functions act like their non-tvb counterparts except that they take a tvb and
and offset instead of a pointer to a byte array.
This basically saves the dissectors from having to call tvb_get_ptr()--which in
this case eliminates a couple of typos in the length given to tvb_get_ptr().
svn path=/trunk/; revision=35549
return string is NULL terminated.
There's no need to pass the result of tvb_get_ptr() as the 'value' in
proto_tree_add_*(): just use proto_tree_add_item().
svn path=/trunk/; revision=35548
Use tvb_ip_to_str().
There's no need to pass the result of tvb_get_ptr() as the 'value' in
proto_tree_add_*(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s to ensure the
return string is NULL terminated.
svn path=/trunk/; revision=35547
Use tvb_ip_to_str() and tvb_ip6_to_str().
There's no need to pass the result of tvb_get_ptr() as the 'value' in
proto_tree_add_*(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s to ensure the
return string is NULL terminated.
svn path=/trunk/; revision=35546
There's no need to pass the result of tvb_get_ptr() as the 'value' in
proto_tree_add_*(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s to ensure the
return string is NULL terminated.
svn path=/trunk/; revision=35545
>Linking fails now:
>epan/.libs/libwireshark.so: undefined reference to `hf_bssgp_elem_id'
>epan/.libs/libwireshark.so: undefined reference to `bssgp_elem_fcn'
>epan/.libs/libwireshark.so: undefined reference to `ett_bssgp_elem'
>epan/.libs/libwireshark.so: undefined reference to >`bssgp_elem_strings'
>Did you miss packet-bssgp.c in that commit?
I'll try to clean this up in the next few days.
svn path=/trunk/; revision=35544
Additional function codes: Disable unsolicited messages, Open\Close\Delete file
Additional data objects: Analog output events, File objects and Octet string events.
Improved Info column display for reassembled fragments.
Changed all event timestamps to be UTC as per protocol spec.
svn path=/trunk/; revision=35533
bootp option 123 has 2 chooses - coordinate based location RFC 3825 or
CableLabs DSS_ID. Add better support for having 2 DSS_ID with dynamic
size (up to 32 byte each)
svn path=/trunk/; revision=35530
Replace ip6_to_str((tvb_get_ptr(...)) with tvb_ip6_to_str().
There's no need to pass the result of tvb_get_ptr() as the 'value' in
proto_tree_add_*(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s.
Replace some memcpy()+tvb_get_ptr() with tvb_memcpy().
svn path=/trunk/; revision=35529
This patch adds support for the following fields in Meta protocol:
- Deciphered
- Local Device ID,
- Remote Device ID,
- Tap Group ID,
- TLLI,
- Calling Station ID,
- Called Station ID
svn path=/trunk/; revision=35524
do the same as the non-tvb equivalents but take a TVB and an offset instead
of a pointer to an array of bytes.
Their purpose is to prevent (many) dissectors from doing:
ip_to_str(tvb_get_ptr(...)).
(About the names and the location: I like the names as they are but the names
imply that they should live in tvbuff.c. That would make some sense but
I didn't want to pull to_str.h into tvbuff.c...)
svn path=/trunk/; revision=35519
Improved the decoding of OID search ranges in AgentX dissector:
1/ OID highlighting on first OID of a range was too long.
The code incorrectly used the length of the printable string instead
of the length of the source data.
2/ Added bitwise dissection of the 'include' field of an OID decoding.
3/ Added corrected 'start/end' range information to SearchRange decoding to
discriminate between an 'end' indicator (old way) and the new way that
shows both an inclusive/exclusive indicator as well as a start/end range
indicator. (applicable to getnext/getbulk requests).
svn path=/trunk/; revision=35500
proto_tree_add_string(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s.
In a couple of places an hf variable was being used as the length in a call to
proto_tree_add_*(). Use the appropriate variable instead.
svn path=/trunk/; revision=35497
proto_tree_add_string(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s.
In a couple of places an hf variable was being used as the length in a call to
proto_tree_add_*(). Use the appropriate variable instead.
svn path=/trunk/; revision=35496
proto_tree_add_string(): just use proto_tree_add_item().
Replace some tvb_get_ptr()s with tvb_get_ephemeral_string()s.
In a couple of places an hf variable was being used as the length in a call to
proto_tree_add_*(). Use the appropriate variable instead.
svn path=/trunk/; revision=35495
pointer to a NULL-terminated string in the TVB. It is no safer than dissectors
which call tvb_get_strsize() and then tvb_get_ptr() but it makes it clear that
this usage of tvb_get_ptr() is safe.
