packet-ajp13 fails to detect end of request body
AJP13 may use two different packets to signify end of request body;
either zero length packet, or packet with zero length content. The ajp13
dissector already recognizes the former; this patch adds support for the
latter.
svn path=/trunk/; revision=39752
Dissector for the USB Integrated Circuit Card Interface Device Class (CCID)
I've implemented a reasonable subset of a dissector for the USB CCID specification (as described at http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf), during the course of experimenting with an ACS ACR122U ISO 14443 card reader and MiFare tokens.
It currently identifies all of the message types listed in that specification,ng.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines
* Fix Checkhf (Remove a unused entry)
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
svn path=/trunk/; revision=39750
NULL out blurbs that just give the field name.
This is C code, so it shouldn't be executable; get rid of
svn:executable.
svn path=/trunk/; revision=39747
Dissector for the NXP MiFare Protocol
I've just finished writing a dissector for the NXP-proprietary MiFare Protocol, as used alongside ISO 14443-A by a popular range of contactless (not-so-smart) cards, and various emulations, variants and clones thereof.
It currently supports all of the commands listed in http://www.nxp.com/documents/data_sheet/MF1S703x.pdf that also happen to be supported by LibNFC (http://code.google.com/p/libnfc/) - modulo the "NAK" and CRC bytes, since I haven't found examples of their usage in my USB traces, and I didn't want to hand-craft (probably incorrect) examples for testing.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines;
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
* Add Modelines information
svn path=/trunk/; revision=39746
Set the protocol column (perhaps there should be separate names for the
DPNSS layer 2 and layer 3 protocols).
The DPNSS layer 2 protocol appears to be Yet Another HDLC Derivative;
put in a comment noting that we might want to use the xDLC control field
dissector code.
svn path=/trunk/; revision=39738
Many enhancements, and some fixes, to the Spice dissector:
- SASL authentication support
- indention, tab fixes
- LZ image dissection (fixing at least one TODO item)
- dissect Spice client agent data
- fix some proto_tree_add_item() offsets
- probably some more that I forgot.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6535#attach_7355
svn path=/trunk/; revision=39710
byte-swapped form - i.e., not network byte order, but the reverse of
network byte order - as, a long time ago, somebody asked to have the
"little_endian" flag affect the way proto_tree_add_item() fetched IPv4
addresses from the packet.
Use ENC_BIG_ENDIAN for IPv4 addresses (ENC_NA and ENC_BIG_ENDIAN have
the same value, but this makes it clearer that we, sadly, need to care).
svn path=/trunk/; revision=39708
- Renaming opensafety.msg.type to opensafety.msg.direction
- Introducing real opensafety.msg.type as opensafety.msg.category and generated
field
- Adding openSAFETY Sender and Receiver field, for all types of messages
- Adding openSAFETY Domain number and Node number as generated fields, which
allows filtering for them
- Rework PACKET_RECEIVED_BY and PACKET_SEND_FROM_TO_ALL to PACKET_RECEIVER and
PACKET_SENDER
- Replaced PACKET_SEND_FROM_TO with calls to PACKET_RECEIVER and PACKET_SENDER
- Added functions, so that the new sender and receiver fields as well as
network information are added as sub-trees
- Removed DISSECTOR_ASSERT in opensafety_get_scm_udid as it is not needed here
anymore
- Added the connection valid bit to the dissection tree ( has been there as
message type, but was never validated )
- Added calculations for Domain Network Addr, depending if a valid UDID for the
SCM is present in SSDO and SPDO
- Corrected error, where sub-tree for spdo dissection used global ssdo_tree
instead of spdo_tree
- Added "Message Type unknown" which leads to PI_MALFORMED marked entry in
dissect_opensafety_message
- Added check for ( length - frameOffset ) is below or equal zero, to avoid
using dissector asserts
- Added check for freak frame start detection, where both frame starts would be
equal (could happen during fuzztest)
- Removed DISSECTOR_ASSERT for both frame starts being different
- Added check, that if the frame address is above 1024, the package get's
marked as PI_MALFORMED (fuzztest)
- Fixed CID 1215, CID 1224 and CID 1246/1247
- Corrected naming issue with openSAFETY/SercosIII dissection using UDP
transport
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6528
svn path=/trunk/; revision=39701
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
Enhance Universal Alcatel Protocol
Several fixes and heuristic version. You can also specify the ports (as in the previous version), if the heuristic version is not working properly.
