then fetch arbitrary junk and try to use it as, for
example, a string pointer.
svn path=/trunk/; revision=15775
calls to "tvb_get_ipv4()" and "tvb_get_ipv6()".
Fix a call in the BGP dissector to properly fetch an IEEE floating-point
number.
Update some I-D info.
svn path=/trunk/; revision=15774
with some unrelated changes; it got rid of some calls to get IPv4/IPv6
addresses and add them to the protocol tree, replacing them with
proto_tree_add_item() calls, and fixed up the length of one protocol
tree item.
Note that we have (at least) three count 'em three different routines
for dissecting/displaying NSAPs (there might be more - I might have
missed some), and suggest that we might want to reduce that to one.
Update the URL for ICP values for IPv{4,6} addresses inside NSAPs.
Fix the offset in the call to add the IPv6 address part of an NSAP
containing such an address, and the length in the call adding the DSP
for an NSAP containing an IPv4 address.
Fix up indentation a bit.
svn path=/trunk/; revision=15766
in addition, I had to implement fragment_get_reassembled() in addition to fragment_get(), which works with reassembled_table
svn path=/trunk/; revision=15762
and that extract IPv6 addresses into a "struct e_in6_addr", with
tvb_get_ipv4() and tvb_get_ipv6() calls - except for some that we
remove, by using proto_tree_add_item(), rather than replacing.
Have epan/tvbuff.h include epan/ipv6-utils.h, to define "struct
e_in6_addr" (not necessary to declare the tvbuff routines, but including
it there means "struct e_in6_addr" is guaranteed to be defined before
those declarations, so we don't get compiler complaints if we define it
*after* those declarations).
svn path=/trunk/; revision=15758
as connection oriented (cn) and connectionless (dg) DCE/RPC uses different ways to handle defragmentation and this function is only used for dg
svn path=/trunk/; revision=15757
Please see: http://wiki.ethereal.com/Development/ExpertInfo for a complete overview of the intended feature and it's current state of implementation.
While I'm working on this, I've also added some more status result codes to the DCE/RPC and DCOM dissectors.
svn path=/trunk/; revision=15754
IPv6 addresses. Use "tvb_get_ipv4()" in the WINS Replication dissector,
so that it gets the right answer on little-endian *AND* big-endian
machines.
svn path=/trunk/; revision=15753
negative value, so we reject the packet as "not SIP".
Add a "dissect_sip_tcp_heur()" that's heuristic - it'll return FALSE if
the first packet doesn't look like SIP, but once it's dissected one
packet it'll just treat subsequent SIP packets as continuations if they
don't look right.
Clean up indentation a bit.
svn path=/trunk/; revision=15752
reassemble.c:
I had to change the way the reassemble code works if the dissector is telling that more fragments *will* follow. In this case the reassemble code shouldn't try to reassemble already at that time ...
I've also changed the way if a fragment was already seen or not, as it's not enough to check for the frame number, in the scenario described above.
Unfortunately both changes *might* broke other protocols from reassemble properly. I've checked with excessive TCP desegmentation and it's still working without any changes :-)
packet-dcerpc.c:
use a tvb subset to limit the "end of bytes" processed in a single fragment dissect run, as each fragment has it's own DCE/RPC header (and isn't part of the stub data of the previous packet).
svn path=/trunk/; revision=15744
Camel: Fix an off-by-one error. Don't alloc and free where it's not
needed. Remove an unused variable.
PPP and K12: Fix memory leaks.
svn path=/trunk/; revision=15725
Attached is a patch to solve the CHOICE problem for review.
Problem was two-fold:
1) not passing original class/tag to sub-choice we had matched BER_CLASS_ANY
2) not handling a count==0 if we had matched BER_CLASS_ANY
The patch also includes a my constructed octet string fix again.
svn path=/trunk/; revision=15698
I attach my RTSE dissector (in tar file) which requires the included ROS dissector, as well as a patch to the latest pres.{cnf,asn}. The ROS dissector uses a new field in the SESSION_DATA_STRUCTURE to pass the ROS operation to the sub-dissector, though this is also set by other dissectors (RTSE uses it in X.410 mode).
