Problem:
The existing sll dissector does not handle ppp_hdlc packets (sll.ltype == 0x0007).
Resolution:
Alter packet-sll.c to call the ppp_hdlc dissector when a packet with sll.ltype=0x0007 is received.
svn path=/trunk/; revision=21647
the parentheses are needed - not that I can remember which of && and ||
have higher precedence, anyway, which is why I like parenthesizing
expressions such as this...).
svn path=/trunk/; revision=21631
- HT Control fixes and updates
- Add an is_ht flag to the common dissection and capture routines, along
with a registered dissector (which is used in code that hasn't been
checked in yet.)
- Action Fixed Parameter updates
- Control Wrapper fixes and updates
- Beacon Interval fixes and updates
- Capability Info fixes and updates
- Block Ack / Block Ack Request fixes
- Lots of miscellaneous fixes and updates
svn path=/trunk/; revision=21630
to work around the "data" field of a GArray being a guint8 *, and
defines a g_array_data() macro to extract that field and cast it to void
*.
Use that header where needed.
svn path=/trunk/; revision=21627
it a lot more like the Makefile.nmake file. Also, use $(PROTOCOL_NAME)
in a couple of places in Makefile.nmake where it wasn't being used
before.
(It might be interesting to see whether we can use a template for these
Makefiles, and just tweak some variables at the beginning.)
That lets us get a Q.932 ROS dissector with the right file name and with
"q932.ros" rather than "q932-ros" as the dissector name; do that.
svn path=/trunk/; revision=21625
discarding a qualifier by explicitly casting away the qualifier;
constness should persist, so that attempts to, for example, modify
something you got with tvb_get_ptr() get complained about (as we don't,
and won't, guarantee that you will get correct behavior if you do that).
Just make the pointer to which a const pointer is being assigned const
itself.
Yet *AGAIN* work around GArray's brokenness of having its data pointer
be a guint8 * rather than a void *.
svn path=/trunk/; revision=21623
dissector does.
The fix to the Makefile to generate packet-q932-ros.c changed the
protocol name in some cases; change it uniformly.
svn path=/trunk/; revision=21622
pointer to the guint8, plus explicitly defined structure offsets (the
structure had better be the same on all platforms, forever, otherwise
binary compatibility breaks, which would be an error, given that the
structure appears in capture files).
svn path=/trunk/; revision=21619
While looking into the http-dissector I improved a few things on
how it dissects a proxy CONNECT session. This is what I have changed:
- added the fields hf_http_proxy_connect_host and -port
- changed proto_tree_add_text to proto_tree_add_string and -uint
so that it's possible to filter on them
- make these two fields "PROTO_ITEM_SET_GENERATED"
- removed the alteration of the ports within pinfo, now the
ports in the column info are not changed to the port used to
connect to the backend server. It is now possible to use
follow-tcp-stream again on proxied ssl sessions.
svn path=/trunk/; revision=21618
Here's a patch that decodes MMS(Manufacturing Messaging
Specification) when transported over COTP/TPKT/TCP. Previously, MMS would only be decoded if the OSI Presentation Layers were present. Now MMS/COTP/TPKT/TCP is dissected.
With a change to use more functions from packet-ber
svn path=/trunk/; revision=21608
new protocol STARTEAM
>Hi,
>
>Here is a submission of a new dissector for the Borland StarTeam protocol.
>For the compiler warnings, I tried to get rid of them, at least what MSVC6
>is reporting. If your compiler reports more, please tell me the line number.
>As I do not have SVN installed but I compiled from the 0.99.5 tarball,
>please forgive me if I cannot easily generate diffs against current SVN (I
>tried my best with Cygwin).
>I also added the sample capture file on the Wiki on which I ran 900 loops
>of fuzz testing with no problem.
svn path=/trunk/; revision=21606
Attachment is a patch for adding a new Juniper NSRP dissector. In this patch, OICQ author email address
<dubingyao@gmail.com> has also been updated to <secfire@gmail.com>.
svn path=/trunk/; revision=21599
stuff to the UID tree unless it's UID stuff.
