it from "packet-rtse.h" (which, at least on some platforms, doesn't
declare it as static, so GCC 4.0, at least, fails because the static and
non-static declarations collide).
svn path=/trunk/; revision=16312
their own.
Do the tapping as early as possible, so it's done even if exceptions are
thrown - and do it regardless of whether the tree argument is null or
not, because a tap might be run without generating protocol trees.
Generate the expert info regardless of whether the tree arugment is null
or not, as that's also used with taps.
svn path=/trunk/; revision=16303
the attached patch implements a dissector for the Fast Handovers for Mobile IPv6 protocol (RFC4068). This patch was produced against version 0.10.13 and extends the following files:
- packet-icmpv6.c
- packet-ipv6.h
- packet-mip6.c
- packet-mip6.h
svn path=/trunk/; revision=16302
this patch adds the description for LLC SAP 0xB4 and adds a dissector for basic format XID frames as documented in IEEE802.2. These frames are independent on the SAP / protocol and mandatory to all implementations.
svn path=/trunk/; revision=16301
too-large address in common code, and *don't* use tvb_get_letohl() to
get IPv4 addresses (just use proto_tree_add_item(), it works Just Fine).
For integral values, always do the tvb_ensure_bytes_exist() test; don't
just do it if the length is the expected value (the real problem is with
bogus too-large lengths, so it's more important to do the check if the
length *isn't* the expected value!). Fixes bug 549.
svn path=/trunk/; revision=16298
The ftbp.patch file includes:
a) A fix to acse.cnf which works around an asn2eth bug (it is the AE-qualifier EXPORT I want, but asn2eth doesn't generate the appropriate extern for the values). Also a small cosmetic change for EXTERNAL decodings.
b) New EXPORTs for the FTAM dissector for use in FTBP.
c) A fix to asn2eth to solve the problem if you EXPORT types that include a '-' character in the name (e.g. "AE-qualifier" from acse.cnf, "Date-and-Time-Attribute" from ftam.cnf). The problem is that asn2eth generates the "xxxx-exp.cnf" file using the 'C' name (which has replaced '-' with '_') rather than the original 'ASN' name. The fix just undoes the replacement as I couldn't see the original name being preserved anywhere. There still remains a problem if the type has a '.' in the name - but generally I don't think they do.
* Better ROS handling and registration
* Simplified RTSE registration
* X411 column information, extension naming and use of new RTSE/ROS registration
* X420 notification extensions, warnings removal and export of ExtensionsField (missed from recent FTBP patch).
* Better highlighting of S4406 protocol.
svn path=/trunk/; revision=16296
nds_tags[] and in switch statements. (Also, catch a case where we
didn't use NDS_PTYPE_ values.)
Use the existing #defines for MVTYPE_ values.
Make the handling of NDS_PTYPE_{IP,UDP,TCP} in one case match the
handling of the other cases (don't advance "ioffset", as it's advanced
by the length of the item).
When checking whether an NDS reply has a completion code, don't check
the fragment size, check the reassembled packet size.
Fix the handling of referrals in one case.
svn path=/trunk/; revision=16291
Hand NCP_ALLOCATE_SLOT and NCP_DEALLOCATE_SLOT packets to
"dissect_ncp_request()", so we match up requests and replies, fill in
the Info column properly, etc..
svn path=/trunk/; revision=16289
switch statements.
Add some sanity checking for ptvcursor_advance calls.
proto_tree_add_item() works fine for IPv4 addresses; use it for them.
(tvb_get_letohl() doesn't work fine for them, even though it appears to
do so on little-endian machines.)
Only set the "visible" flag on the protocol tree when we're sure we have
one, so that it gets set even if we create a temporary tree.
Catch exceptions when dissecting requests, and compute and save the
results of conditional tests before rethrowing the exception, so the
results get saved even if the dissection gets an exception.
svn path=/trunk/; revision=16288
FT_UINT_BYTES and FT_UINT_STRING correctly when the tree argument is
null (which involves carving proto_tree_add_item() into bits and having
both ptvcursor_add() and proto_tree_add_item() call those bits).
svn path=/trunk/; revision=16287
- some improvements to the NORM decoder, and the ability to
(optionally) heuristically detect NORM.
- some improvements to FEC block labelling.