Note that X.400 P1 in X.410 mode doesn't use ROS, so it is useful not to explicitly include ROS in my X411 dissector. However, the inclusion of a ROS dissector won't effect any dissectors that currently implement their own ROS.
I also include dissectors for:
X.411 (P1) X.400 OSI Message Transfer Service
X.420 (P22) X.400 OSI Information Object
STANAG 4406 (P772) STANAG 4406 Military Message Extensions (to P22)
These rely on the RTSE and ROS dissectors.
Withs some changes to remove various warnings and errors.
svn path=/trunk/; revision=15680
Basically the changes are:
a) [pres] make the find_oid_by_[pres_]ctx_id (I changed the name to make it more specific) non-static so it can be called from other dissectors (see acse.cnf changes). I also call it from RTSE and ROS dissectors
b) [acse] remove (#ifdef NOT_NEEDED) the oid lookup table and any reference to acse_handle - as these are no longer needed
c) [acse] register the acse dissector on 2.2.1.0.1
with some modifications: -#ifdef:ed code removed
- renamed aco -> pco
svn path=/trunk/; revision=15678
A PDU length routine called by tcp_dissect_pdus() should use the offset
passed to it as the offset of the beginning of the PDU.
In the heuristic GIOP dissector, if we're running over TCP, and accept
the packet, call "dissect_giop_tcp()" so that we handle multiple PDUs
within the segment or PDUs split across segments.
svn path=/trunk/; revision=15667
These small patches:
- add RTSP header 'RDTFeatureLevel as a proper field
- show feature level in RDT stream setup info
- tidy up RDT info column text
svn path=/trunk/; revision=15647
(so we dont have that many different string handling functions to memorize their usage of and can standardize on a single one )
svn path=/trunk/; revision=15615
Fix a typo.
packet-ber.c
packet-acse.c
packet-cmip.c
- Add OID(s)
packet-ses.c
Fix export of a value string and change names to the ones used in the protocol spec.
Replace PRES dissector with an asn2eth generated one.
svn path=/trunk/; revision=15614
Only count the number of items in the SEQUENCE OF IFF we have the full TVB containing the entire blob.
Dont count the items if the tvb is "short" since then this would just lead to a [short frame] before a single item in the SEQUENCE OF has been dissected.
Do we really need to count the items and create a FT_UINT field with the number of items at all?
Then count the items as we are calling the subdissectors and
append the '# item[s]' text to the FT_NONE items after we finished the loop?
svn path=/trunk/; revision=15607
b) dissect_ber_set() to report missing fields and handle untagged CHOICEs
c) dissect_ber_choice() to handle untagged CHOICEs (within the CHOICE)
svn path=/trunk/; revision=15597
desired reported length and the remaining length, so we don't throw an
exception at tvbuff creation time if we don't have all the desired data
- we want to throw the exception at dissection time, so we can dissect
the data we do have.
Use "tvb_ensure_bytes_exist()" to force exceptions to be thrown.
When "dissect_unknown_ber()" is called from "call_ber_oid_callback()",
we're handing it a newly-created tvbuff, so the offset in that tvbuff
should be zero.
svn path=/trunk/; revision=15595
structure. Handle that.
Don't muck with the columns, or put a top-level Kerberos protocol item
into the protocol tree, until we decide that we really have a Kerberos
packet.
Do, however, clear the Info column if we're dissecting the Kerberos
protocol.
svn path=/trunk/; revision=15590
structure. Handle that.
Don't muck with the columns, or put a top-level Kerberos protocol item
into the protocol tree, until we decide that we really have a Kerberos
packet.
Do, however, clear the Info column if we're dissecting the Kerberos
protocol.
svn path=/trunk/; revision=15589
* I couldn't find any documentation on this protocol. Neither
* what it's good for nor what the elements do. This is purely
* reverse engineered by looking at the hex dump of the packets.