Also, as we appear to allow for null domain and account information in
dissect_smb_uid(), check for null information before trying to add it to
the top-level item.
svn path=/trunk/; revision=21597
does (i.e., it will add the address bytes to the value that's already
there - it will not initialize the value, so you have to clear it before
doing any hashing).
svn path=/trunk/; revision=21578
Improve the tid tracking by putting the host/share information on the tid expansion line so one can see it without opening the expansion
svn path=/trunk/; revision=21547
I have made some changes to the final patch to have the operation code decoded
as ForwardSM. A change for TCAP is included too, to be sure that the
application context is not overwritten by the User Info OID (this was the case,
when a MAP open dialog was included in the request).
Fix bug:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1498
svn path=/trunk/; revision=21543
(from -dev list)
On Sun, 2007-04-22 at 23:06 +0200, Joerg Mayer wrote:
> Can someone please have a look at uand fix the following warning:
>
> cc1: warnings being treated as errors
> packet-ssl.c: In function 'ssl_parse':
> packet-ssl.c:334: warning: ignoring return value of 'fread', declared
> with attribute warn_unused_result
The attached patch fix the issue. It also try to fix a bit the
indentation.
Me: Move size_t nbytes up to top of function and fix typo expeted->expected
svn path=/trunk/; revision=21527
--enable-extra-gcc-checks set.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
Constify a bunch of stuff, and make some other changes, to get rid of
warnings.
Clean up some indentation.
svn path=/trunk/; revision=21526
will stop crashing.
More .11n additions and updates from Dustin:
- Power Capability tag
- Supported Channels tag
- Block Ack/Block Ack Request
Fixup whitespace.
svn path=/trunk/; revision=21484
- MIMO Control frame support
- Control Wrapper frame support
- Measurement Pilot
- Action No Ack
- Block Ack Action
- PCO Phase Control
- PSMP Parameter Set
- Antenna Selection
- Extended Channel Switch Announcement
- HT Information
- HT Action
- MIMO CSI Matrices Report
- Fill in and update a bunch of hf strings
Fixup(?) whitespace.
svn path=/trunk/; revision=21482
This patch implements parameter dissection for about 1/2 to 2/3 of the messages in IS-801.
Built and tested against the latest source as of Friday April 13th 2007.
svn path=/trunk/; revision=21463
- Measurement Pilot frame support
- Various Block Ack fields
- Various Power fields
- Measurement Pilot field
- Country String field
- Channel Width field
- QoS Information fields
svn path=/trunk/; revision=21452
the current SVN (rev 21448) 802.11 WMM TSPEC dissector seems to have
some bugs.
TS Info field should be three bytes long, not two. Suspension Interval
field is missing altogether, shifting all other fields by four bytes.
Maximum Burst Size, Minimum PHY Rate, Peak Data Rate and Delay Bound
are in wrong order.
svn path=/trunk/; revision=21450
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
- Refactored Frame Control into its own function
- Refactored the Action field
- Add Block Ack/Block Ack Request
- Add a Control Wrapper stub
- Add the Neigbor Report tag
- Add the Extended Channel Switch Announcement tag
- Add the Supported Regulatory Classes tag
- Add the Secondary Channel Offset tag
svn path=/trunk/; revision=21415
mechanisms. (fix rev21398)
Windows buildbot sould be green again as formal parameters are the same as the
ones in the declaration now.
svn path=/trunk/; revision=21409
- Break out and display A-MSDUs
- HT Control field (currently disabled)
- Action No Ack
- HT Information IE
- HT Capability IE
- Block Ack Request
- Secondary Channel Offset Tag
- Measurement Request Tag
- Measurement Report Tag
...along with a bunch of other updates, including displaying the
type/subtype as a hex value (first nibble: type, second nibble: subtype).
svn path=/trunk/; revision=21391
New dissector support, SHIM6
checked in with the following modifications :
- use of proto_tree_add_item whenever possible (addition of several hf_items),
- use distinct subtree idx for each subtree,
- addition of some subtrees,
- split shim_opts in several functions,
- accurate incrementation of offset in locator preferences (in case of option length > 3)
- add true_false_string for critical options and protocol differentiation (hip, shim6)
- add ipv6.shim6.checkksum_good, ipv6.shim6.checkksum_bad, cksum expert info
section added to AUTHORS
svn path=/trunk/; revision=21390
This patch adds an option to IEEE 802.11 to ignore the wep bit with IV,
as mentioned in
http://www.wireshark.org/lists/wireshark-dev/200704/msg00021.html
I also fixed a bug where the packet is dissected different in the Packet
List with and without "Colorize Packet List" (actually when dissecting
with and without "tree"). Try toggling "Colorize Packet List" with my
previous posted ieee80211-wep.pcap without this patch to see the bug.
