Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
Try to resolve a crash issue when having a function on the RHS
of a filter test which does not return the same type as the LHS.
svn path=/trunk/; revision=28550
* adding pydoc documentation to doc/README.python
* possible to access directly libwireshark via libhandle and raw_<tvb|pinfo|tree>
* transform some methods into properties
* update sample to reflect changes/features
* adding comments!!!
svn path=/trunk/; revision=28532
The patch puts the function declarations for zbee_sec_ccm_decrypt() and
zbee_sec_key_hash() into a #ifdef HAVE_LIBGCRYPT guardian to avoid gcc from
complaining about functions that are declared as 'static' but never defined.
It additionally puts the function zbee_sec_make_nonce() (and its declaration)
into a #ifdef HAVE_LIBGCRYPT guardian to avoid gcc from complaining about a
defined but unused function, if libgcrypt is not used.
svn path=/trunk/; revision=28513
- Make some fcns & vars static
- hf[] blurbs: "" and repeated text --> NULL
- Move proto_register & proto_reg_handoff to end of source
- packet-catapult-dct2000: simplify proto_reg_handoff
- Use consistent indentation
svn path=/trunk/; revision=28488
"Purify reports an uninitialized memory read in dfw_append_const() when
accessing the 'next_const_id' member. This seems to be caused by dfwork_new()
which doesn't properly initialize the member."
svn path=/trunk/; revision=28486
Add:
- FIX 4.0 to 4.4 fields, auto generated with XSLT stylesheets applied on
http://www.quickfixengine.org/ xml files (not included quickfixengine code is
BSD but xml files have no copyright).
- value_string functions for string keys, added to value_string.c.
- FIX desegmentation, it doesn't work well with malformed FIX PDU.
svn path=/trunk/; revision=28478
- Removed heuristic for find if is_request and used event_type
- URB_INTERRUPT don't goes in reverse direction... fixed
svn path=/trunk/; revision=28477
This patch adds support for the I-TDM control protocol specified in PICMG SFP.1 chapter 3.12.
This control protocol is used to "automatically" initialize new I-TDM data flows.
svn path=/trunk/; revision=28468
The CoS Capability extended community has been changed to a transitive ext. community
and was reassigned an IANA type number. It has changed from 0x40 to 0x05.
see: http://www.iana.org/assignments/bgp-extended-communities
svn path=/trunk/; revision=28467
Some of the hard-coded 96 and 127 values representing dynamic payloads
were changed to use #defines from rtp_pt.h but not all.
svn path=/trunk/; revision=28466
Airpdcap does not allow for more than one key to be stored for a pair of nodes.
This means that when a device associates more than once the previous keys are
lost. This is ok for the first pass as the newest key is all that is needed
but when the user tries to click on a packet, to get the tree, which used a
previous key all that is seen is the encrypted data. The attached patch stores
previous associations in a linked list and will try all known keys before
decided the packet can't be decrypted. The list of keys is garbage collected
when a new capture is started.
svn path=/trunk/; revision=28449
In ISUP, if the redirecting or original called number parameters are present,
but have a zero length number in them, the dissector (incorrectly) marks them
as malformed packets.
Also, the precedence decoder is very terse (Doesn't even display the precedence
level correctly)
svn path=/trunk/; revision=28448
- replace C++ comments by C-style comments (or #if 0...#endif);
- Chnage all hf[] "" blurbs to NULL;
- Fix some spelling;
- Remove two unused handles.
svn path=/trunk/; revision=28439
- prefs registration not req'd (no prefs);
- move hf[] & ett[] to be local to proto_register;
- use std dissector format: move proto_register & proto_reg_handoff to end;
- if (proto == -1) in proto_register not req'd;
- if (! initialized) not req'd in proto_reg_handoff since no prefs callback.
svn path=/trunk/; revision=28437
FCS; this handles protocols where there's no length field, so that the
"is there a trailer and/or an FCS?" heuristic can't work.
svn path=/trunk/; revision=28432
The attached patch file adds dissectors for the ZigBee protocol stack,
which runs atop the IEEE 802.15.4 dissector. Also included is the
dissector for the ZigBee Encapsulation Protocol (packet-zep.c), used by
the Exegin Q51 protocol analyzer.
From me:
Fix a bunch of gcc (the compiler, not me) warnings.
svn path=/trunk/; revision=28429
e_ip->ip_ttl is currently always set to 0, in attachment fix.
I also (in same patch, sorry) submit cleanup to use ep_alloc() instead
of static e_ip buffers, I didn't test it, but I hope it's ok.
There's note about static buffers in doc/README.tapping, which should
also be updated, but I don't feel so good with my English :)
From me:
Rename e_ip to ws_ip. Update the static buffers note in README.tapping.
svn path=/trunk/; revision=28425
Add a UAT for custom HTTP header fields.
From me:
Use se_alloc0 to initialize a struct. Use g_strdup(...) instead of
g_strdup_printf("%s"...). Add a missing UAT_END_FIELDS.
svn path=/trunk/; revision=28406
Attached please find a patch that enables to heuristically find VNC
traffic on non-standard ports.
(it also adds some if(tree) ... around some proto_tree_add_item()
functions)
svn path=/trunk/; revision=28394
Not much, just a little bit of fine tuning:
- Spelling
- Added expert_add_info() for status responses with warning & error level
- Added command details in info column (optionally)
Also plugging memory leak.
svn path=/trunk/; revision=28392
use.
Rename some variables to reflect the names they have in the IGRP
document.
Don't treat being called with a non-IPv4 address as a dissector bug - we
can't prevent ourselves from being called from the IPv6 dissector. This
fixes bug 3466.
Clean up indentation.
svn path=/trunk/; revision=28390
The attached patch updates wireshark to the radiotap RX flags leaving the
non-standard option to dissect bit 14 as "FCS in header".
Merge the patch by hand in a couple of places to avoid conflicts with
r26861.
svn path=/trunk/; revision=28385
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2824
I have added the SCM header to the wlccp dissector. This header is present in
packets of base message type 0x01. You can find the specification in the
following document, when you search for "The table below shows the fields for
an SCM Advertisement Reply Message.":
http://www.freepatentsonline.com/y2005/0220054.html
It seems like the header structure in the document is wrong regarding the "SCM
Node ID" (MAC address) field. From looking at the hexdumps I found out that the
node id shows up in the header before the "Instance Age" field. There is also a
2 byte field between the node id and the instance age, which is always zero. I
have named this field wlccp.scm_unknown_short, because I don't know what it is
for.
Me:
Fix two bugs that came up during testing but were present before the patch,
both involving wrong length handling triggering dissector assert and malformed
packet messages.
svn path=/trunk/; revision=28376
support for vendor-specific IEs. Fix variable-length record handling. Add
conversation tracking to the UDP dissector and add process flow
information to TCP and UDP conversations.
This lets us run process flow collectors on one or more machines and
have the process username, PID, command name, etc. show up in the TCP
and UDP protocol trees.
svn path=/trunk/; revision=28366
We can have a case where one Lua dissector calls another Lua dissector,
so we can't mark all objects when only one dissector is completed.
This fixes comment #37 and #39 in bug 2453.
svn path=/trunk/; revision=28325