- making the LCT header extension handler more generic and to decode more header extensions.
svn path=/trunk/; revision=16280
makefile.common.diff - epan directory
1. Adds new packet-ncp-sss.c and packet-ncp-sss.h for new Secret Store dissector
New Novell Secret Store Services dissector
packet-ncp-sss.c
packet-ncp-sss.h
ncp2222.py.diff
1. Adds a number of return values
2. Adds 64bit file size support
3. Add NCP 89,xx NCP's for UTF8 support
4. Fixes a number of field values for proper dissection
5. Adds support for Secret Store dissector
packet-ncp2222.inc.diff
1. Skwelches some compiler warnings
2. Redo of fix for bug 535 which original fix broke dissection of NDS verb 5
3. Adds support for Secret Store dissector
4. Adds expert data
5. Adds tap for service response time
6. Fixes dissection of stream attribute
7. Fixes defragmentation problem with more then 10 fragments
8. Fixes NDS dissection if reply buffer was less then 7
packet-ncp.c.diff
1. Adds tap data
2. Adds expert data
3. Fixes calculation for NCP connection number
4. Fixes malformed packet for destroy service connection
packet-ncp.c.diff
1. Adds tap data
svn path=/trunk/; revision=16266
us from crashing and it keeps Valgrind from taunting us with
==29091== Warning: silly arg (-1) to malloc()
Fixes bug 537.
svn path=/trunk/; revision=16258
a capture file. This should fix bug #536.
Make sure we initialize our hash tables in packet-dcerpc-nt.c and several
other files. Fix up whitespace while we're at it.
svn path=/trunk/; revision=16255
packet-iuup.c(660) : warning C4244: 'function' : conversion from 'double ' to 'float ', possible loss of data
packet-iuup.c(665) : warning C4146: unary minus operator applied to unsigned type, result still unsigned
packet-iuup.c(665) : warning C4244: 'function' : conversion from 'double ' to 'float ', possible loss of data
svn path=/trunk/; revision=16250
a CHOICE might not consume any butes in teh encoding if there were no matching
choice arms found.
make the loop in acse abort with malformed packet if the choice failed to decode anything to prevent an infinite loop in bug 529
svn path=/trunk/; revision=16207
Attached is a patch which makes the console log level (warning/message/debug etc) a configurable preference. There's no gui for setting it, but since it's pretty much only going to be useful for developers, I'm sure you'll cope...
----
I've added a small comment to the file output that it has no dialog output
svn path=/trunk/; revision=16205
correct a bug in parsing Lucent/Ascend PPP dumps. Basically, blobs with "PPP-OUT" should be labelled "PPP transmit" while blobs with "PPP-IN" should be labelled "PPP receive". The current code labels them the other way around.
packet-ppp.c
- Properly decode option to enable ECRTP (it wasn't decoded).
- Use the ipv6 knob to control ipv6 decoding (previously, it
was using the ipv4 knob).
svn path=/trunk/; revision=16194
fixes the AF/SAFI codepoints
for BGP Layer-2 VPNs from a Juniper pre-standard implementation to the new "official" IANA assigned codepoints.
From Julian Onions
packet-rmt-norm.ch Decode more oif the protocol
svn path=/trunk/; revision=16183
- dissect_per_bitstring needs to know if extention exists or not.
- Fixes for bitstring sizes up to 16 ( where max = min ).
svn path=/trunk/; revision=16181
Make them not reuse a va_list; there's no guarantee that it can be
used more than once and, in fact, on some platforms, you *can't* use it
more than once. Based on a patch by Pekka Pietikainen.
Clean up indentation a bit.
svn path=/trunk/; revision=16174
In the bssgp an IE was decoded as mobile identity and should be decoded as (p)tmsi only.
The patch is attached to this email. It also consists the new atm patch which was send yesterday.
svn path=/trunk/; revision=16146
Extensions to the h.245 dissector to extract H.223 Multiplex Code and Logical
Channel setup messages, and pass this information to the H.223 dissector.
svn path=/trunk/; revision=16139
I've spotted a bug in the new desegmentation in iax2, which
means that higher-level PDUs aren't dissected when they ought to be, but
tend to be grouped together in later packets - I've attached a patch
against svn r16110 to fix this; it also makes the code a bit clearer...
svn path=/trunk/; revision=16121
and when called from TCP this pointer would be uninitialized and thus dump core when dereferenced.
at the same time remove the rotating buffers
this fixes bugs 498 and 501
svn path=/trunk/; revision=16117
instead of calling the tcp analysis (and prepend colingo) eitehr after the subdissector returned normally or if an exception caused by a subdissector was rised.
this as a sideffect caused tcp analysis data to be overwritten if the subdissector caused any output to the info column. (and made tcp analysis suboptimal)
this change adds a new function col_prepend_fence_fstr() that will prepend
the info column with the string and also, if there was no fence already defined, create a fence and set it after the prepended col info text.