This function is slightly more efficient than tvb_get_ephemeral_stringz()--but
only as long as we're not using composite TVBs.
svn path=/trunk/; revision=35493
fragment->len was left unitialized.)
Also (unrelated): save a couple of calls to tvb_reported_length() since the
value is already stored in a variable.
svn path=/trunk/; revision=35485
FCoIB – Fibre Channel over InfiniBand. The protocol enables transmission of
Fibre Channel frames over InfiniBand networks. It is based on encapsulation of
Fibre Channel frames over InfiniBand UD transport. The discovery protocol is
based on the FIP protocol (not supported by this patch).
This patch adds an FCoIB dissector to Wireshark. It is based in large part on
the existing FCoE dissection code.
This code is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=35475
rules. (Is this the right fix? I had to remove a now meaningless
comparison of psm > 0x1000 (4096) since psm is now a guint8 not a guint16.)
svn path=/trunk/; revision=35463
20:15:19 Err Field 'Link-local Address' (pmip6.lila_lla) is an FT_IPv6
but is being displayed as BASE_HEX instead of BASE_NONE
svn path=/trunk/; revision=35439
packet-mip6.c:801: warning: 'hf_pmip6_opt_ipack' defined but not used
packet-mip6.c:802: warning: 'hf_pmip6_opt_ipack_res' defined but not used
svn path=/trunk/; revision=35438
packet-gtpv2.c:2648: warning: return type defaults to 'int'
packet-gtpv2.c: In function 'dissect_udp_s_port_nr':
packet-gtpv2.c:2690: warning: unused parameter 'length'
packet-gtpv2.c: In function 'dissect_gtpv2_fq_csid':
packet-gtpv2.c:2845: warning: unused parameter 'length'
packet-gtpv2.c: In function 'dissect_gtpv2_emlpp_pri':
packet-gtpv2.c:2927: warning: implicit declaration of function 'be_emlpp_prio'
packet-gtpv2.c: At top level:
packet-gtpv2.c:3056: warning: initialization from incompatible pointer type
svn path=/trunk/; revision=35431
dissector-bug macros. If it's just that we're missing some packets, we
should handle that as best we can and, if there's stuff we can't do,
maybe put something into the protocol summary or tree saying "not enough
information". Don't just spit out a warning message which the user
might not even see.
svn path=/trunk/; revision=35426
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
abbreviation
** ERROR **: Field 'IPv4 Address' (gtpv2.ipv4_addr) is an FT_IPv4 but is being
displayed as BASE_DEC instead of BASE_NONE
svn path=/trunk/; revision=35420
just put the reply body, if any, into the protocol tree as a blob. The
protocol tree will note that it's an unknown status.
svn path=/trunk/; revision=35414
one of the macros to report that, or you have a problem with the packet,
in which case you should note that in the protocol tree, or you have
something you don't understand, in which case you should dissect
whatever of it you do understand and put something appropriate, if
possible, into the protocol tree for the rest.
(And, if the length isn't right, there's not much you can do about it -
you have to trust the length, and manage to fail somewhere else.)
svn path=/trunk/; revision=35408
field names and adding descriptions, changing the Domain GUID in the "LDAP
ping" response to a FT_GUID instead of FT_BYTES, etc.
svn path=/trunk/; revision=35407
In dissect_amqp_0_10_array() if the 'type' is unknown, don't loop (for
potentially a very long time) adding the same element over and over again
(since the type is unknown, we don't know how much to increase the offset so
an exception is never thrown).
svn path=/trunk/; revision=35406
in MSCLDAP packets per Microsoft's MS-ADTS specification, section 7.3.1.1,
revision 26 (11/19/2010). Also re-format code a bit.
svn path=/trunk/; revision=35403
in the tree of the service record broken out. For example,
"_ldap._tcp.domain.com" shows:
Service: ldap
Protocol: tcp
Name: domain.com
svn path=/trunk/; revision=35401
terminated strings (retrieved with tvb_get_ptr()), just use
tvb_get_ephemeral_string() and the standard strtoul{l} functions.
svn path=/trunk/; revision=35394
From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
causes (should have been in rev 35366).
When generating TVB subsets, limit the subset's backing and reported lengths to
the (captured) TVB length and the reported TVB length, respectively.
This allows us to dissect most of the packet in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
before asserting out.
It also yields similar better behavior when the capture is limited by a
snapshot length.
svn path=/trunk/; revision=35368
caused the numbering to no longer be lined up so the "SRV" record (#33) type
T_SRV was being given the description "EID" instead of "Service Location"
svn path=/trunk/; revision=35367
- "reported length" to be minimum of the entity's length (taken from the
packet) or the reported length of the TVB.