svn path=/trunk/; revision=39691
Wireshark unable to parse ERSPAN from HP Comware platforms
Huawei GRE ERSPAN is not decoded properly
Add a pref to FORCE to decode directly Ethernet frame in GRE (with no ERSPAN Header)
svn path=/trunk/; revision=39687
Enhancement for the Component Status Protocol dissector
The attached patch adds a dissection of the message flags field to the Component Status Protocol dissector.
svn path=/trunk/; revision=39686
packet-bacapp.c:6154: error: stray '\250' in program
packet-bacapp.c:7137: warning: cast to pointer from integer of different size
svn path=/trunk/; revision=39680
I found many new properties in BACnet that were not decoded correctly in
Wireshark. I have attached a patch that adds decoding to the following
properties:
Fixed the following properties to decode:
In the Accumulator Object:
scale (187)
prescale (185)
logging-record (184)
In Access Door Object:
door-members (228)
masked-alarm-values (234)
In the Pulse Converter Object:
input-reference (181)
In the Group Object:
list-of-group-members (53)
In the Event Enrollment Object:
object-property-reference (78)
In the Command Object:
action (2)
In the Trend Log Multiple object:
log-buffer (131)
In the Event Log Object:
log-buffer (131)
In the Structured View object:
subordinate-list (211)
Added decoding for the following enumeration type properties:
Logging-type (197)
event-state (36)
reliability (103)
notify-type (208)
door-status (231)
lock-status (233)
secured-status (235)
maintenance-required (158)
program-state (92)
program-change (90)
reason-for-halt (100)
mode (160)
silenced (163)
operation-expected (161)
tracking-value (164)
file-access-method (41)
The above fixes also fixed the log-buffer decoding of the old trend log
recorded as Wireshark bug: #6458
I believe this patch also fixes bug: #6235. But the original bug did not
contain a capture file so I am not positive my capture represents the
originators issue.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6475
svn path=/trunk/; revision=39676
negative integers and integers up to MAXINT64. We still don't support
integers between MAXINT64 and MAXUINT64, which would be 9 bytes long.
svn path=/trunk/; revision=39673
Had to change some #defines in the header file (for UDP-framed/heuristic
dissector) - will need to update example sending program later on tonight.
svn path=/trunk/; revision=39656
BitTorrent DHT dissector for wireshark
From me :
* Fix encoding attribut for proto_tree_add_item (with fix-encodings-args script)
svn path=/trunk/; revision=39653
Don't set mr_mult_req_info->num_services until we're sure we've
initialized the full structure for that service. Otherwise if we
happen to throw an exception before initializing the whole
structure, we'll core someplace (like dissect_cip_generic_service_rsp())
which expects all num_services entries to be fully initialized.
svn path=/trunk/; revision=39626
a fix for the SPI the src and dst IP address strings needs fixing too.
I'll look into that tomorrow if no one beats me too it.
svn path=/trunk/; revision=39621
cc1: warnings being treated as errors
packet-cip.c: In function 'dissect_cip_generic_service_req':
packet-cip.c:3281: warning: format not a string literal and no format arguments
packet-cip.c: In function 'dissect_cip_generic_service_rsp':
packet-cip.c:3631: warning: format not a string literal and no format arguments
packet-cip.c: In function 'dissect_cip_data':
packet-cip.c:4881: warning: comparison between signed and unsigned
svn path=/trunk/; revision=39599
The binary display and decimal values are corrupt in the case where they are
"stitched" together from words and octets: the complete words are extracted
ready for LSB padding, but when the final octet/word is added (also so
extracted), the data already present is shifted by a whole number of octets
(not allowing for the padding), and the value is then used by the binary and
decimal display functions as if it were MSB padded. This results in both a
corrupt bit pattern and wrong padding of the bit pattern in the display.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6473
svn path=/trunk/; revision=39553
I've updated the bgp dissector code to support the mcast-vpn nlri. These nlri's
are used to implement multicast vpn (mvpn) and are fully described in
draft-ietf-l3vpn-2547bis-mcast-bgp-08.txt (section 4).
svn path=/trunk/; revision=39549
Don't assume that the Called party number has digits: it may not, especially
in protocols like INAP.
Rearrange the (pre-existing) no-digits check when dissecting Calling addresses
so we don't pass the empty address to taps.
svn path=/trunk/; revision=39502
Add Binary JSON (BSON) decoding support to Mongo packet dissector
Implement BSON spec to correctly see BSON document type and not in Bytes format...
The specification for BSON can be found at http://bsonspec.org/
The decoding is not entirely complete, there are still potential enhancements to provide more information about a couple of data types, but it greatly enhances visibility into these packet types.
