this dissector will not yet detect when ppp is passed over the rfcomm link
but the old code to detect and deescapt the ppp data is still in the dissector, though ifdeffed out to serve as inspiration when ppp over rfcomm captures are made available.
the only captures i have with rfcomm are for raw serial communications so they dont contain any ppp frames. :-(
svn path=/trunk/; revision=18221
acl chandle + direction + l2cap-CID to uniquely identify a single specific
flow of PDU packets.
So we need to pass the chandle upp from acl to l2cap at least.
It would have been nice to handle this using "conversations" but the bluetooth
stack does not eaily map to the idiom host:port<->host:port
instead in bluetooth you have unidirectional flows that are identified by ACL-chandle:L2CAP-CID:direction and additional state held inside l2cap would attach two such flows together into a "conversation".
Bluetooth packets themself only indentify "half" of the two way conversation.
svn path=/trunk/; revision=18218
the fragment reassembly from the old patch is commented out since it has to be redone completely using emem and se_trees the proper way.
but to do this i would need example captures of fragmented bluetooth traffic first.
svn path=/trunk/; revision=18149
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
Here is a patch for gsm_map dissector that adds USSD string decoding (mainly used in processUnstructuredSS-Request, UnstructuredSS-Request, UnstructuredSS-Notify). For now, it assumes that it will be GSM 7 bits.
It re-use packet-gsm_sms.c "gsm_sms_char_7bit_unpack" and "gsm_sms_char_ascii_decode" functions, as well as packet-smpp.c "smpp_handle_dcs" function.
svn path=/trunk/; revision=17739
rename binding into assoc(iation) which is the AOC name.
move the definition of sccp_assoc_t to packet-sccp.h so that information regarding sccp associations it can be used by user protocols
svn path=/trunk/; revision=17590
- New Dissector Novell Cluster Services
1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"
svn path=/trunk/; revision=16844
Log:
From Grame Lunt:
updated X.500 dissectors to include DOP support.
The "dop" dissector is the renamed "x501" dissector consequently the asn/x501 directory should be removed. The patch includes the changes to epan/dissectors/Makefile.common to reflect this.
As the DOP dissection is not fully tested, I have disabled it by default for now (like DSP) but it can be enabled by the user.
svn path=/trunk/; revision=16727
New protocol : CIGI (with minor updates to make it heuristic)
Hi,
This patch is for a CIGI dissector (complete versions 2 and 3). It has
been [fuzz] tested on GNU/Linux using the Ethereal 0.10.13 codebase.
However, the patch here is against the svn repository.
More information about CIGI can be found at http://cigi.sourceforge.net/
Kyle Harms
svn path=/trunk/; revision=16681
Added a new dissector for CDT (CompressedDataType) as
defined in STANAG 4406 Annex E. This dissector is used in P_Mul to
decode encapsulated X.411 content. I have added a function in the
X.411 dissector to decode a MTS APDU without having a ROS
Changes in this patch:
* Added CDT dissector
* Use CDT dissector in P_Mul
* Added function to decode MTS APDU in the X.411 dissector
svn path=/trunk/; revision=16567
we will do service-response-time statistics before other inferior products have even noticed a new protocol is in town.
svn path=/trunk/; revision=16463
New protocol : STANAG 5066
I changed it from being a plugin to a builtin dissector
and also changed a couple of small bugs
svn path=/trunk/; revision=16390
makefile.common.diff - epan directory
1. Adds new packet-ncp-sss.c and packet-ncp-sss.h for new Secret Store dissector
New Novell Secret Store Services dissector
packet-ncp-sss.c
packet-ncp-sss.h
ncp2222.py.diff
1. Adds a number of return values
2. Adds 64bit file size support
3. Add NCP 89,xx NCP's for UTF8 support
4. Fixes a number of field values for proper dissection
5. Adds support for Secret Store dissector
packet-ncp2222.inc.diff
1. Skwelches some compiler warnings
2. Redo of fix for bug 535 which original fix broke dissection of NDS verb 5
3. Adds support for Secret Store dissector
4. Adds expert data
5. Adds tap for service response time
6. Fixes dissection of stream attribute
7. Fixes defragmentation problem with more then 10 fragments
8. Fixes NDS dissection if reply buffer was less then 7
packet-ncp.c.diff
1. Adds tap data
2. Adds expert data
3. Fixes calculation for NCP connection number
4. Fixes malformed packet for destroy service connection
packet-ncp.c.diff
1. Adds tap data
svn path=/trunk/; revision=16266
almost none of the data - fill in only variables for what we need, and
use proto_tree_add_item() in most cases.
Move what's left of the packet-winsrepl.h header into packet-winsrepl.c,
and get rid of the header.
Dissect the name flags field in detail, as per the Samba code.
We don't do any checks for whether the packet is a valid WINS
replication packet, so don't make the dissector a new-style dissector.
svn path=/trunk/; revision=15935
This makes Ethereal build again - there's no real reason that
ethereal fails to build for such a long time on so many platforms.
svn path=/trunk/; revision=15835
commit replaces the hand written dcerpc initshutdown and winreg
interfaces with autogenerated ones.
The pidl generated code is still a bit rought around the edges but will
hopefully improve with time.
svn path=/trunk/; revision=15812
A new dissector - cimd dissector. CIMD stands for Computer Interface to Message Distribution and it's used to transfer short messages between applications and Nokia Short Message Service Center.
svn path=/trunk/; revision=15777
I attach my RTSE dissector (in tar file) which requires the included ROS dissector, as well as a patch to the latest pres.{cnf,asn}. The ROS dissector uses a new field in the SESSION_DATA_STRUCTURE to pass the ROS operation to the sub-dissector, though this is also set by other dissectors (RTSE uses it in X.410 mode).