The patch is tested on OSX.
svn path=/trunk/; revision=21384
- changed dissect_ssl2_hnd_client_hello to use hf_ssl_handshake_version instead
of hf_ssl_record_version. SSLv2 client hello's did not display when the filter
ssl.handshake.version == 0x0002 was used, only SSLv2 server hello's were
displayed. Now they are both displayed
- Added generated hf_ssl_record_version to SSLv2 handshake. Since the SSLv2
does not include a record layer version field (unlike SSLv3), this field is
generated so that all packets with a SSLv2 record layer can be filtered out.
[this is actually what bug 1503 was all about]
svn path=/trunk/; revision=21373
remaining that I'm not sure exactly what to do with at the moment:
the one in packet-frame probably should be there, the others probably
shouldn't but they also should never fail unless there's a compile or build
problem (AFAICS).
svn path=/trunk/; revision=21367
update a dissector and recompile, make-dissector-reg.py can now pull
its list of registration routines from a cache instead of having to
scan through every dissector. The time to create register.c has gone
from 20 to 30 seconds down to 2 on my desktop machine.
The cache file is a Python pickle data stream. It should be portable
across architectures, so we may be able to add it to the distribution
at some point.
svn path=/trunk/; revision=21348
In make-dissector-reg.py, throw an error if we don't have enough files
to process, or if we don't generate enough registrations. "Enough"
is arbitrarily set to 100.
This should de-purple the buildbot. (I'm sure there's a "smoke on the
water" joke in there somewhere.)
svn path=/trunk/; revision=21338
Dissector for the DRDA protocol. This is the protocol used by among
others the DB2 database.
modify his entry in AUTHORS
svn path=/trunk/; revision=21331
- asn dissectors : libasndissectors.la
- pidl dissectors : libpidldissectors.la
- normal dissectors : libdissectors.la *and* libcleandissectors.la. I
separated it in two libraries temporarily. The source files used to build
libcleandissectors.la do not generate warning anymore and the -Werror is used
to compile them. If we patch a dissector and it doesn't generate warning
anymore, we have to move the filename dissector from DISSECTOR_SRC to
CLEAN_DISSECTOR_SRC in epan/dissectors/Makefile.common.
If you want to define specific cflags for one library type, let's say pidl, you
may define libpidldissectors_la_CFLAGS.
svn path=/trunk/; revision=21324
Add a table of DPCs and SSNs that allow to override the protocol that would be choosen
so that the same SSN can use two different protocols in two different DPCs.
I did not believe it someone could have done it, then I saw the captures...
svn path=/trunk/; revision=21321
The enclosed patch corrects a problem where jxta elements were being added to the protocol tree for segments that did not contain complete jxta frames. This patch ensures that the jxta proto elements are only added those the segments that end a complete, assembled jxta frame.
The patch has been fuzz tested with a broad selection of jxta captures and ran successfully overnight for over 4000 iterations.
svn path=/trunk/; revision=21305
Fix for Bug 1136 (TCP Checksum Validation)
TCP cksum 0xffff should not appear in TCP headers. RFC 1624 explains that it
can be generated by a (not-so-good) algorithm for incremental updates to the
tcp-checksum.
New behavior of wireshark when having cksum == 0xffff :
- use "Checksum: 0xffff [should be 0x0000 (See RFC 1624)]" in the
packet-detail pane
- set tcp.checksum_good to FALSE (just like checksum-offload packets)
- set tcp.checksum_bad to FALSE (just like checksum-offload packets)
- Generate an expert warning: "TCP Checksum 0xffff instead of 0x0000 (See RFC 1624)"
- add "[TCP CHECKSUM 0xFFFF]" instead of "[TCP CHECKSUM BAD]" to COL_INFO
svn path=/trunk/; revision=21295
- follows the same rules as the one in ipv4 dissector for
ipv6_[src|dst|addr][_host] items.
- use proto_tree_add_item for displaying the name of the parsed options.
- added header type value_string
- add an expert info for invalid jumbo value and invalid router alert
length.
- correction of invalid jumbo payload length
- get rid of variable declaration after statement
svn path=/trunk/; revision=21283
Martin Sustrik
here's a patch to AMQP dissector. The only change is that when there are
seceral AMQP frames in single TCP packet, all of them are referred in
the info column.
svn path=/trunk/; revision=21254