- "backing length" to be the minimum of the reported length (above) or the
(captured) length of the TVB.
This prevents tvb_new_subset() from generating an exception if the entity's
length (in the packet) is bogus (bigger than what's in the TVB) which allows
dissection to continue to a point where we can show the user what the problem
is.
When dissecting chunks, add an expert info if the item's length is bigger than
what was on the wire (the reported length). (The same could also be done for
parameters and error causes.)
This makes captures like that in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
easier to understand.
It also starts getting this dissector using the reported length instead of the
(captured) TVB length (there's more to be done with other tvb subsets).
svn path=/trunk/; revision=35366
in the segment and once to put them into the protocol tree, just do it
once. That also means we don't need to allocate an array for all the
reception claims, so we don't have to worry about the claim count (other
than making sure it's non-negative), and that we won't abort the
dissection until we run past the end of the packet.
(The rest of the dissector should be changed to work that way as well.)
svn path=/trunk/; revision=35356
A Patch to enchance the ICMPv6 Router Renumbering for IPv6 (RFC 2894) Dissector
- Make RR field filterable
- Add RR Result Message
- ...
svn path=/trunk/; revision=35355
Add support to EuroCableLabs at bootp opt 60 sub 23.
according to PKT-SP-PROV1.5-I04-090624, paragraph 10.23 Device MIB Support:
type 2 is indicating EuroCableLabs.
svn path=/trunk/; revision=35350
Fix one of the "Conditional jump or move depends on uninitialised value(s)"
errors from Valgrind: always initialize *val in get_sdp_type().
svn path=/trunk/; revision=35343
should've been done in the previous checkin).
Display the "request type" field in a Read Partition request correctly
(only the upper 2 bits matter, and they're an enumerated value).
svn path=/trunk/; revision=35336
which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and
potential code execution.
From me: ep_allocate our buffers.
svn path=/trunk/; revision=35318
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
embedding a version number. Use it.
"This will build and install the binaries and the manpage (pidl.1)."
refers to the process of installing Pidl; put it immediately after the
steps for installing Pidl.
svn path=/trunk/; revision=35305
an array of samr_RidWithAttributeArray structures. Don't equate it to
hf_samr_rid; that causes hf_samr_rid to be added as an item with a
length of -1, but, as hf_samr_rid is an FT_UINT32 field, that causes a
dissector bug error.
The version of Yapp I was using, at least, didn't like C++-style
comments in the IDL file; replace them with C-style comments.
svn path=/trunk/; revision=35304
Give more information about getting Yapp; not everybody using it is
necessarily using SUSE (and, yes, that's how it appears to be spelled
now, even though the "u" was for "und" and not originally capitalized).
svn path=/trunk/; revision=35303
buffer - the size of the latter can't be found with sizeof, as all you
have is a pointer to the buffer. sizeof (pointer) happened, by chance,
to give the right answer on ILP32 platforms, but gave a too-big answer
on LP64 and LLP64 platforms, which meant we overflowed the buffer when
clearing it.
svn path=/trunk/; revision=35297
/*
* Given a tvbuff, an offset into the tvbuff, and a length that starts
* at that offset (which may be -1 for "all the way to the end of the
* tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
* the low or high half byte, formating the digits according to an input digit set,
* if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
* A pointer to the EP allocated string will be returned.
* Note a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
*/
svn path=/trunk/; revision=35286
A patch to enchance the ICMPv6 dissector
- Update RFC Draft (draft-ietf-ipngwg-icmp-name-lookups-07/08) to Final RFC (RFC 4620)
- Make NI field filterable
- ....
svn path=/trunk/; revision=35283
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
make it possible to use element dissecton from this dissector
in other dissectors.
It is left in packet-nas_EPS.c as a comment for easier reference.
svn path=/trunk/; revision=35269
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
Fixes computing of milliseconds in CP56time2a and add "bitstring of 32 bits"
and "step position" support (ASDU types 5,7,32,33,47,51,60 and 64).
svn path=/trunk/; revision=35249
There are 2 parts to the CIGI protocol. 1) Host to IG messages and 2) IG to
Host messages. Currently, Host to IG messages are parsed correctly, but IG to
Host messages show Malformed Packet (or may not even detect as CIGI at all)
Some of the protocol format is different between versions. The "Minor Version"
is used by the dissector to separate the differences, but this field is in a
different location in the IG Control Packet (Host to IG message) vs the Start
of Frame Packet (IG to Host message).
Attached patch to correct this.
svn path=/trunk/; revision=35241
is what packet-smb.c uses) and add extra line breaks. Both changes are
for improved readbility of the frequent complex and cryptic loops.
svn path=/trunk/; revision=35238