https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5076
Use:
/*
* Dissect Multiple Choice Message
* This function is used to decode a message, when several encoding may be used.
* For exemple, in the last MAP version, the Cancel Location is defined like this:
* CancelLocationArg ::= [3] IMPLICIT SEQUENCE
* But in the previous MAP version, it was a CHOICE between a SEQUENCE and an IMSI
* As ASN1 encoders (or software) still uses the old encoding, this function allows
* the decoding of both versions.
* Moreover, some optimizations (or bad practice ?) in ASN1 encoder, removes the
* SEQUENCE tag, when only one parameter is present in the SEQUENCE.
* This explain why the function expects 3 parameters:
* - a [3] SEQUENCE corresponding the recent ASN1 MAP encoding
* - a SEQUENCE for old style
* - and a single parameter, for old version or optimizations
*
* The analyze of the first ASN1 tag, indicate what kind of decoding should be used,
* if the decoding function is provided (so not a NULL function)
*/
svn path=/trunk/; revision=34001
TCP bytes_in flight becomes inflated with lost packets
This patch suspends Bytes-in-Flight calculation when missing packets are detected.
svn path=/trunk/; revision=33994
Use tvb_strncmp to compare for "ESIO" string in packet;
Use consistent indentation conforming to the "editor modelines";
Minor other whitespce cleanup.
svn path=/trunk/; revision=33983
given UDP port; this is to handle the output for the Cisco CMTS "cable
intercept" command - it encapsulates Ethernet frames in UDP packets, but
the UDP port is user-defined.
svn path=/trunk/; revision=33964
LoadLibrary and g_module_open only for the program directory and system
directory on Windows. Use them to replace a bunch of LoadLibrary and
g_module_open calls. Use the extension ".dll" for all the DLLs that we
load. Add comments about DLL loading in Python.
svn path=/trunk/; revision=33924
bootp dissector when dissecting packetcable MTA capabilities).
Limit the tlv_len to G_MAXUINT16 to prevent an integer overflow from causing us to
increment the working offset by 0 (thus causing us to loop).
svn path=/trunk/; revision=33846
Good ZigBee Beacon detected as malformed
In ZigBee 2006 the Tx-Offset is optional, while in the 2007 and
later versions, the Tx-Offset is a required value. Since both 2006 and
and 2007 versions have the same protocol version (2), we should treat
the Tx-Offset as well as the update ID as optional elements
svn path=/trunk/; revision=33842
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
This patch adds to the Infiniband dissector the ability to dissect EoIB
(Ethernet-over-Infiniband) traffic which uses Mellanox Technologies Ltd's
standard for encapsulating Ethernet traffic inside Infiniband packets.
This patch is submitted on behalf of Mellanox Technologies Ltd.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5061
svn path=/trunk/; revision=33808
- Support for extended packet size for read/write block telegrams
- Added expert info for bad CRC, telegram retries and NAK responses
- Removed amount of retries which has not been displayed correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5088
svn path=/trunk/; revision=33807
The decoder expects to do not have any extra byte after the RAR bodies.
But according to 3GPP 36.321 8.8.0 chapter 6.1.5, the eNodeB is allowed to put padding at the end of the RAR PDU:
" A MAC PDU consists of a MAC header and zero or more MAC Random Access Responses (MAC RAR) and optionally padding as described in figure 6.1.5-4.
[...]
Padding may occur after the last MAC RAR. Presence and length of padding is implicit based on TB size, size of MAC header and number of RARs."
svn path=/trunk/; revision=33783
search attributes, as a 16-bit quantity, with only the bits specified by
section 2.2.1.2.4 of [MS-CIFS]. Use dissect_file_ext_attr() in all
cases where we're dissecting SMB_EXT_FILE_ATTR, as specified by section
2.2.1.2.3 of [MS-CIFS].
svn path=/trunk/; revision=33753
- Finally, better reassembly using fragment_add_seq_next().
The previous mode is still supported.
