Need to add support for WAPI parameter set IE in management frames.
We already have WAI frames dissection support in place.
From me:
Small changes...
- Add links to WAPI specs
- Replace tabs by space
- Remove whitespaces
svn path=/trunk/; revision=48276
length.
While SPC-2 only has one byte for allocation length
Change this to treat allocation length as a 16 bit quantity starting one byte prior to the current single byte that wireshark dissects.
This makes it correct for SPC-3 and later and still works for SPC-2 since that first byte is reserverd, == must be 0, in SPC-2 and prior.
svn path=/trunk/; revision=48258
tipc: update link header according to spec
The bcastsequence gap have been removed, and the sequence field is now 13 bits.
svn path=/trunk/; revision=48238
(removed in r48218) which did nothing particularly useful. Also lets us remove
another debugging environment variable.
svn path=/trunk/; revision=48219
glib memory slices.
- We weren't doing anything with the emem slab that couldn't be done with glib
slices.
- Removes a fair bit of code as well as one debugging environment variable.
- Glib slices are much cache-friendlier and are multi-threading friendly (if
we ever go there).
- Allows glib to actually return slices to the OS on occasion. The emem slab
would hold onto its memory forever which resulted in a great deal of wasted
memory after closing a large file.
svn path=/trunk/; revision=48218
Added functionality:
- SMB2 support for Export->Objects->SMB
- support for SMB_COM_CREATE, SMB_COM_OPEN, SMB_COM_READ and SMB_COM_WRITE commands
- Ability to choose between File Id and full file name as identifier for file re-building. Implemented as an option under Edit->Preferences->Protocols->SMB and Edit->Preferences->Protocols->SMB2.
Other minor changes and fixes:
- Full filename in file
- Inclusion of IP of SMB server when treeid name (i.e. hostname) is not known
- UTF-8 filenames encoding before passing them to Export Object Window
- Re-written insert_chunk function of export_object_smb.c to make it easier to debug
- Fixed of an error in insert_chunk function of export_object_smb.c (the verification of next free_chunk was always skipped after deleting one free_chunk).
- Removed duplicated code by inserting the function feed_eo_smb in packet-smb.c and packet-smb2.c
- Changed the label of Export->Objects->SMB menu into Export->Objects->SMB/SMB2
svn path=/trunk/; revision=48210
1. Convert more proto_tree_add_text to proto_tree_add_<something else>/expert_info. checkAPIs.pl is happy (for packet-rtps.c), but the raw number is a bit deceiving because of macros and wrappers.
2. Fixed the offending "uses snprintf + strlen to assemble strings" in packet-rtps.c. The exact same code is used in packet-rtps2.c, so just proper refactoring will fix it. There is still too much unnecessary use of g_snprintf/g_strlcpy/strlen, but that's for a later date.
3. Removed most of the "useless" wrapper functions. Again, the number of proto_tree_add_text is deceiving, so the number of hfs that really need to be created is much larger.
4. Whitespace cleanup. Removed a lot of whitespace so I could see more code on the screen, to help determine duplication between packet-rtps.c and packet-rtps2.c Comments/descriptions of fields remain untouched.
The more I trim, the more I think this should all be in a single dissector file, which will be the goal of the next update. Trying to patch this in somewhat manageable chunks.
Also need to submit sample traces generated for (fuzz)testing.
svn path=/trunk/; revision=48206
adding the fields to the protocol tree as we fetch them, rather than
fetching a bunch of them up front. That way, if the packet was cut
short by a snapshot length, we'll dissect what we have.
Create the top-level tree item at the beginning, with an unknown length,
and set the length when we're done. If we're putting details into that
item, update the item as we process each field; also update the Info
column as we process each field.
Don't use tvb_bytes_exist() to do our own tvbuff bounds-checking; let
the tvbuffs themselves do that. Do not use it to do header-length
checking; check the actual header length value instead.
Do not fail if the *captured* data in the tvbuff is too short; we're
selected by an IP protocol number, which we can expect to definitively
identify us, not by a transport-layer port number, which is often an
unreliable identifier.
Do header length checks as we go along, and bail as soon as we identify
the header length as wrong. (We do the first check once we get the X
bit, so we know whether the generic header is 12 or 16 bytes long.)
