* add SUA to the "VoIP Calls" tap.
* propagate changes to packet-sccp.h to other dissectors
From Neil Piercy:
* add SLR, DLR and CAUSE to COL_INFO
svn path=/trunk/; revision=21126
some warning fixes
packet-http.c
set headers.content_length = 0 before the first potential use of it.
packet-kink.c
"ifdef kerberos" around one function declaration
packet-nbns.c
set headers.{dgm_length|pkt_offset|error_code} = 0
packet-pflog.c
delete capture_pflog and
capture_old_pflog which aren't used anymore in the code.
svn path=/trunk/; revision=21120
retransmitted, add items to its tree describing those retransmissions (frame
where the retransmission is and RTO). Limit this to 100 retransmissions to
avoid running out of memory in pathological cases.
This adds the filters "sctp.retransmitted" (TSNs that were retransmitted)
and "sctp.retransmitted_count" (count of number of times the TSN was
retransmitted).
The RTO is intentionally not added to the retransmitted TSN tree as it is
already added to the retransmission(s). The RTO is displayed, however.
svn path=/trunk/; revision=21081
add sccp_info to struct _packet_info (Sorry but the way private_data works and the fact that TCAP uses it and BSSAP/RANAP can be tunnelled on GSMMAP over TCAP makes it impossible to avoid)
SCCP
- Have SCCP to have a TAP,
- Fix associations so that every message belongs to the association.
- Export message type values so that they can be used by a tap listener
RANAP
- Have RANAP information attached to the sccp_info
BSSAP + GSM_A
- Have DTAP, BSSMAP and BSSAP info attached to the sccp_info
svn path=/trunk/; revision=21076
- Change "sctp.retransmitted" to "sctp.retransmission" since that field
is set on messages that are retransmissions, not messages that were
retransmitted.
- Change some formatting to make it more consistent.
svn path=/trunk/; revision=21065
The capture file the user supplied had a HTTP chunked response
in it with no actual chunks other than the zero length chunk
indicating the end of the chunks. The fix is to only create
a new_tvb and copy it over the tvb going into the
chunked_encoding_dissector() function if the chunk size is > 0.
svn path=/trunk/; revision=21034
- Split the HTTP tap into two taps: one for the HTTP statistics
and the other for the export object function. This allows the
HTTP statistics to work again (they seem to have been
partially broken since SVN rev 18901).
- Pass the conversation data (conv_data) between functions now
instead of using the global variable stat_info (now only used
for the HTTP stats)
- Pass only pointers from the HTTP dissector to the Export Object
tap, where we'll then copy the values and insert into the slist.
- Make sure we free all memory allocated by this feature when
we're done with it.
- Various other minor improvements
svn path=/trunk/; revision=21021
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
- don't show EPL src- and dst-address of SoC frame (same as SoA)
- show SoA requested service only if it's not "NO_SERVICE"
- NMT state in StatusResponse in words, not numbers
- don't show MC and PS flags in SoC (it's now configurable via "Preferences")
Furthermore I extended the value_string struct for the NMT-Command-IDs
(asnd_cid_vals). This change is used to fully decode the NMTRequest frames.
svn path=/trunk/; revision=21017
On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21015
On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21014
epan/dissectors/
packet-bctp.c:
no newline at end of file
packet-epl.c:
C++ style comments are not allowed in ISO C90
packet-sccp.c:
missing initializer
packet-sccp.h:
comma at end of enumerator list
packet-sctp.c:
suggest parentheses around assignment used as truth value
packet-vnc.c:
control reaches end of non-void function
pointer targets in passing argument 1 of 'g_strtod' differ in
signedness
pointer targets in passing argument 3 of 'vnc_client_to_server'
differ in signedness
gtk/
main.c:
C++ style comments are not allowed in ISO C90
u3.h:
function declaration isn't a prototype
Other (trivial) stuff
packet-sccp.h:
Add svn properties
svn path=/trunk/; revision=21011
I've refactored the offending code branch and added some comments so
hopefully the intent is a bit clearer. The loop termination conditions
are now obviously independent of the content on the wire (they were
meant to be before, but I admit it was obscure). I've tried using the
ephemeral memory routines.
Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception. Add Julian to AUTHORS. Update the
release notes.
svn path=/trunk/; revision=21007
- for Q.1950 I used the value_string for GB events as the value_string for the parameters of BNC change.
> In observed event descriptor, it is called “eventName”, but in event descriptor,
> it is called “pkgdName”. It should be “eventName” in both cases.
svn path=/trunk/; revision=20986
When dumping elements in a constructor in dissect_unknown_ber the last element is not put in the correct subtree, because the while- loop does not include the header length when checking for the end.
svn path=/trunk/; revision=20984
- Note in the user's guide that export object is not available
in GTK1 builds of Wireshark.
