col_clear.diff
Remove calls to col_clear :
- called twice.
- before functions which also clear the column
- by replacing col_clear + col_append_xxx with col_add_xxx
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4394
svn path=/trunk/; revision=31517
enumerated, sequence-of and set-of types.
Added BER functions to check for SIZE constraints and give expert info warnings.
svn path=/trunk/; revision=31309
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
meaning "to the end of the tvbuff"; we'd like to get rid of the "-1
means to the end of the tvbuff" convention, as in many cases the length
comes from a 32-bit length field in the packet, and we want 0xFFFFFFFF
to be treated, even on ILP32 platforms, as meaning "2^32-1 bytes",
probably giving an exception, rather than as "to the end of the packet".
svn path=/trunk/; revision=27945
The current dissection of GeneralizedTime in packet-ber does not consider all
the possibilities how this field can be constructed.
According to ITU-T X.680 this field can be encoded as
YYYYMMDDhhmmss([\.,]f{1,3})?(([+-]hhmm)|Z)?
This is a regex-like expression where each letter except the literal 'Z'
represents an ASCII encoded digit.
So far only the first 14 digits are dissected and the 15th character is put
into parentheses. This may not show all available information.
svn path=/trunk/; revision=24071
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015
Uses the ber_callback mechanism to call the rtse oid callbacks, rather than the default ber oid callback list.
A couple of fixes to packet-ber.c to mark [in]direct references as present and call the ber_callback if it has been specified.
svn path=/trunk/; revision=23450
Since the use of the function 'dissect_ber_tagged_type' for DialoguePortion,
the file tcap.cnf must be updated to remove the decoding of the tag and length.
This decoding is now done in the new function 'dissect_ber_tagged_type'.
The file tcap.cnf has been updated to take into account this change.
But this leads to a change in tcap.asn too, for the definition of the
ExternalPDU.
I think this part of the ASN1 file is specific to Wireshark and can be
modified.
In the meantime, I did update the DEBUG part for packet_ber.c for the function
(dissect_ber_tagged_type)
svn path=/trunk/; revision=23442
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
Fro Stig Bjørlykke:
1. BER: Added support for empty indef SET
2. RTSE: Added fragment length in COL_INFO
3. IMF: Use correct hf_id for extension value
4. DOP: Fix typo in COL_INFO oid name
svn path=/trunk/; revision=22492
This patch adds an option to packet-ber to show unexpected tags/data as unknown BER. It also fixes some offset/length combinations when adding the error message to the tree.
svn path=/trunk/; revision=22244
Here's a patch that decodes MMS(Manufacturing Messaging
Specification) when transported over COTP/TPKT/TCP. Previously, MMS would only be decoded if the OSI Presentation Layers were present. Now MMS/COTP/TPKT/TCP is dissected.
With a change to use more functions from packet-ber
svn path=/trunk/; revision=21608
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
When dumping elements in a constructor in dissect_unknown_ber the last element is not put in the correct subtree, because the while- loop does not include the header length when checking for the end.
svn path=/trunk/; revision=20984
"If the bitstring is empty, there shall be no subsequent octets, and the initial octet shall be zero."
The BER dissector marked empty bitstrings as "Padding", but they are now marked as "Empty".
http://www.wireshark.org/lists/wireshark-dev/200702/msg00574.html
svn path=/trunk/; revision=20834
The problem was that when dissecting the set, if a sub-dissector didn't consume any bytes it was assumed that the correct field hadn't been matched.
This fix matches the field if the sub-dissector consumes no bytes and we know that the length of the field is zero. This is only allowed on the first pass when we are not matching ANYs.
I think this is a fairly safe fix - I've tried it with some other ASN.1
I've also changed dissect_ber_octet_string() to show the zero length fields in the dissection. This shows the fields as "<MISSING>" which is not quite the right explanation as the field is definitely present. Something like "<EMPTY>" or "<ZERO LENGTH>" may be better - but I'm not sure of the reasoning behind "<MISSING>".
svn path=/trunk/; revision=20429
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
A BER-encoded file can be dissected as one of a number of registered syntaxes (registered using register_ber_syntax_dissector()).
