- add lookup for "unknown" channel type dissector (mode is known)
- set length extent for SUFI root item
- show data frames in the info column (at least for AM...)
DCT:
- call RLCDCH with "unknown" channel type (as don't know whether IP or RRC)
- support R9
svn path=/trunk/; revision=39846
* Remove struct and sizeof
* Replace proto_tree_add_* by proto_tree_add_item
* Replace CPHA function (report2str, opcode2str...) by standard Wireshark functions
* and minor bug fix
svn path=/trunk/; revision=39844
packet-reload.c:2875:13: warning: Although the value stored to
'local_offset' is used in the enclosing expression, the value is
never actually read from 'local_offset'
although as I read the C90 spec the code is doing pretty much what it
should be doing and the rewritten code does the same thing. However,
it's also a bit more complicated and harder to read than the rewritten
code.
svn path=/trunk/; revision=39840
we can't bail out early on dissection merely because we're not
constructing the protocol tree, as that would mean we wouldn't construct
the Info column unless we're constructing a protocol tree.
Clean up indentation.
svn path=/trunk/; revision=39821
it into a gint, instead. This should fix bug 6572, by preventing an
infinite loop if the sum in question is 0 modulo 2^16.
svn path=/trunk/; revision=39817
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
(in some cases by changing proto_tree_add_item() to use
what appears to be the correct 'tree' arg);
Do whitespace cleanup.
svn path=/trunk/; revision=39772
packet-ajp13 fails to detect end of request body
AJP13 may use two different packets to signify end of request body;
either zero length packet, or packet with zero length content. The ajp13
dissector already recognizes the former; this patch adds support for the
latter.
svn path=/trunk/; revision=39752
Dissector for the USB Integrated Circuit Card Interface Device Class (CCID)
I've implemented a reasonable subset of a dissector for the USB CCID specification (as described at http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf), during the course of experimenting with an ACS ACR122U ISO 14443 card reader and MiFare tokens.
It currently identifies all of the message types listed in that specification,ng.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines
* Fix Checkhf (Remove a unused entry)
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
svn path=/trunk/; revision=39750
NULL out blurbs that just give the field name.
This is C code, so it shouldn't be executable; get rid of
svn:executable.
svn path=/trunk/; revision=39747
Dissector for the NXP MiFare Protocol
I've just finished writing a dissector for the NXP-proprietary MiFare Protocol, as used alongside ISO 14443-A by a popular range of contactless (not-so-smart) cards, and various emulations, variants and clones thereof.
It currently supports all of the commands listed in http://www.nxp.com/documents/data_sheet/MF1S703x.pdf that also happen to be supported by LibNFC (http://code.google.com/p/libnfc/) - modulo the "NAK" and CRC bytes, since I haven't found examples of their usage in my USB traces, and I didn't want to hand-craft (probably incorrect) examples for testing.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines;
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
* Add Modelines information
svn path=/trunk/; revision=39746
Set the protocol column (perhaps there should be separate names for the
DPNSS layer 2 and layer 3 protocols).
The DPNSS layer 2 protocol appears to be Yet Another HDLC Derivative;
put in a comment noting that we might want to use the xDLC control field
dissector code.
svn path=/trunk/; revision=39738
Many enhancements, and some fixes, to the Spice dissector:
- SASL authentication support
- indention, tab fixes
- LZ image dissection (fixing at least one TODO item)
- dissect Spice client agent data
- fix some proto_tree_add_item() offsets
- probably some more that I forgot.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6535#attach_7355
svn path=/trunk/; revision=39710
byte-swapped form - i.e., not network byte order, but the reverse of
network byte order - as, a long time ago, somebody asked to have the
"little_endian" flag affect the way proto_tree_add_item() fetched IPv4
addresses from the packet.
Use ENC_BIG_ENDIAN for IPv4 addresses (ENC_NA and ENC_BIG_ENDIAN have
the same value, but this makes it clearer that we, sadly, need to care).