- Fixed sporadic decoding and export issues. Always decode
association negotiation, since performance check (tree==NULL)
is now only in dissect_dcm_pdv_fragmented().
- Added one more PDV length check
- Show Association Headers as individual items
- Code cleanup. i.e. moved a few lookup functions to be closer
to the dissection.
svn path=/trunk/; revision=33751
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5051
From me:
- Move proto_register... and proto_reg_handoff.. to the end of the file;
- Define a function as static;
- Minor reformatting and whitespace cleanup.
svn path=/trunk/; revision=33747
Dissect the SMB Tree_Connect_Andx Request and Response properly with
extension request and response which are documented in [MS-SMB] — v20100711
svn path=/trunk/; revision=33726
- Added more info for detecting S-Bus telegrams
- Added the display filter sbus.retry for finding re-sent request telegrams
- Added the possibility to jump from the request telegram to the response
telegram
- Added response time to the response telegram
- Added telegram types "Read/Write Block"
- Corrected the "Read System Info" telegram (CRC was not correctly calculated)
- Changed my EMail address
- Small typos corrected
svn path=/trunk/; revision=33718
The Infiniband dissector currently uses a heuristic where it attempts to parse
IBA payloads as if they contained encapsulated traffic with an Ethertype
header. While a relatively common occurrence and thus a fairly useful feature,
this heuristic in many cases causes false-positives which invoke unneeded
dissectors and generate noise in the form of unjustified "malformed packet"
errors these dissectors cause. This patch adds a checkbox to the Infiniband
preferences menu that allows users to disable this feature if desired. The
option remains on by default.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5062
svn path=/trunk/; revision=33703
matches 0xaa55.
I don't know the historic reason for decoding this as "Mysterious Field",
but newer of Network Monitor (3.4) does show this as version and signature.
svn path=/trunk/; revision=33696
In some cases the usage may have been benign since it can be seen by code inspection that the maximum value of the end variable can't exceed the maximum value of the loop variable.
However, on general principles, all the usages have been fixed.
svn path=/trunk/; revision=33692
- Fix dissection of MU_RF_STATS_BLOCK
- Try to dissect embedded 802.11 frames (only works for the
header, there seems to be a constant value of 0xa8b7 between
wireless header and wireless data.
svn path=/trunk/; revision=33682
include the FCS, and use it for the Daintree SNA file format. While
we're at it, explicitly check to make sure the purported packet length
gives it at least one byte of packet data, and fix some print formats to
use %u for unsigned values.
svn path=/trunk/; revision=33678
The attached patch fixes the dissection of the PDN Disconnect Request message
in case the optional Protocol Configuration Options IE is not present.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5065
svn path=/trunk/; revision=33654
- packet-mip6.h is not used elsewhere;
- packet-mip6.h includes value string definitions.
Rename enum variables to be more distinct: ... ==> MIP6_...
Whitespace cleanup.
svn path=/trunk/; revision=33632
The committed changes in 33624 did not include all fixes of the previous patch
file - Please add the fix for the field description of the 8-bit Deep Hops Left
field
Attached file contains this fix (+as well as small correction to the field
descriptions of V and F flags, according to the terminology of RFC 4944)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5047
svn path=/trunk/; revision=33630
I've made next updates for MIPv6 Mobility Options.
- Restart Counter
- IPv4 Default Router Address
I've made some minor change re-using same type of header fields.
- IPv4 Home Address field in several IPv4 related mobility options.
- Status field in several IPv4 related mobility options.
- Prefix Len field in several IPv4 related mobility options.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5042
svn path=/trunk/; revision=33629
packet-6lowpan.c dissects the non-compressed ipv6 fields in an order different
from the one specified in RFC 4944 §10.3.1.
The patch fixes the wrong order and an additional problem with the dissection
of the mesh header: support for the Deep Hops Left field (RFC 4944 §5.2)
svn path=/trunk/; revision=33624
encapsulation/data-link type to 16 bits, and shuffle some fields to
eliminate some unnecessary padding - the net result should be no change
in the structure size for 32 bits and a few bytes removed for 64 bits.