Treat a too-*large* header as a protocol violation, not a malformed
packet indication.
Use tvb_get_ntoh24() and tvb_get_ntoh48() to fetch the sequence number,
rather than fetching it in pieces and putting them together ourselves.
Correctly pluralize "byte".
Don't use tvb_length_remaining() to check whether we have a payload, use
tvb_reported_length_remaining(), so we base it on whether the packet
actually had the data, not on whether we actually captured it.
svn path=/trunk/; revision=48201
If we don't decode a tag, just say "Undecoded" on the top-level item;
the tag name or number is already on that item, and the length is
underneath it.
svn path=/trunk/; revision=48180
No, ReportedBoundsError is not the right thing to throw, ReassemblyError is.
That's why I added it in the first place!
svn path=/trunk/; revision=48123
reject packets that don't look enough like GTP/GTP' packets. This fixes
bug 1706, and fixes some other cases where non-GTP/GTP' packets are
being dissected as GTP/GTP'.
svn path=/trunk/; revision=48118
packet-bssgp.c: In function 'de_bssgp_unconfim_send_state_var':
packet-bssgp.c:3318:13: error: variable 'state_var' set but not used [-Werror=unused-but-set-variable]
svn path=/trunk/; revision=48095
Fix indentation.
Fix a proto_tree_add_uint_format_value() call not to include the name of
the field - proto_tree_add_uint_format_value() will add that for you.
Have dte_address_util() take the offset of the address as an argument;
it's not always at the same offset from the beginning of the facility.
Have it return the pointer to the generated string directly, rather than
through a pointer argument.
Create only one subtree for each facility, and give it a text description
of the facility code rather than the numerical value of the facility
code. Make the top-level item for the facility cover all the bytes of
the facility, including code, length if present, and parameters.
Dissect the end-to-end transit delay and priorities facilities
completely. Also, fix an incorrect use of "transmit delay" to say
"transit delay".
Get rid of the last of the spaces preceding colons in "Field: value"
descriptions and in a "default:" case label.
Do the data vs. non-data packet thing ith
if (PACKET_IS_DATA(pkt_type)) {
...
} else {
...
}
rather than, in effect, doing the "else" with a break; that makes the
code a bit clearer.
Put the logical channel number into the protocol tree in common code for
the default case, rather than doing it separately for data and non-data
packets. Clean up the dissection of non-data packets to add entries
before updating the columns, so that we don't throw an exception
updating the columns before we get to add items that wouldn't throw
exceptions. Clear the Info column early in the dissection, in case we
throw an exception before getting to set it and thus leave behind the
column information for the protocol atop which we're running.
svn path=/trunk/; revision=48093
1. Cleanup COL_INFO processing
2. Add expert_info for "octet_to_next_header" ranges
3. Check "RTPS" all at once
4. Remove some unnecessary function declaration.
Next is probably consolidating packet-rtps.c and packet-rtps2.c as there seems to be a lot of duplicative functionality.
svn path=/trunk/; revision=48082
hf_gtp_next.
Don't do "dummy" dissection of extension headers that we don't actually
dissect - we label them by next extension header type, and dissect them
in the default case, which should suffice (until somebody adds
dissection for those types).
svn path=/trunk/; revision=48075
Extend RTP dissector with ED-137 extension
From me: Don't try to dissect a non-existent payload (see comment #9
on the bug).
svn path=/trunk/; revision=48069
Give URLs for the 3gpp.org pages for all those specs.
Add #defines for all the GTP v1 extension header types we handle.
"gtp_prime" is a Boolean; make it a gboolean.
Dissect the first 4 octets of the header one field at a time, so that if
the packet is cut short by a snapshot length we at least dissect what's
there.
32.295 isn't entirely clear on what the 20-byte header for GTP' v0 is;
assume it's the same as the header for GTP v0.
Once we've fetched the length field from the fixed-length portion of the
header, set the length of the tvbuff to the sum of the offset past the
fixed-length portion and the length field, to catch running past that
value.
Use GTP_E_MASK|GTP_S_MASK|GTP_PN_MASK as the mask for testing for the
presence of those fields, to make it a bit clearer what's being checked
for.
Don't actually add those fields to the protocol tree unless the flag for
the field is set.