- Make scanning through the slists more efficient
- Use new tap.c function called have_tap_listener() to only save
object payload data when the export object listener is actively
listening for it.
- Save objects in the HTTP dissector with g_malloc() instead of
se_malloc() and free it when we're done with it - when the
export object window is closed (Fixes bug #1412)
- Various minor improvements
svn path=/trunk/; revision=20980
This patch adds support for key-mgmt session attributes in SDP (defined in RFC 4567). The patch also contains a Multimedia Internet KEYing (MIKEY is defined in RFC 3830) dissector plugin for "mikey" key-mgmt data.
svn path=/trunk/; revision=20977
+ Add the fields sctp.sack_gap_block_start_tsn and sctp.sack_gap_block_end_tsn so that one can filter over a tsn ack acked by a gap block.
svn path=/trunk/; revision=20976
Admittedly not much, so if you have any ideas what the rest means or where
I'm wrong please provide feedback.
As tapa uses udp 5000 and ip protocol 4, I needed to add a hack for the
ip part to properly dispatch betweeen ipip and tapa-tunnel (actually I
was unable to turn the ipip dissector into a heuristic dissector :-)
svn path=/trunk/; revision=20971
- Add to User's Guide
- Add a help button
- Move a lot of code into the shared export_object.c file and out of
dissector specific file export_object_http.c. This will make adding
additional protocols much easier.
- Change comment in packet-http.c to reflect new name (Export Object)
- Various other minor improvements
svn path=/trunk/; revision=20961
Up and running.
As it is analysis will stop at TSN rollover (0xffffffff->0x00000000).
And It will start to misbehave when a TSN is seen again in the same half association (that's a case where an out-of-memory error will probably had happened before).
It still needs testing.
svn path=/trunk/; revision=20947
I attached a patch to this dissector, which includes some corrections, updates and SDO by UDP support. I will upload a sample capture of SDO by UDP to the wiki. The patch is fuzzy tested against the current SVN rev under Linux and it builds also under MSVC2005.
svn path=/trunk/; revision=20937
so invalid type arguments are programming errors; check for them with
DISSECTOR_ASSERT().
Fix a call to use the right value from the packet.
The dissector is a new-style dissector, so register it as such.
svn path=/trunk/; revision=20930
It's disabled. To enable uncomment the preference, recompile and enable it from preferences.
I checking it in because I need it as a reference.
svn path=/trunk/; revision=20929
which applies (for now only) to integer types.
when this flag is specified as PARAM_VALUE the fields name and its value will be pushed onto the info column of the summary line
svn path=/trunk/; revision=20922
these new helpers take a parameter that can be used to decorate the tree and summary line (when this parameter is acted upon/implemented in the code inside the helpers)
WINREG was regenerated using a patched version of PIDL. Mainline version of PIDL does not yet have this patch applied.
svn path=/trunk/; revision=20918
The current RTP/MPEG2 Transport Stream dissector has a bug. When both
Adaptation Field and Payload are present in a packet (AFC==3) the
payload is ignored and Wireshark marks the packet as malformed.
This patch to epan/dissectors/packet-mp2t.c fixes the problem.
svn path=/trunk/; revision=20910
Please find attached a patch to the RSVP dissector that fixes a small inaccuracy when printing the SENDER TSPEC object.
Substantially, it changes the string
"C-type: 1 - Integrated Services" into the correct one
"C-type: 2 - Integrated Services"
svn path=/trunk/; revision=20900
When dissecting RTP packets with a H.263 payload, the "Mark" flag runs into the Mode A/B flag in the info column.
From me abriviate Payload type to PT.
svn path=/trunk/; revision=20899
Along with this bug, identified by Mark, there is another problem, in that one of the chunks of my earlier patch seemed to get missed off when Anders committed it. This won't break anything yet, as the H.223-over-RTP dissection hasn't landed on trunk yet, but it will cause all sorts of nasties when it does.
Here is a new patch, against current trunk, which should fix Mark's bug, my bug, and a comment typo.
And a patch wich improves the general robustness of the h.223 dissector (making it less likely to crash on malformed data).
Hopefully this also fixes a bug raised by Fabio Sguanci a few weeks ago.