Syntaxes may also be associated with OIDs (or other strings) using register_ber_oid_syntax().
A default syntax with which to dissect a BER-encoded file is determined from its filename (extension). For example, ".cer" and ".crt" files will be dissected as "Certificate".
svn path=/trunk/; revision=20414
Handle the following type of construct
CDMATargetMAHOInformation ::= SEQUENCE {
targetCellID [3] IMPLICIT TargetCellID,
cdmaPilotStrength [65] IMPLICIT CDMAPilotStrength,
cdmaTargetOneWayDelay [61] IMPLICIT CDMATargetOneWayDelay
}
CDMATargetMAHOList ::= SEQUENCE OF [135] IMPLICIT CDMATargetMAHOInformation
ansi_map:
- Correct an Enummeration
- add Missing OPTIONAL to Tags
- Handle parameter if it's one or two octets long.
svn path=/trunk/; revision=20386
Introduce the support for "expert info" in the BER decoding module.
It is usefull if you have to analyze long capture files, containing few malformed messages.
With changes to make it compile with MSVC6.
svn path=/trunk/; revision=20152
*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed.
*) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID.
*) Remove reference to removed BER preference in the LDAP reassembly preference.
*) Mark a LDAPURL as a URL
svn path=/trunk/; revision=19792
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
ldap and ldap+sasl
remove a recent ber length validation in packet-ber.c that cant work and breaks reassembly and also makes all ber pacvket sspanning multiple segments show up as malformed packets.
svn path=/trunk/; revision=18465
use proto_tree_add_[u]int[8,16,24,32,64]() instread of proto_tree_add_item()
since BER integers may well be encoded in less bytes than the type requires.
(i do not think the old code with proto_tree_add_item() could have handleded negative values very well or at all.)
svn path=/trunk/; revision=17425
the choice dissector didnt sometimes use the correct next_tvb.
based on a bogus variable 'first_pass' that was added as a qad solution to some weird CMIP problem.
svn path=/trunk/; revision=17142
packet-ntp.c: Rather confused and incorrect use of g_snprintf return value
packet-pim.c: whitespace change
packet-icmpv6.c: g_snprintf takes trailing \0 into account, fix off by 1 error
packet-clnp.c: Fix incorrect use of g_snprintf return value
packet-isakmp.c: g_snprintf takes trailing \0 into account
packet-tr.c: Fix incorrect use of g_snprintf return value
packet-radius.c: Fix incorrect use of g_snprintf return value
packet-radius.h: constify a string variable
packet-ldap.c: The return value isn't needed, so don't use it incorrectly
packet-tcp.c: Fix incorrect use of g_snprintf return value
packet-windows-common.c: Remove unneeded DISSECTOR_ASSERT
packet-smb-sidsnooping.c: g_snprintf takes trailing \0 into account
packet-pvfs2.c: g_snprintf takes trailing \0 into account
packet-ptp.c: Remove #include snprintf
packet-ppp.c: Fix incorrect use of g_snprintf return value
packet-ospf.c: Fix incorrect use of g_snprintf return value
packet-mip6.c: snprintf -> g_snprintf
packet-bootp.c: Remove a commented out bad use of g_snprintf
packet-ber.c: snprintf -> g_snprintf, g_snprintf takes trailing \0 into account
2do:
52 packet-ieee80211.c: 2DO
2 packet-nfs.c: 2DO - too many side effects
33 packet-bgp.c: 2DO
18 packet-dns.c: 2DO
14 packet-dcm.c: 2DO
13 packet-x11.c: 2DO
11 packet-kerberos.c: 2DO
10 packet-diameter.c: 2DO
9 packet-snmp.c: 2DO
9 packet-pgm.c: 2DO
7 packet-nbns.c: 2DO
6 packet-fcswils.c: 2DO
5 packet-wccp.c: 2DO
5 packet-cops.c: 2DO
4 packet-wtp.c: 2DO
svn path=/trunk/; revision=17038
For OID fields of type FT_STRING, put back the code to append the OID
name. (Ultimately, we should probably convert them all to type FT_OID.)
svn path=/trunk/; revision=16734
Update a comment, and get rid of a commented-out unused variable.