We only need one chunk of code to handle extension headers.
Make that chunk a loop, and put the header in as an FT_NONE item, with
the length, header data, and next header under it. Put the initial next
header field in as well. (We treat this like IPv6 extension headers,
with the next header field being part of the previous header, rather
than like a set of TLVs, with the next header field being the type value
of its header.)
Fail if the extension header length is zero.
Use the reported length when processing IEs or T-PDU payload.
svn path=/trunk/; revision=48068
In the array of WME AC names, the name for tid 3 is wrongly named as "Video" it should be "Best Effort" instead.
#BACKPORT(1.8,1.6)
svn path=/trunk/; revision=48062
(Only display the value in decimal don't yet display the Average Access Delay , See 8.4.2.41 BSS Average Access Delay element )
svn path=/trunk/; revision=48057
This patch adds a new public API, proto_tree_add_bitmask_len(), identical to
proto_tree_add_bitmask() but using a caller-supplied length rather than an
inferred one. The underlying proto_item_add_bitmask_tree() code is modified
to display only fields for which all defined bits are available, and to
ignore bits that have no corresponding defined field ("forward compatibility"
cases).
From me: minor edits, see the bug for more details.
svn path=/trunk/; revision=48049
human-friendly version of the value followed by the raw value, is to put
the human-friendly name first, with the raw value after it in
parentheses. Follow that convention for the command code.
svn path=/trunk/; revision=48029
representation for you; the format string should not include the field
name.
Add protocol items to the SliMP3 tree, not to the top-level tree.
If we're fetching a 16-bit value from the protocol tree and multiplying
it by 2, it won't necessarily fit in a guint16; make the variables used
for that guints.
The sequence field of the MP3 data ack packet isn't being fetched from
the packet, so just use proto_tree_add_item() for it (rather than using
a value fetched for a previous field).
Use %u to format unsigned values.
svn path=/trunk/; revision=48028
before the point at which it's added to the protocol tree.
Put the ATM channel in the ATM tree rather than the top-level tree.
Fix the name for the CPI field (copy-and-pasteo).
svn path=/trunk/; revision=48015
instead of using DISSECTOR_ASSERT. When a dissector passes bad data to the
reassembly machine, that isn't necessarily the dissector's fault - the data may
come straight from the packet, and the dissector may not have enough information
to know it's bad without telling the reassembly machine in the first place.
Also fix a bug in the reassembly machine. If it were given a fragment and all of
the following conditions were met:
- the other associated fragments were already marked as done (reassembled)
- the fragment went beyond the end of the conceptual reassembled buffer
- the dissector had not set the PARTIAL_REASSEMBLY flag
then the reassembly machine would incorrectly think there was an overlap and
run past the end of the already-reassembled buffer.
Should fix the rest of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
#BACKPORT
This is probably too big and intrusive to backport directly, and parts of it
will need adapting anyways since reassemble.c has changed. But the bug exists
and crashes in 1.6 and 1.8, so we'll have to do something.
svn path=/trunk/; revision=48011
1. Convert proto_tree_add_text to proto_tree_add_item/expert info
2. Change to "new style" dissector
3. Use standard malformed packet interface
Reviewed by Francesco Fondelli
svn path=/trunk/; revision=48009
Centralize logic related to per-interface conversations, and expose it for use
by class-specific dissectors.
Class-specific descriptor dissectors also need to know the interface in whose
context they are called to work.
This is a prerequisite for a USB Video Class dissector, which needs to decode
many class-specific descriptors.
svn path=/trunk/; revision=47990
New dissector for the honeypot-feeds protocol.
From me: Misc. tweaks to expert info layout and remove a few unneeded initializers.
svn path=/trunk/; revision=47962
commented-out/#if-ed-out "Data1" field, as it's the same field.
Give the flags in that field names including "flags".
Shuffle the fields around to put "Flags" (a/k/a Data1) where Data1 was,
and put the bits in that field after it.
Update the URL for the spec at IBM.
Reformat the entries in hf_netb[] to use the same style.
svn path=/trunk/; revision=47933
A detailed diagnostic information contains either a SMS-SUBMIT-REPORT or a SMS-DELIVERY-REPORT. Set P2P direction accordingly.
svn path=/trunk/; revision=47927
Martin Kaiser