This patch enables Wireshark to correctly decode messages specific to the
selected key exchange method by determining and remembering that method.
It's a little incomplete in that it doesn't support the case where
first_kex_packet_follows is true, but then the current implementation
doesn't either.
It also adds/fixes dissection for the plain Diffie-Hellman key exchange and
DH group exchange messages that were broken/missing, completing support for
both of these key exchange methods.
svn path=/trunk/; revision=51197
This patch fixes a bug where if the client identifies itself first, both of
the protocol version messages are misidentified as encrypted data.
svn path=/trunk/; revision=51151
Currently, Wireshark only dissects one side's Key Exchange Init message,
which, in particular, means that the encryption, MAC and compression
algorithms it infers are bogus.
This patch fixes that.
From me:
Don't use a macro which confused checkhf (it only saved a small amount of
visible code). Fix up some more white space.
Use macros for a couple array indexes.
svn path=/trunk/; revision=51126
This patch makes the SSH dissector able to display multiple messages in the
Info column. As a side effect, it changes the formatting of some messages to
be more uniform.
I've also removed a dubious chunk of code that hardcodes a 16-byte MAC after
a SSH_MSG_KEX_DH_GEX_REPLY message. There can't be a MAC before key exchange
is over, and in my sample capture, this actually eats the second message that
follows.
From me: some white space cleanup.
svn path=/trunk/; revision=51117
In SSH, the protocol version message is terminated by CR LF. Wireshark, in the
info column, strips out the LF, but not the CR.
Attaching a patch to rectify that.
Also, as requested, update the contributor's email address in AUTHORS.
svn path=/trunk/; revision=50902
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors.
(The SSL dissector was already updated in one of two spots with bug 4535/rev
32456.)
A couple of the patches had to be manually applied.
From me: Fix the comments to match the change (including in the TCP and SSL
dissectors.)
svn path=/trunk/; revision=36332
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
- Make some fcns & vars static
- hf[] blurbs: "" and repeated text --> NULL
- Move proto_register & proto_reg_handoff to end of source
- packet-catapult-dct2000: simplify proto_reg_handoff
- Use consistent indentation
svn path=/trunk/; revision=28488
testing version of GLib; it doesn't appear to exist in any current
versions. There's no need to "gracefully" handle NULL (whatever
"gracefully" means in this context - NULL compares less than any real
string?), as we already checked whether mac_name is null, and we're
comparing it against a string constant; just use strcmp().
In ssh_gslist_compare_strings(), check for null pointers for now.
strcmp() (and strcmp-alikes) don't return a boolean, they return a value
such that comparing strings with a particular operator is done by
comparing the result of strcmp() with 0 using that operator; do that, to
make it clearer that the strings are being compared for equality.
svn path=/trunk/; revision=25402
- if offset is 0, tvb_length is the same as tvb_length_remaining, just faster.
Replace
- col_append_fstr() with faster col_append_str()
- col_add_str() with col_set_str()
when it's safe
svn path=/trunk/; revision=23252
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693