Note that X.400 P1 in X.410 mode doesn't use ROS, so it is useful not to explicitly include ROS in my X411 dissector. However, the inclusion of a ROS dissector won't effect any dissectors that currently implement their own ROS.
I also include dissectors for:
X.411 (P1) X.400 OSI Message Transfer Service
X.420 (P22) X.400 OSI Information Object
STANAG 4406 (P772) STANAG 4406 Military Message Extensions (to P22)
These rely on the RTSE and ROS dissectors.
Withs some changes to remove various warnings and errors.
svn path=/trunk/; revision=15680
* I couldn't find any documentation on this protocol. Neither
* what it's good for nor what the elements do. This is purely
* reverse engineered by looking at the hex dump of the packets.
*
* TODO
* - Find out more about unknown fields
* - Currently only one type of packet is really handled at all
svn path=/trunk/; revision=15562
Collapsed the control and data protocols into dissector to cope with commands and data over the same TCP connection. I've also prettified things a bit and now decoded a few more command parameters.
svn path=/trunk/; revision=15001
files as not all make implementation work with this.
Found by running
grep '^ ' `find . -name "Makefile.am" -o -name "Makefile.common"`
Gerald: Maybe adding this to the buildbot would be a good idea after all.
svn path=/trunk/; revision=14904
new dissector for the AudioCodes trunk trace protocol.
This protocol is used to debug the trunk protocol in AudioCodes
gateways. It currently supports ISDN PRI and CAS (MFCR2, WinkStart,
etc...) trunk protocols. It also add these protocols in the "Voip Calls
Graph..."
svn path=/trunk/; revision=14790
Synergy is a cross platform software which enables to easily share a single mouse and keyboard between multiple computers with different operating systems, each with its own display, without special hardware. Its listed on sourceforge (http://synergy2.sourceforge.net/).
svn path=/trunk/; revision=14689
parameter to many functions inside the ISAKMP dissector, as well as to
the "isakmp_dissect_payloads()" routine it exports. Get rid of
"isakmp_set_version()", as the version can be passed to
"isakmp_dissect_payloads()" from the KINK dissector.
Put the declaration of "isakmp_dissect_payloads()" into a
"packet-isakmp.h" header, and have "packet-isakmp.c" and "packet-kink.h"
include it rather than declariing "isakmp_dissect_payloads()" itself -
or not doing so at all.
svn path=/trunk/; revision=14648
A CSM_ENCAPS dissector to use with ethereal.
The CSM_ENCAPS is a protocol used by MindSpeed to communicate with your products, and configure VoIP channels.
svn path=/trunk/; revision=14612
a patch which adds support for displaying jxta
conversations and endpoints from the 'Statistics' menu. Also adds :
- a generated field to Welcome messages to indicate whether this
welcome is from the initiator or the receiver. You can filter on this
field with 'jxta.welcome.initiator==[0|1]'
- Marks the source and destination fields of message added in the last
patch as generated fields. (Saw it being done for some other protocol).
- Cleans up dissection of Message which used to assume it would
dissected more than one set of hdr/message per tvbuff. Now it only
attempts to dissect one.
- Uses GMemChunk for tap info and for conversation data rather than
g_malloc() There's still a major leakage of g_malloc()ed the c-strings
which are used in jxta addresses. Any suggestions for how these can be
allocated such that they can be freed re-init is called would be
appreciated. For address objects whose data ptr doesn't point into a
tvbuff it's not clear what the lifecyle of an address object is.
- Fixes a bug with filling in the of the transport layer conversation
data. >= vs. >
svn path=/trunk/; revision=14558
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
Update conversation_new and find_conversation in plugin_api_list.c and
associated files.
Add packet-dcerpc-butc.h to the distribution.
svn path=/trunk/; revision=13288
can register an OUI, and PIDs for that OUI, in the same fashion that
they can do so for SNAP (after which the 802a OUI Extended Ethertype is
clearly modeled).
svn path=/trunk/; revision=12967
another part of the PROFINET dissectors (PN-CBA, including a lot of generic DCOM dissection) still some work to be done ...
svn path=/trunk/; revision=12776
Only one function is implemented so fat M-Get but it would be trivial to add all the missing ones once there are example captures.
svn path=/trunk/; revision=12521
check in packet-cip.h).
Also, add packet-cip.h to epan/dissectors/Makefile.common, so it gets
included in the release tarballs.
svn path=/trunk/; revision=12081
move CIP protocol to own dissector
clean up code and fix variable names
add more info to info column
fixed decoding of embedded messages in Unconnected send and
Multiple Service packets
add more info to path decoding
add more filter options/clean up
complete CIP vendor codes
svn path=/trunk/; revision=12070
- Support for more generic TLV's
- Support for two more SNAC families: email and sst
- Support for extended status (as used by iChat)
- Use correct TLV in SSI RightsInfo
- Dissect and handle FNAC flags field correctly
svn path=/trunk/; revision=12022
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
NTLMSSP-related than SMB-related, and documents about NTLMSSP talk about
it, so it's a little more convenient to keep all that stuff together -
and export it through a packet-ntlmssp.h header.
svn path=/trunk/; revision=11585
the distribution, as was the case in the past.
Arrange that RCS IDs be expanded, and that the EOL style be native, for
epan/dissectors/Makefile.{am,common,nmake}.
svn path=/trunk/; revision=11532
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410