From me :
* Fix warning from fix-encoding-args.pl script.
svn path=/trunk/; revision=39499
interface scope is always 4 bytes. For that matter, nowhere does it
indicate that the scopes have any particular interpretation except as a
sequence of octets.
Get rid of the checks for a length of 4, and make ScopeSystem an
FT_BYTES. If, by *convention*, they're usually IPv4 or IPv6 addresses,
somebody can throw in code to display them as such if they happen to be
4 or 16 bytes, respectively. Leave ScopeInterface as an integer for
now, in case, by convention, they're interface indices, but still leave
the length check out.
Fixes bug 3954.
svn path=/trunk/; revision=39485
The current MySQL dissector ignored the execute parameters as metadata is
needed from previous packets to decode the fields. I added the necessary code
to store these in conn_data and developed dissector for all fields I could
reproduce on the network.
This also fixes a memory leak by moving the stmts structure (the pointer to
which is stored in se_allocated memory) into se_trees.
From me: use se_tree_create_non_persistent() so the entire tree is forgotten when
the se_ memory goes away. Also some reformatting.
svn path=/trunk/; revision=39483
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
New Protocol Submission for MVRP (Multiple VLAN Registration Protocol)
New dissector submission for Multiple VLAN Registration Protocol (MVRP) defined in 802.1ak Standard, section 11. MVRP is used to to dynamically create and update Dynamic VLAN Registration Entries.
From me :
* Fix error from fix-encodings-args script
* Add Modeline information
* Added packet-mrp-mvrp.c to CMakeLists.txt
svn path=/trunk/; revision=39477
is never used" because of the return -1 at the end of this if block.
Removed item_toc = assignment and fixed indentation.
svn path=/trunk/; revision=39469
The attached patch fixes a memory corruption of the ep_allocated buffer when
building the decoded bitmap.
From me: some reformatting.
svn path=/trunk/; revision=39464
Add the checksum info to the tree even when !tree so that the expert_info
summary... "icon"... in the lower-left corner is correct.
svn path=/trunk/; revision=39460
Several updates to the DCE/RPC dissector:
- changed the variable name "ndr64_uuid" to "uuid_ndr64" to make it similar the
the other UUID variable names. Minor changes to the UUID names.
- changes the UUID name for the 32bit NDR to describe that. In the DCE/RPC
standard this UUID is described as "Version 1.1 network data representation
protocol", but this is an unnecessarily long name and it's the only 32bit
version defined for DCE/RPC anyway. The new name "32bit NDR" is similar to the
changed name for the 64bit NDR.
- added an UUID for "bind time feature negotiation" found with Microsoft PDUs.
- added an UUID for "asynchonous MAPI". Of course this UUID/name should be
added to the MAPI dissector, but the MAPI dissector is generated C code from
Samba/OpenChange pidl sources. Eventually those might get updated. An
alternative would be to create a new file to specifically register UUIDs used
in the DCE/RPC context.
- when the g_hash_table_insert() function is used, I've removed the code to
lookup and remove the key, as g_hash_table_insert() is doing that internally
(or more precise, it is overwriting the old value).
- in the dissector function for Bind and BindAck, I now print all context items
into COL_INFO and not just the first one.
- added a new value for Bind results, used by Microsoft products. (The
"Negotiate ACK" is used with the "bind time feature negotiation" UUID)
svn path=/trunk/; revision=39455
The patch fixes a bug in the PCEP Objective Function (OF) object tree
visualization (it didn't recognize the object and showed it as "Unknown
object").
Also fixes a small bug.
From me: remove a couple of unnecessary includes.
svn path=/trunk/; revision=39454
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. Always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39428
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
The existing code adds all ajp13 header names to the protocol tree as
ajp13.hval; header values aren't added at all. The original intention
appears to have been to add header names as ajp13.hname and their values
as ajp13.hval. Even if implemented properly, this doesn't allow
filtering properly (unless there's some funky syntax I'm not aware of).
This patch uses dedicated header fields for those request/response
headers that are explicitly defined in AJP13 protocol. Undefined headers
names and their values are added as a single ajp13.additional_header in
easily matched "Header-Name: Value" string format.
svn path=/trunk/; revision=39417
AJP13 uses a string size of 0xFFFF to indicate a null string;
ajp13_get_nstring function would incorrectly return invalid data.
In disaply_req_body function, the content_length really is the length of
the data; there is no trailing null.
svn path=/trunk/; revision=39416
Add dissector for public protocol Flight Message Transfer Protocol (FMTP)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6433
- Modified and moved col_add_fstr outside of if(tree)
- call data dissector for data
- use ENC_BIG_ENDIAN
- minor cleanups
svn path=/trunk/; revision=39403