From Anders Broman: parse security mechanism as specified in RFC 3329
Change-Id: I37300aa45740a11679149550943b3a1614ac8423
Reviewed-on: https://code.wireshark.org/review/138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
- packet-bencode.c had the wrong FSF address
- wslua_int64.c had the license as a footer instead of a header
Change-Id: I71204b36a1034af72874d6fe87929c31c9ff03df
Reviewed-on: https://code.wireshark.org/review/123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
There is no public spec, based only on analyze of packet
It is more easy to found the address IP of Intant AP
Change-Id: I3baf205c5e4ad699b954f4a9fbf4b9e65f82cb36
Reviewed-on: https://code.wireshark.org/review/121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Specification: "If the TxAdd or RxAdd fields are not
defined as used in a given PDU then they shall be considered
Reserved for Future Use."
Change-Id: I767c0df0366afe789624046cda2d49c9875ffe60
Reviewed-on: https://code.wireshark.org/review/103
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Linux USB Header should be in Host Endian.
Also add ENC_HOST_ENDIAN to simplify code.
Change-Id: I95e7d97014633e8fc1d7739d0728780d70c60442
Reviewed-on: https://code.wireshark.org/review/15
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Apparently very recent gcc versions *do* complain about the cast from gint to
enum, despite the comment to the contrary.
Change-Id: I422df9950f1c7c46ca8ea37a0e3abd7aa8fc1c7d
Reviewed-on: https://code.wireshark.org/review/89
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed “GUID” to “CID” (Connection Identifier), as the original term carried common meaning and baggage that was not intended
Change-Id: I04986331aee33be237dab6963c0ff39accf507cd
Reviewed-on: https://code.wireshark.org/review/81
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When the GUID (CID or Connection Identifier in a more recent spec) field in Public Flags is 0, a zero-length item would be added.
This trivial patch prevents a dissector exception by checking the length first.
Change-Id: Idf6d970bc1b0b3f1a8e47618a8759f6a0cd54c65
Reviewed-on: https://code.wireshark.org/review/78
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
messages on the Data Display Channel (DDC)
this dissector is available as an option for I2C messages
it handles EDID messages (Extended Display Identification Data)
and passes HDCP messages on to the HDCP dissector
Change-Id: Ia8d8e73c36e2a1ad560b911dd4c1c9f34997b5c2
Reviewed-on: https://code.wireshark.org/review/63
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Try to dissect even it the size is not as expected.
Windows doesn't use alignment for smb-direct.
Change-Id: I66c465d331aaab5caf28385a6dd3a43b63af2208
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/56
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Change-Id: Ie1b684327a77c265188d916c1242d335c55aa8cb
Reviewed-on: https://code.wireshark.org/review/65
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
add editor modelines
Change-Id: I5433e0d41a30043264a0f60c2166de471c80745c
Reviewed-on: https://code.wireshark.org/review/64
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
This is wrong it breaks all sort of things. The "Volume label field"
is a special case, which can be fixed by using nopad=TRUE.
Change-Id: I3cd3f30ff0076d5e31a735391b175fd68e5fa142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/26
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
* Update to the last IANA icmpv6-parameters (2014-01-30)
* Update to final draft (for RFC 6743 and RFC 6775)
* Add RFC 7112 (Implications of Oversized IPv6 Header Chains) support (Add new Parameter Problem code)
* Fix a encoding arg
Change-Id: I90f65dfc54e5c0aff21a0e7ec2c937304aced02d
Reviewed-on: https://code.wireshark.org/review/62
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
- SNMT messages where presented in a way, where the value of the
field was not pointing to the correct bytes where it came from
- Sender / Receiver where renamed to be better understandable
- SN send to (Receiver) now comes first as it does in the byte
stream
Change-Id: I364cb248bed9489c0cf9c7bf9fbd37b0225dbd78