epan/dissectors/packet-s5066sis.c, to clarify that it's not for STANAG
5066 as a whole, but just for the Subnetwork Interface Sublayer.
There's currently an enhancement to support the Data Transport Sublayer,
which adds a epan/dissectors/packet-s5066dts.c file.
svn path=/trunk/; revision=52348
PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for
TLS). Therefore remove the restriction of 16 octets. While at it, skip
testing for negative size as this is unnecessary.
Reported at:
http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic
svn path=/trunk/; revision=52335
The name "RC2" is not used by libgcrypt, instead it uses
"RFC2268_<keysize>". RFC2268_40 and RFC2268_128 are both documented,
though only RFC2268_40 is implemented right now.
As documented in RFC2246 (TLS 1.0), section 6.3.1 Export key generation
example, exportable ciphers (in this case, the
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 cipher) only use 40 bits of the
key_block, but the real key (final_{client,server}_write_key) used for
the actual algorithm (RC2) is still 16 bytes (128 bits). Therefore
RFC2268_128 is the correct name to use.
As libgcrypt 1.5.3 does not support the 128-bit keys, I have submitted a
patch for libgcrypt to support the larger 128-bit rc2 keys has been
submitted to gcrypt-devel@gnupg.org (it sits in their mail queue as I am
not subscribed).
svn path=/trunk/; revision=52320
I still couldn't figure out how to generate the source, so I made the modifications to the generated dissectors "manually" (search/replace tool in VS) that would match the "PIDL source" included here.
I will be sending the "PIDL source" (non dissector files) to the samba team.
svn path=/trunk/; revision=52313
For consistency all places that "didn't have enough bytes", got an expert message, regardless of whether the upcoming field itself was a FT_BYTES type.
svn path=/trunk/; revision=52304
There seem to be several cases of proto_tree_add_string_format where a "string" value/filter doesn't really make sense because it's always empty, and is just being used as a "filterable subtree header (placeholder)". They appear to be more for "presense" than "value" and should probably be FT_NONE, although I'd almost argue for removing the filter in favor of proto_tree_add_text.
svn path=/trunk/; revision=52296
Extend the BPDU dissector in packet-bpdu.c so that it recognizes and displays
the PVID TLV in Cisco's PVST+/RPVST+ BPDUs.
svn path=/trunk/; revision=52294
quite well - reimplement that in Wireshark.
There is room for improvement in this patch, e.g. use subtrees for
the subattributes.
svn path=/trunk/; revision=52278
Only proto_tree_add_time_format calls remaining are in packet-ncp2222.inc, which may just need some additional filters.
svn path=/trunk/; revision=52269
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9127
With 6 unknown bytes leading to the two known values for the
last two bytes this cannot yet be properly dissected. Dissect
the one known case. More traces with additional properties
required to get more sense into the first 6 bytes.
svn path=/trunk/; revision=52233
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-openflow.c: In function ‘dissect_openflow_v_1_3’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-openflow.c:1125:18: error: variable ‘version’ set but not used [-Werror=unused-but-set-variable]
guint8 type, version;
Remove some trailing whitespace.
svn path=/trunk/; revision=52228
packet-openflow.c:577:31: error: "/*" within comment
packet-openflow.c:655:24: error: "/*" within comment
cc1: warnings being treated as errors
packet-openflow.c: In function 'dissect_openflow_features_reply_v1_3':
packet-openflow.c:671: warning: unused parameter 'pinfo'
packet-openflow.c:671: warning: unused parameter 'length'
packet-openflow.c: In function 'dissect_openflow_multipart_request_v1_3':
packet-openflow.c:809: warning: unused parameter 'pinfo'
packet-openflow.c:809: warning: unused parameter 'length'
packet-openflow.c: At top level:
packet-openflow.c:1033: warning: return type defaults to 'int'
packet-openflow.c:1119: warning: return type defaults to 'int'
svn path=/trunk/; revision=52226
in its entirety due to a snapshot length being specified is not
malformed.
Instead of checking for the the sum of the offset and the value length
being less than the offset, check whether the TLV length is <= 4 and, if
so, just quit at that point (that also handles the "value is zero
length" case). That makes sure that valuelength isn't negative; given
that length is < 65536, valuelength < 65532, so that won't cause offset
to overflow, so that means offset won't go backwards.
svn path=/trunk/; revision=52220
According to 3GPP R8/R9/R10/R11, the mobility option "3GPP Specific PMIPv6 error
code" is 1 octet length.
However, in the source file packet-mip6.c, the length of the option is set to 4 octets (around line 1744):
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9183
svn path=/trunk/; revision=52218
- Print hexdump of unknown or vendor specific toplevel TLVs
- Try to print the name of type 204 (something still missing)
svn path=/trunk/; revision=52212
A few enhancements to the SEL Fast Message (selfm) Dissector:
- Final piece of dissection for standard Fast Meter messages to display pad byte
(if present) and single-byte checksum footer.