Use "get_ber_identifier()" and "get_ber_length()", rather than
"dissect_ber_identifier()" and "dissect_ber_length()", if we're just
fetching the values, rather than dissecting them. As we're just
fetching the values, if we get an error, put the identifer and length
into the protocol tree (if we've enabled that) with
"dissect_ber_identifier()" and "dissect_ber_length()".
Properly declare class and tag variables as signed.
svn path=/trunk/; revision=16602
"call_ber_oid_callback()". (Arguably, the caller of
"call_ber_oid_callback()" should check for that, and report that a
presumably-required field is missing.)
svn path=/trunk/; revision=16544
show the value of 1 1111 as "Continued" in the bitfield and the actual
tag value in the following bytes.
Show the BER identifier data before an OID if we're showing internal BER
fields.
svn path=/trunk/; revision=15856
Attached is a patch to solve the CHOICE problem for review.
Problem was two-fold:
1) not passing original class/tag to sub-choice we had matched BER_CLASS_ANY
2) not handling a count==0 if we had matched BER_CLASS_ANY
The patch also includes a my constructed octet string fix again.
svn path=/trunk/; revision=15698
Fix a typo.
packet-ber.c
packet-acse.c
packet-cmip.c
- Add OID(s)
packet-ses.c
Fix export of a value string and change names to the ones used in the protocol spec.
Replace PRES dissector with an asn2eth generated one.
svn path=/trunk/; revision=15614
Only count the number of items in the SEQUENCE OF IFF we have the full TVB containing the entire blob.
Dont count the items if the tvb is "short" since then this would just lead to a [short frame] before a single item in the SEQUENCE OF has been dissected.
Do we really need to count the items and create a FT_UINT field with the number of items at all?
Then count the items as we are calling the subdissectors and
append the '# item[s]' text to the FT_NONE items after we finished the loop?
svn path=/trunk/; revision=15607
b) dissect_ber_set() to report missing fields and handle untagged CHOICEs
c) dissect_ber_choice() to handle untagged CHOICEs (within the CHOICE)
svn path=/trunk/; revision=15597
desired reported length and the remaining length, so we don't throw an
exception at tvbuff creation time if we don't have all the desired data
- we want to throw the exception at dissection time, so we can dissect
the data we do have.
Use "tvb_ensure_bytes_exist()" to force exceptions to be thrown.
When "dissect_unknown_ber()" is called from "call_ber_oid_callback()",
we're handing it a newly-created tvbuff, so the offset in that tvbuff
should be zero.
svn path=/trunk/; revision=15595
Small patch to ber.c
The tcap dissector has been updated to use this length. I have not tested other asn.1 dissectors to ensure that they correctly use the indefinite encoding flag instead of the length value returning zero.
There may also be some problems when re-assembly is needed, but the ability to deal with indefinite length is much more useful.
For developers the get_ber_length now returns the length of the pdu including the EOC, where you have dissectors that use packet-ber.c the eoc may need to be dealt with separately.
The tcap dissector has had numerous changes to make it less cluttered, and the useful feature of the previous version where a dialogue could be filtered out by selecting either the source or destination transaction ID has been incorporated into this version.
svn path=/trunk/; revision=15414
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264
that they are not longer than the reported length of the tvb.
this triggers some bugs since in packet-ber we are a bit too lax in setting reported_length of the tvb_new_subset() tvb.
this cause short kerberos packets to not be decoded at all and the same for other short asn based packets as well.
fix some of these instances.
svn path=/trunk/; revision=15127
current signature ("class" is a "gint8 *", not a "guint8 *", and "tag"
is a "gint32 *", not a "guint32 *"). Re-generate the dissectors from
the ASN.1 and the .cnf files in the cases where the arguments were fixed
in a .cnf file.
