the data source does not need to be allocated if (!tree).
Rev 30158 took the if (!tree) check out indicating that the check was invalid.
So: (since packet_add_new_data_source() now only calls add_new_data_source()),
remove packet_add_new_data_source().
svn path=/trunk/; revision=34717
Always pass a length of 1 to proto_tree_add_item() for the ctype (this fixes
the assertion). If the length indicated in the message is not 1, add an
expert info.
svn path=/trunk/; revision=34710
how much of the packet data it's consumed - but that means the dissector
handle for it must be created with new_create_dissector_handle().
svn path=/trunk/; revision=34707
IANA Enterprise ID as well as extended packet-asp decoding of authentication
and integrity payloads using the sample capture file attached to the bug.
Fuzz tested ~500 passes on that 3 packet capture file.
svn path=/trunk/; revision=34701
The rest of the code assumes that sip can be NULL, so don't assert when it's
not.
Also make fid_cmp() static since it's only used in this module.
svn path=/trunk/; revision=34663
As mentioned before, the heuristics used by packet-adwin-config were weak for
UDP packets. This patch creates a stronger heuristic by checking if one of the
MAC addresses in the UDP packets is in the range assigned to the manufacturer
of the devices that use this protocol (or if it is a broadcast).
That should be relatively safe to do because the protocol is rarely used in
routed networks.
svn path=/trunk/; revision=34654
You may not use g_int64_hash() or g_int64_equal(), as they are not present in the minimum version of GLib that we support. Create a ieee802154_long_addr structure for long addresses, create hash routines for those addresses, and use them.
Export and use those routines.
svn path=/trunk/; revision=34653
present in the minimum version of GLib that we support. Create a
ieee802154_long_addr structure for long addresses, create hash
routines for those addresses, and use them.
svn path=/trunk/; revision=34651
Attached patch:
1. Adds port 5985 as a HTTP traffic port (used by MS Powershell remoting over
HTTP)
2. Adds dissection of Kerberos authentication to HTTP.
svn path=/trunk/; revision=34641
The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
BACnet has a private transfer service which is vendor specific. The start of
each request and response contains the vendor identifier. I've added a way for
vendors to provide their own dissectors by registering their vendor identifier.
The packet-bacapp.c method fConfirmedPrivateTransfer has been modified to look
for a vendor specified dissector. If found it will be run. If not found we
default to running the standard dissection included in packet-bacapp.c.
I modified the summary column display for private transfer messages so that the
summary now displays the Vendor Identifier (V=xx) and the Service Number (SN=xx).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5250
From me: Rename sub-dissector tablle to "bacapp.vendor_identifier"
Change subdissector ui_name to "BACapp Vendor Identifier"
svn path=/trunk/; revision=34625
Find a patch who clean up PPP dissector
* Remove check_col (from my previous patch #5325)
* Remove the #define ppp_min (unused)
* Remove some unused ett_*
* Cleanup NO ARRAY entry (it is a false positive of checkhf tool, it is need {
(in the same line) before a hf_... in hf_register_info struct
* Cleanup Unused entry in VSNP Dissector ( it's really strange, there is no
check when the code was added #4434 ;) )
* minor bug fix...
From me: put one of the check_col()'s (that also protects a val_to_str() call)
back in.
Note: the checkhf tool bug was fixed in rev 34623.
svn path=/trunk/; revision=34624
The current PRP dissector in packet-prp.c does not correctly identify VLAN
tags. It uses the hard coded value 0x8000 to check the ethertype.
The attached patch (against current SVN trunk) changes this to use the
ETHERTYPE_VLAN define from epan/etypes.h and also fixes two misspellings in the
respective comments.
svn path=/trunk/; revision=34622
Update to use add the time as a filterable field and other cosmetic changes.
From me: exp2() seems to be C99 so #if the use of it out.
svn path=/trunk/; revision=34611
- Reindent source; cleanup whitespace;
- Remove many unneeded 'if(tree)' & similar (Tnx to Jeff Morriss for the suggestion);
- remove unneeded initializers;
- Reformat some long lines;
- Fix up some comments showing message layout;
- Localize two static global variables.
svn path=/trunk/; revision=34610
Add dissector for Tektronix Teklink Protocol, used by their Logic Analyzers.
May be useful for reverse engineering their Protocol.
svn path=/trunk/; revision=34609
RFC 4447 describes new TLV called Generalised PWid FEC in LDP messages with the
id 0x81. This is related to PsuedoWire setup and maintenance.
Related to this, following are the TLVs which are defined in RFC 4447 and RFC 4446.
1. PW Status TLV
2. PW Interface parameters
3. PW Group TLV
From me: remove some unused variables; Mark fcn arg as unused.
svn path=/trunk/; revision=34606
CableLabs has added additional TLV's to DHCP Option 60 Modem capabilities
reporting for their Docsis 2.0 devices. Additionally, in Docsis 3.0, they have
moved the capabilities portion of Option 60 (sub-option 5) to now reside in the
vendor specific Option 125 using their Enterprise number (4491).
svn path=/trunk/; revision=34605
It is a rework of PAP PPP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- add col_append_fstr to show information (Peer-ID, Password...)
svn path=/trunk/; revision=34604
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
The attached patch begins to add support for RPL to the ICMPv6 file. All
locations that RPL code have been added are marked with a comment allowing this
patch to be reverted at a future time if it is decided to e.g. move all the RPL
code to it's own dissector.
A few values await IANA assignment and are also clearly marked (in
packet-ipv6.h).
Only the 'metric' option is left unsupported, as it is primarily defined in
another I-D.
svn path=/trunk/; revision=34579
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
radiotap: new parser
The current parser has a number of bugs, most
importantly not being able to parse radiotap
files with multiple presence bitmaps. It is
also rather hard extend. Use a generic library
for parsing radiotap that can be extended very
easily.
From me:
Dumb down some initializers and add some casts to make Visual C++ happy.
svn path=/trunk/; revision=34515
- Allow direct access when a range of values begins with a value other than 0;
- Provide value_string_ext_new() for creating extended value strings at runtime;
- Do access to value_string_ext members via a macro (all but value_string.c);
- Update documentation.
svn path=/trunk/; revision=34514
The attached patch adds the missing decoded fields
by moving the proto_tree_add_item() call so that it
is no longer within an error handler and will be
called under normal circumstances (as well as error conditions.
From me: Apply the change to the ASN.1 source. Also some white space
indentation cleanup.
svn path=/trunk/; revision=34505
Hi a patch to enchance the PPTP Dissector
It is a rework of PPTP dissector
- Replace proto_tree_add_text by proto_tree_add_item
- Replace not standard table and function by standard value_string
- ....
The code is checked and fuzzed (more 200 pass) ! with personnal PPTP Sample and
PPTP Sample from pcapr.net
svn path=/trunk/; revision=34504
radiotap: re-indent
The current file has very strange mix of various
indentation sometimes using spaces and sometimes
using tabs which is rather hard to keep intact,
so reindent it completely.
svn path=/trunk/; revision=34503
Extern the extended value strings struct (not the value_string arrays themselves) so
any external use of these arrays is via the extended value string functions.
svn path=/trunk/; revision=34499
- define some vars & fcns as static;
- remove an unused var;
- use tfs_set_notset in tfs.c;
- slightly simplify reg_handoff.
svn path=/trunk/; revision=34462
This is necessary in case a subdissector had changed it but was unable to
restore it (due to the exception).
Remove check_col().
svn path=/trunk/; revision=34436