- Enhancement to digital word display to show 1-byte bit patterns on proto_item
without requiring user to expand tree.
svn path=/trunk/; revision=52210
This enhancement add the missing structure CAUT, some missing integer
converted to Strings and some field that were unknown to a better explanation.
Sorted alphabetically the MQCFINT_Parse VALS structure to better find what is
missing in this VALS structure
svn path=/trunk/; revision=52198
1) Corrections to the naming and terminology of DTP, its TLVs, types and values
2) Improvements to the dissection of Trunk Status and Trunk Type TLVs whose values and meaning have not been properly decoded so far
3) Improvements to the dissection of the Domain TLV (now using proto_tree_add_item() to display its value; this also allows for filtering operations)
4) Minor cleanups to the code (mainly renaming the macro names to make them more consistent)
From Peter Paluch, Bug 9156 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9156)
svn path=/trunk/; revision=52189
explicit, and frees up the "generic" names (like tvb_memdup) for new signatures
that take the appropriate wmem pool.
Majority of the conversion done with sed.
svn path=/trunk/; revision=52164
1. Correct Interface Flag enumeration
2. Dissect ARP data without making it look like its an ARP packet by disabling column writing.
svn path=/trunk/; revision=52157
Decode the mesh formation information fields related to the number of mesh peerings
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@cozybit.com>
svn path=/trunk/; revision=52152
Really add support for AEAD ciphers (GCM)
GCM uses counter mode with authentication tags (the latter is currently
not supported). As for the key material, there is no MAC (because the
auth tag is supposed to verify the authenticity).
Finally, correct the GCM cipher suite definitions: IV block size of
4 bytes and GCM instead of CBC mode.
svn path=/trunk/; revision=52150
Use IV from record for CBC mode, add padding/IV length check
Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
padding) are used. Merge DTLS and TLS blocks for extracting IV. This
saves an unnecessary memmove() because the input pointer is, well, just
a local variable and can therefore be incremented.
Validate padding and IV lengths before using it. A crash could occur
if the explicit IV is missing (this would make memmove write before its
buffer). The missing padding check had as implication that a misleading
error is returning with a negative length (not exploitable).
Use IV from record for CBC mode, previously it decrypted the first block
incorrectly and then threw this "decrypted" IV away. Now it extracts the
IV and uses this for decrypting the first fragment block. (remember that
CBC xor's the output of the block cipher with the previous ciphertext
(or IV for the first block)).
This is a preparation for GCM which does not have a MAC. The skip_mac
branch is necessary to make the compiler happy in this patch, 'mac'
could otherwise be uninitialised.
svn path=/trunk/; revision=52149
Correct cipher suites list, add TLS_ annotations
Add official TLS_ names as comment and correct:
- 6: RC2 is a block cipher using MD5, not stream+SHA.
- 25,26,27: should be SHA instead of MD5
- 98: DES export is a block cipher using 56-bits[1], not stream.
- 99: DES export should be using 56-bits[1].
- 138: removed commented RC4 cipher because it is not a block cipher
Besides these comments and corrections, there are no further changes.
[1]: http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-00
svn path=/trunk/; revision=52148
Drop export_cipher and dig_len, cleaner digest access
Removed dig_len as this magic number is dependent on dig. The digests
variable is converted from a string to a structure holding the digest
name and length because of its close dependency.
Introduce another struct+function to get rid of the magic number 0x40
(DIG_MD5).
Removed export_cipher bit as this is dependent on eff_bits < bits.
Verified with:
grep ,KEX_ packet-ssl-utils.c | awk -F, '{bits=$6!=$7;ex=$9;
if ((bits && !ex) || (!bits && ex))print $6, $7, $8, "###", $0}'.
Removed space before SIG_RSA for cipher 51 for consistency with others.
svn path=/trunk/; revision=52147
the tvb_memcpy on the next line should be taking more data, but I don't know
enough about the protocol to be sure. This is the least disruptive way to fix
the last valgrind error from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941
svn path=/trunk/; revision=52145
Add reassembly support for AFS.
From me: minor tweaks to conform to other reassemblable protocols; indentation
fixes; modelines
svn path=/trunk/; revision=52113
Document each function. Note that we now call tvb_get_ptr() before
modifying the address in tvb_set_address() and tvb_set_address_hf(). The
caller doesn't have to worry about doing that any more. Add
add_address_to_hash64().
svn path=/trunk/; revision=52106
1. Case sensitivity differences between hf_ field name and formatted string.
2. Unnecessary whitespace between hf_ field name and colon in formatted string
There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed.
svn path=/trunk/; revision=52098
(like a #define) at the beginning of a line before a value_string no longer
matches so a #define that includes the beginning of a value_string doesn't
confuse the script.
svn path=/trunk/; revision=52089
Substantial enhancements to MQ protocol: all Structure, MSG_REQUEST/ASYNC_RESP,
MQ Multi Segment are decoded until version 7.1/7.5
svn path=/trunk/; revision=52085
strdup the string built in a strbuf if the scope is the same. Remove the
thoroughly unnecessary temporary variable as well.
svn path=/trunk/; revision=52082