This way, even if the subdissectors generate and rewrite col info, the tcp analysis data will still be displayed on the info column.
svn path=/trunk/; revision=16116
"dissect_nt_sec_desc()". Add a Boolean argument to
"dissect_nt_sec_desc()" to indicate whether a length was passed to it
(so we don't treat -1 as a special value; we want to stop treating -1 as
a special length value, and, in fact, want to stop treating *any*
negative length values specially, so that we don't have to worry about
passing arbitrary 32-bit values from packets as lengths), and have
"dissect_nt_sec_desc()" initially create the protocol tree item for the
security descriptor with a length of "go to the end of the tvbuff", and
set the length once we're done dissecting it - and, if the length was
specified, check at *that* point, *after* we've dissected the security
descriptor, whether we have the entire security descriptor in the
tvbuff.
That means that we don't have to worry about overflows after
"dissect_nt_sec_desc()" returns - if the length was so large that we
would have gotten an overflow, we'd have thrown an exception in the
"tvb_ensure_bytes_exist()" call at the end of "dissect_nt_sec_desc()".
Do sanity checks on offsets within the security descriptor, so we know
the item referred to by the offset is after the fixed-length portion of
the descriptor.
svn path=/trunk/; revision=16113
BER identifier and length information; calling
"dissect_ber_identifier()" and "dissect_ber_length()" with a null tree
argument doesn't have any advantages over that.
Don't put an octet string into the protocol tree twice, once with
"dissect_ber_octet_string()" and once with the real value; once is enough.
svn path=/trunk/; revision=16112
The current ethereal eDonkey dissector fails to handle a number of valid packet types - in particular the normal server<->client communication between current eserver and eMule versions (from both
sides) produces packets which ethereal incorrectly claims to be malformed.
This patch fills in these holes.
svn path=/trunk/; revision=16107
1) Fixes context-tagged BACnet errors.
2) Fixes indeterminate tag data. If the tag length/value/type variable
was 6 or 7 you could not tell whether it was an open/close tag or had
length 6/7.
3) Don't make assumptions about property types for proprietary BACnet
object types.
svn path=/trunk/; revision=16104
bug 497 (as well as a crash on an *unfuzzed* IAX2 capture!).
Set "pinfo->can_desegment" before calling dissectors; that's expected
for dissectors that do TCP-style desegmentation.
svn path=/trunk/; revision=16099
fact, in GLib 1.2, it *can't* have one. As the value destroy function
for this hash table does nothing, don't bother with it - and create the
hash table with "g_hash_table_new(), rather than
"g_hash_table_new_full()", so it works with GLib 1.2[.x].
svn path=/trunk/; revision=16096
04-stream.diff
A simplified packet reassembly API built on top of fragment_add_seq_next for
reassembling fragments that are delivered in-order, where fragments are
identified by a framenum and an offset into that frame. Streams are attached
to a conversation or a circuit and are unidirectional.
svn path=/trunk/; revision=16082
New "Fax T38 Analysis" added to the "Statistics" menu to:
- Reassemble the HDLC t30 frames and dissect the header.
- Analyze the UPDTLPacket seq num for packet lost
- Stats of V.x Data:
- Count the Data bytes
- Duration
- Wrong seq num
- Max Burst of packet lost
svn path=/trunk/; revision=16073
X420 - incorrect ExtendedBodyPart handling
ACSE - support for implicitly tagged EXTERNALs and dissection based upon direct-reference RTSE - same change for RTSE EXTERNAL handling as above CMS - support for ContentType, MessageDigest, SigningTime and CounterSignature attributes ESS - support for ESSSecurityLabel and EquivalentLabels attributes
svn path=/trunk/; revision=16072
allows the dissection of ContentInfo based upon it's OID - something that is used for a secure X.400 messages (Protecting Content Type (PCT)).
svn path=/trunk/; revision=16069
00-iax.diff
Modifications to the IAX2 dissector so that it offers desegmentation to
subdissectors using the same API as TCP offers (pinfo->desegment_len etc)
01-amr.diff
Modifications to the AMR dissector to allow AMR IF2 data to be dissected via
call_dissector() from packet-h223.c. This patch also causes the AMR dissector
to append the frame type string to the info column, so that the info column
shows what protocols an H.223 frame contains.