svn path=/trunk/; revision=39708
- Renaming opensafety.msg.type to opensafety.msg.direction
- Introducing real opensafety.msg.type as opensafety.msg.category and generated
field
- Adding openSAFETY Sender and Receiver field, for all types of messages
- Adding openSAFETY Domain number and Node number as generated fields, which
allows filtering for them
- Rework PACKET_RECEIVED_BY and PACKET_SEND_FROM_TO_ALL to PACKET_RECEIVER and
PACKET_SENDER
- Replaced PACKET_SEND_FROM_TO with calls to PACKET_RECEIVER and PACKET_SENDER
- Added functions, so that the new sender and receiver fields as well as
network information are added as sub-trees
- Removed DISSECTOR_ASSERT in opensafety_get_scm_udid as it is not needed here
anymore
- Added the connection valid bit to the dissection tree ( has been there as
message type, but was never validated )
- Added calculations for Domain Network Addr, depending if a valid UDID for the
SCM is present in SSDO and SPDO
- Corrected error, where sub-tree for spdo dissection used global ssdo_tree
instead of spdo_tree
- Added "Message Type unknown" which leads to PI_MALFORMED marked entry in
dissect_opensafety_message
- Added check for ( length - frameOffset ) is below or equal zero, to avoid
using dissector asserts
- Added check for freak frame start detection, where both frame starts would be
equal (could happen during fuzztest)
- Removed DISSECTOR_ASSERT for both frame starts being different
- Added check, that if the frame address is above 1024, the package get's
marked as PI_MALFORMED (fuzztest)
- Fixed CID 1215, CID 1224 and CID 1246/1247
- Corrected naming issue with openSAFETY/SercosIII dissection using UDP
transport
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6528
svn path=/trunk/; revision=39701
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
Enhance Universal Alcatel Protocol
Several fixes and heuristic version. You can also specify the ports (as in the previous version), if the heuristic version is not working properly.
svn path=/trunk/; revision=39691
Wireshark unable to parse ERSPAN from HP Comware platforms
Huawei GRE ERSPAN is not decoded properly
Add a pref to FORCE to decode directly Ethernet frame in GRE (with no ERSPAN Header)
svn path=/trunk/; revision=39687
Enhancement for the Component Status Protocol dissector
The attached patch adds a dissection of the message flags field to the Component Status Protocol dissector.
svn path=/trunk/; revision=39686
packet-bacapp.c:6154: error: stray '\250' in program
packet-bacapp.c:7137: warning: cast to pointer from integer of different size
svn path=/trunk/; revision=39680
I found many new properties in BACnet that were not decoded correctly in
Wireshark. I have attached a patch that adds decoding to the following
properties:
Fixed the following properties to decode:
In the Accumulator Object:
scale (187)
prescale (185)
logging-record (184)
In Access Door Object:
door-members (228)
masked-alarm-values (234)
In the Pulse Converter Object:
input-reference (181)
In the Group Object:
list-of-group-members (53)
In the Event Enrollment Object:
object-property-reference (78)
In the Command Object:
action (2)
In the Trend Log Multiple object:
log-buffer (131)
In the Event Log Object:
log-buffer (131)
In the Structured View object:
subordinate-list (211)
Added decoding for the following enumeration type properties:
Logging-type (197)
event-state (36)
reliability (103)
notify-type (208)
door-status (231)
lock-status (233)
secured-status (235)
maintenance-required (158)
program-state (92)
program-change (90)
reason-for-halt (100)
mode (160)
silenced (163)
operation-expected (161)
tracking-value (164)
file-access-method (41)
The above fixes also fixed the log-buffer decoding of the old trend log
recorded as Wireshark bug: #6458
I believe this patch also fixes bug: #6235. But the original bug did not
contain a capture file so I am not positive my capture represents the
originators issue.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6475
svn path=/trunk/; revision=39676
negative integers and integers up to MAXINT64. We still don't support
integers between MAXINT64 and MAXUINT64, which would be 9 bytes long.
svn path=/trunk/; revision=39673
Had to change some #defines in the header file (for UDP-framed/heuristic
dissector) - will need to update example sending program later on tonight.
svn path=/trunk/; revision=39656
BitTorrent DHT dissector for wireshark
From me :
* Fix encoding attribut for proto_tree_add_item (with fix-encodings-args script)
svn path=/trunk/; revision=39653
Don't set mr_mult_req_info->num_services until we're sure we've
initialized the full structure for that service. Otherwise if we
happen to throw an exception before initializing the whole
structure, we'll core someplace (like dissect_cip_generic_service_rsp())
which expects all num_services entries to be fully initialized.
svn path=/trunk/; revision=39626
a fix for the SPI the src and dst IP address strings needs fixing too.
I'll look into that tomorrow if no one beats me too it.
svn path=/trunk/; revision=39621
cc1: warnings being treated as errors
packet-cip.c: In function 'dissect_cip_generic_service_req':
packet-cip.c:3281: warning: format not a string literal and no format arguments
packet-cip.c: In function 'dissect_cip_generic_service_rsp':
packet-cip.c:3631: warning: format not a string literal and no format arguments
packet-cip.c: In function 'dissect_cip_data':
packet-cip.c:4881: warning: comparison between signed and unsigned
svn path=/trunk/; revision=39599