This allows more encapsulation types - we've just about run out of the
ones that fit in a signed 8-bit integer - and thus should fix bug 5025.
svn path=/trunk/; revision=33613
It appears that SCSI_SPC_ACCESS_CONTROL_IN is incorrectly set to opcode 0x85
where the actual opcode is 0x86. 0x85 is the opcode for the 16-byte version
of the ATA PASSTHROUGH command of the SAT standards family.
svn path=/trunk/; revision=33611
"hf_slotid4 is used for all possible slotid fields in sequence op. This patch
separates them out and makes it useful for filtering."
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4995
svn path=/trunk/; revision=33601
Minor update to packet-ipv6.h to reference the correct RFC, and more accurately
describe the ip6_un1_flow data structure.
svn path=/trunk/; revision=33595
- Interval is now a 12 bit value in 1/100 s.
- The address type of the virtual address is the address type
of the network protocol.
Bugs: Currently the mbz and the interval don't look nice.
The checksum is incorrect (but it was incorrect with the
old code as well, so it isn't a regression).
svn path=/trunk/; revision=33550
with the Lua or libgnutls flags, as nothing in the top-level directory
should use them directly.
However, libwireshark *does* require the Lua flags, so use them.
svn path=/trunk/; revision=33534
libwireshark into libwireshark, and call it only in programs linked with
libwireshark. That way, programs that don't link with libwireshark
don't have to link with libgcrypt or libgnutls solely so that they can
say that they're linked with a particular version of libgcrypt or
libgnutls.
Don't link dumpcap with libgcrypt or libgnutls any more.
svn path=/trunk/; revision=33531
back to and including my attempt to make it iterative. Move its guts
back into try_get_ber_length() and add a recursion level check.
This should fix CVE-2010-2284 and preserve existing behavior without
introducing any new regressions (such as bug 5000).
svn path=/trunk/; revision=33505
NFSv4 COMMIT Requests are not decoded. NFS "malformed packet" logic is
tripped.
This was a bug introduced with the changes in bug 4975. The dissector
erroneously tries to decode 4 bytes past the end of the packet.
A patch is attached that fixes that, as well as adds "Offset" info in the Info
column for COMMIT calls.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4990
svn path=/trunk/; revision=33478
2nd info column):
Duplicate col_do_append_sep_va_fstr()'s code into col_append_fstr() and
col_append_sep_fstr() (and remove col_do_append_sep_va_fstr()) because we need
to call va_start() and va_end() after each call to g_vsnprintf(). (This is a
followon to rev 32961.)
svn path=/trunk/; revision=33472
dissectors/Makefile.common:
The following dissectors were missing from CM:
dissectors/packet-dcerpc-budb.c
dissectors/packet-dcerpc-butc.c
dissectors/packet-dcerpc-drsuapi.c
dissectors/packet-gsmtap.c
Both: Whitespace fixes and reordering.
svn path=/trunk/; revision=33462
packet-nfs.c:699: warning: type defaults to 'int' in declaration of 'nfsv4_operation_tiers'
packet-nfs.c:9583: warning: unused variable 'saved_fh_hash'
packet-nfs.c:9580: warning: unused variable 'name'
svn path=/trunk/; revision=33448
Improve heuristics to exclude cases where the traffic
definitely isn't Cisco's IPSEC inside TCP.
Does this obsolete the NDMP protocol check?
svn path=/trunk/; revision=33441
- Primarily: ethernet name lookup returns either
unresolved or resolved ethernet name depending upon whether
MAC Name resolution is disabled or enabled.
Previously: Unresolved or resolved name cached at first reference
and then always returned for future references no matter whether
MAC Name Resolution was enabled or disabled.
- Also: Refactor ethernet, manuf & well-known-addr related code;
ToDo: (separately): Redisplay when 'MAC name resolution' enabled/disabled.
svn path=/trunk/; revision=33401