02-h263-data.diff
Modifications to packet-h263.c to separate the dissection of h.263 RTP
encpasulation from the dissection of the actual h.263 data. The data
dissection functions are added as a second dissector. This data-only
dissector is used to dissect the video channel in our h.223 streams. As with
the AMR modification, this makes the H.263 dissector append to the info
column.
svn path=/trunk/; revision=16068
TPG now uses the ignore feature of tvbparse
named sub_rules can have cardinality
epan/tvbparse.c:
do not crash on zero cardinality
svn path=/trunk/; revision=16065
Add a simple stack implememtation that uses ep_alloc
Add ep_new() ep_new0() macros
tpg.[ch]:
use the stack in tpg helpers
svn path=/trunk/; revision=16061
uses proto_item_append_string(). The visibility hack must be present, otherwise
a dissector assert is generated within the MMSE dissector.
svn path=/trunk/; revision=16060
A patch to allow the JXTA dissector to pass fuzz testing. It
also removes a couple of unused things and optimizes handling of the raw
data dissector.
svn path=/trunk/; revision=16051
the lines of what's done for RADIUS. That keeps them together (and
separate from other files), and makes the layout of the top-level source
directory closer to the layout of the installation directory, so that if
you run Ethereal or Tethereal from the top-level directory on Windows
it'll pick up the Diameter dictionary files (if it supports loading
them), and can do so on UN*X if we support a mechanism to let it find
its control files in the directory in which the binary resides.
Use the diameter_DATA, dtds_DATA, and radius_DATA macros in the
EXTRA_DIST macro, so you only have to change the lists of Diameter, DTD,
and RADIUS files in one place if you add or remove a file.
svn path=/trunk/; revision=16050
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
- add a tvbparse_handle() (for recursion)
- change tvbparse_until() to allow more control when parsing
- make the wanted control an union so that different types of data can be used
packet-xml.c:
- change the parser definition to match changes to tvbparse_until()
svn path=/trunk/; revision=16045
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
set it to a value that should indicate that the opcode is unknown, and
also indicates what the value is. (Especially don't do it without
calling check_col() to check whether we *should* change the info column,
as we'll dereference a null pointer if we shouldn't; this change should
fix bug 489.)
svn path=/trunk/; revision=16038
will only process FT_PROTOCOL fields. As a result, proto_item_append_string()
calls may throw a dissector exception, as only a FT_STRING or FT_STRINGZ can be
appended to with this call.
In order to prevent these dissector assertions, silently return from the append
call if the field is a FT_PROTOCOL.
Note that when the tree is visible, the updates of the fields occur normally,
as expected.
svn path=/trunk/; revision=16035
- tvbparse_some now handles 0 items.
- added accessors for a tt's offset and remaining length.
in packet-xml:
- min_len=0 for tvbparse_chars() is soon going to mean zero instead of 1 change the 0s to 1s.
- attribute names can have ':' even if it's namespaces isn't managed yet.
- split the xml grammar in more elements so It can be actually read by a human being.
svn path=/trunk/; revision=16031
Given a bnf-like grammar generate a set of helpers for a dissector
It's not working yet, however I need this checkin as a cheeckpoint
(I'll write the doc when it starts to be ready)
svn path=/trunk/; revision=16021
ito make it easier to read use doublespace to separate the items on the expansion line instead of ',' since so many of the strings contain spaces.
cleanup fc slightly and remove a redundant parameter
svn path=/trunk/; revision=16019
shorter than 2 bytes, and make the item for an AVP with a length < 2 a
generated item.
Put the top-level item for an AVP into the tree the same way regardless
of whether it's Vendor-Specific or not, and skip past the type and
length right after that, before we check for Vendor-Specific. (This
means we no longer treat "vendor ID = 0" as an indication that this
isn't Vendor-Specific - nothing prevents a packet from getting onto the
wire with a vendor ID of 0; this fixes bug 485.)
Don't require a Vendor-Specific AVP to be at least 6 bytes long; it
might not be particularly useful to have one that has a vendor ID and
nothing else, but we might as well dissect the vendor ID portion.
Do some other cleanups.
svn path=/trunk/; revision=16015
"abort()" if the ETHEREAL_ABORT_ON_DISSECTOR_BUG environment variable is
set; this is for debugging purposes, to make it easier to get a stack
trace of the offending call.
svn path=/trunk/; revision=16013
- The incorrect number of octets were highlighted (bearer type and port number
were disregarded).
- In SIR version 1 content, correct the parsing (full WSP address length was
not added to the offset for parsing the non-WSP contact points).
svn path=/trunk/; revision=16012
rewrite the functions to do proto_item_append_text() instead of building a string and then printing it.
The new function is functionally equivalent to the previous function except it does not print the values of the multi-bit fields to the expansion
(the expansion line is already a km wide as it is)
there are now only 202 strcpy() left in epan/dissectors down from 300+ instances some weeks ago.
svn path=/trunk/; revision=16009