Fabio: I think a better way to fix the problem is to stop the dissector crashing when it finds a malformed PDU, so that it just treats the first pdu as malformed; there is then no need to special-case it.
svn path=/trunk/; revision=20898
use this field in the policy handle helper to indicate not only which frames the handle was opened/close in but also the name of the function that opened it.
eventually, when other pidl support infrastructure is developed it would be nice if this could be expanded to also contain the name of the object/handle opened.
svn path=/trunk/; revision=20895
This patch makes the defragmentation code in the iax2 dissector handle
pinfo->desegment_len=DESEGMENT_ONE_MORE_SEGMENT, in line with
Ronnie's changes to the tcp dissector of 11 November.
svn path=/trunk/; revision=20892
Here's a patch which adds an option enabling subdissectors to request defragmentation of packets over RTP streams, using the
pinfo->desegment_{len,offset} API.
svn path=/trunk/; revision=20891
bring the server message type dissection nearly to completion. As for RealVNC
protocol dissection, the only things not working at 100% is the TCP
reassembly and some ZRLE subencoding types. However, it is is much more useful
shape now than before.
svn path=/trunk/; revision=20886
This patch provide a new function to decode messages when several ASN1 encoding can be used.
This is the case, for example, when a same message has different encoding according to the MAP version, or in case of ASN1 encoder optimization.
At the same time, I did remove the configuration variable "old_gsm_map_version", which is taken into account in the patch.
And likewise, for all the messages defined with the ASN1 sequence "[3] SEQUENCE", this function is called for the decoding.
svn path=/trunk/; revision=20878
let this helper take a parameter to describe how the policy handle should be
managed (is this an open, close ?) to improve policy handle tracking.
(centralizing to a single function of code makes other changes easier)
create defines to indicate OPEN/CLOSE and use them as a start/test in the winreg conformance file.
svn path=/trunk/; revision=20872
pidl will probably be in flux for a short while and this checkin is to reduce the some noice generated to winreg while other changes are implemented.
this change only affects c-code comments in the pidl generated code
svn path=/trunk/; revision=20871
feature lists all of the content found in an HTTP stream (images, http, etc.)
and displays it in a list that allows the user to save each one as a file that
is already reassembled by the dissectors.
svn path=/trunk/; revision=20867
update the conformance file so the correct functions are loaded with the correct PARAM value to signal "in this frame, this policy handle was created"
svn path=/trunk/; revision=20857
While I reading source code of IuUP dissector, I notice some
obvious bugs inside the code. One is a missing assignment
that causes the following "if (iuup_circuit)" block to never execute.
Another is wrong field names.
Althoug both won't show up in final result (for the first bug, the call to
g_hash_table_insert several lines later will do the right thing anyway;
for the second bug, there is no services utilizing more than 3 subflows),
I think it is better to have them fixed.
svn path=/trunk/; revision=20853
Use "break" instead of "goto done" when possible, don't goto a label
that follows immediately, and get rid of labels for which there's no
goto.
svn path=/trunk/; revision=20846
Update the Camel dissector to have the same structure as the gsm map dissector.
Now the dissector correctly handles the Tcap return error component.
Some improvement have been made for ApplyChargingReport too.
svn path=/trunk/; revision=20835
"If the bitstring is empty, there shall be no subsequent octets, and the initial octet shall be zero."
The BER dissector marked empty bitstrings as "Padding", but they are now marked as "Empty".
http://www.wireshark.org/lists/wireshark-dev/200702/msg00574.html
svn path=/trunk/; revision=20834
This is purely empirical as I can find no standard that says it should be there.
However successful LDAP/SASL/GSSAPI between AD and Java client shows it seems to be present.
If the confounder is not dissected, the LDAPMessage to fail to be decoded.
svn path=/trunk/; revision=20833
1) Handle empty (zero length) saslCredentials
2) Handle "GSSAPI" auth_mech when identified from the bind
3) Annotate column info to show SASL service applied to LDAP operation
svn path=/trunk/; revision=20830
- move dcom-cba and pn-rt files into profinet plugin (where they really belong)
- move some common pn functionality into new packet-pn.c/h instead of having duplicate code
svn path=/trunk/; revision=20825
this resolves some issues where the decode is ok but the hexpane shows corrupted memory where the decrypted blob should be.
svn path=/trunk/; revision=20824
A patch to update the gsm map definition up to 3GPP TS 29.002 V7.5.0 (2006-09) Release 7 There is a little impact on the GTP dissector, because I had to change the name of the Local ErrorCode in the gsm map asn1 definition due to a conflict with the Camel dissector.
svn path=/trunk/; revision=20823
(since we do not yet use all of the various idl files from s4 i commented out the import directove from the idl file since othervise it would generate #include directives for files we do not yet provide)
svn path=/trunk/; revision=20816
Also:
- Fix a division-by-zero error in FP dissector
- Correct the way DCT2000 IPPrim addresses and ports are dissected and displayed
svn path=/trunk/; revision=20812
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
Attached is a wireshark patch that adds support for decoding DHCP option 125
and the DHCP option 125 suboptions defined by the DSL Forum's TR-111
specification.
svn path=/trunk/; revision=20783
the SSC dissector should be in fairly good shape now modulo some missing
dissectors for a few data in/out buffers that someone that needs them can easily add
svn path=/trunk/; revision=20776