*
* TODO
* - Find out more about unknown fields
* - Currently only one type of packet is really handled at all
svn path=/trunk/; revision=15562
around until they have been acked.
Use a slab allocator for these structs so that we dont keep the structs around in memory longer than we need to.
svn path=/trunk/; revision=15546
use individual g_malloc() calls instead of memchunks. This lets us use
tools like Valgrind and ElectricFence to find bugs.
In the H.245 dissector, set h245_pi to NULL after we're done with
it so that we don't go stomping through our memchunks with muddy
boots later on. Fixes the current Buildbot menagerie failure.
svn path=/trunk/; revision=15539
Changes:
o Implemented CRC and SHA-1 (sort operations are still missing)
o After state acccess, the execution start is not necessarily the
beginning of the bytecode; start IP is now a new parameter to
decompress_sigcomp_message()
o Removed some hard-coded assumptions about bytecode starting at offset
128
svn path=/trunk/; revision=15531
the next few bytes match an SMB header.
1, SMB is the only important protocol transported atop NBSS
2, if we miss the first packets of a PDU, we DONT! want nbns to suddenly think there are Xmegabytes until the end of it and thus prevent any real PDUs from being dissected.
svn path=/trunk/; revision=15527
hand it one (and check for malloc failures), and it returns a malloced
or realloced buffer, so free it when we're done.
That means that routines that use it can return/supply back a null
pointer, so check for that.
Don't ep_allocate fixed-length buffers for formatted OID information,
allocate one that's 'big enough".
svn path=/trunk/; revision=15524
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
(It's not necessary, or desirable, to use them when fetching strings.)
When processing a VLAN TLV, check the length of the TLV, so we don't end
up running past the end of the TLV and getting a negative remaining
length. Append to the protocol tree item for the TLV, and the Info
column, as we dissect the VLAN ID and VLAN name fields.
svn path=/trunk/; revision=15515
- it appears that there are more packet record types other than 0x00010020.
accept anything matching 0x00010020/28 as a packet record.
- make the stack filename lowercase before comparing it so that capitalization is not an issue.
svn path=/trunk/; revision=15513
- Display "Info" instead of "System" in packet summary
- Make the Null element look like the other elements.
- Small element summary formatting changes
svn path=/trunk/; revision=15505
- In the Display element, the length of the display string
was 4 too long
- Display the Vlan id in the packet summary, not just "Vlan"
- Remove trailing whitespace
svn path=/trunk/; revision=15502
A patch to the JXTA dissector. It's purpose is to improve
the behaviour of the dissector when dissecting captures that do not
include the whole conversation.
The dissector is now more capable of isolating a conversation without
seeing the beginning of the conversation. It's still not always able to
pick up all conversations (suggestions, patches and hints welcome).
improved some of the doxygen docs and comments.
svn path=/trunk/; revision=15500
Add some more optional flags to the protocol items, so more "special cases" can be marked in the protocol tree.
New flags:
/** The protocol field has a bad checksum */
FI_CHECKSUM_ERROR
/** The protocol field has an unusual sequence (e.g. TCP window is zero) */
FI_SEQUENCE_WARNING
/** The protocol field has a bad sequence (e.g. TCP segment is lost) */
FI_SEQUENCE_ERROR
svn path=/trunk/; revision=15499
filter as an argument on the command line and have a dialog box to enter
the display filter through the GUI. Use it for all stats using
"gtk_tap_dfilter_dlg_cb()".
Add a top-level "stat_menu.h" file to declare "REGISTER_STAT_GROUP_E"
for the benefit of the declaration of "register_dfilter_stat()" in the
top-level "tap_dfilter_dlg.h". Rename the "stat_menu.h" in the gtk
directory to "gtk_stat_menu.h", so as not to have two headers with the
same name.
Get rid of headers not declaring any functions not being used in the
module.
svn path=/trunk/; revision=15493