Give some dissectors the right svn:keywords and svn:eol-style settings.
svn path=/trunk/; revision=14885
also prettify the error when finding "unknown" entries inside a SEQUENCE to make it easier to track down what went wrong.
svn path=/trunk/; revision=14814
index of the branch taken or -1 to make prettifications easier to implement.
change the signature of dissect_ber_choice and rename it to dissect_ber_CHOICE to catch all
occurences of the use of this function
update asn2eth to use the new name/signature
update all occurences of this function to the new name and new signature.
svn path=/trunk/; revision=14758
1, start making indefinite length constructions actually work
2, when attempting to decode an unknown BER octet sequence, do not generate [malformed packet] just because the length does not make sense and might point outside the tvb. it might just be that there are implicit tags in the asn1 specification and that it is just impossible to decode the octet stream without knowledge of the asn.
svn path=/trunk/; revision=14728
fix bug251 and all other occurances where an oid string passed to packet_ber_object_identifier()
is not defined as foo[MAX_OID_STR_LEN]
svn path=/trunk/; revision=14720
- I have had to make some changes to packet-ber to allow for PRIVATE and APPLICATION tags.
- Both ANSI and ITU variants supported without configuration.
- Asn.1 dissectors can now register using an OID value as well as an SSN, the oid it tried first.
svn path=/trunk/; revision=14572
IF the length seems bogus, like longer than the reported tvb_length
we add a helpful text item to the tree and generate a [malformed packet]
change all callers of get_ber_length to the new signature.
svn path=/trunk/; revision=14145
Here is a patch that:
* packet-ber.c:
- Fixes handling tags longer than one octet (in
"packet-ber.c:get_ber_identifier") which consists of replacing "if (t &
0x80) break;" by "if (!(t & 0x80)) break;"
- Add debug info on the identifier when debug is enabled (I don't know if we want to keep this, but I find it useful)
- printf's a warning when packet-ber hits a constructed type (to remind that we eventually have to handle this)
- Add the display of unknown BER octet strings (this one was already submitted along with the initial Camel dissector but didn't got
included)
svn path=/trunk/; revision=13895
regenerated all dissectors
fixed the choice/sequence struct to use unsigned entities for class and tag
(to reduce some compiler warning and because it should be signed quantities)
svn path=/trunk/; revision=12740
create some missing makefiles for autogenerated dissectors
finish the transition to the new ber integer dissetor helper signature
and regenerate all ber dissectors
svn path=/trunk/; revision=12724
asn2eth generates exports for CHOICE as of BER_CLASS_UNI while the handgenerated ones specified the calss as BER_CLASS_ANY.
make dissect_ber_sequence() look at the tag as well and if -1 its a wildcard and anything goes.
svn path=/trunk/; revision=12559
call a new function to start dissecting what unknown fields we can dissect.
Currently only PrintableString and INTEGER implemented but it will be easy to add other BER Universal types as needed later
svn path=/trunk/; revision=12544
It worked reasonably well mainly, I suspect, due to implicit tags are reasonably uncommon in the dissectors we have already implemented and that the bugs were masking eachothers.
my regression tests (limited test samples though) decodes this new one exactly the same as the old one.
As a bonus by not changing anythiong in the decode is that now it is possible to get dissection of implice items to work properly, hence CMIP
(and also x509 Extensions work now)
make heaps of dissector helpers implicit_tag aware.
change asn2eth to generate code to call the implicit_tag aware integer dissector helper.
svn path=/trunk/; revision=12520
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
use this and create a new tvbsubset so that
1, reading too much data is flagged as MALFORMED PACKET indicating a bug in the dissector (or a packet that IS malformed)
2, this also implicitely passes the length of the data through the ber.oid dissector handle in case we want to pick it up later.
svn path=/trunk/; revision=11490
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Stig Bjørlykke