FCoIB – Fibre Channel over InfiniBand. The protocol enables transmission of
Fibre Channel frames over InfiniBand networks. It is based on encapsulation of
Fibre Channel frames over InfiniBand UD transport. The discovery protocol is
based on the FIP protocol (not supported by this patch).
This patch adds an FCoIB dissector to Wireshark. It is based in large part on
the existing FCoE dissection code.
This code is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=35475
rules. (Is this the right fix? I had to remove a now meaningless
comparison of psm > 0x1000 (4096) since psm is now a guint8 not a guint16.)
svn path=/trunk/; revision=35463
20:15:19 Err Field 'Link-local Address' (pmip6.lila_lla) is an FT_IPv6
but is being displayed as BASE_HEX instead of BASE_NONE
svn path=/trunk/; revision=35439
packet-mip6.c:801: warning: 'hf_pmip6_opt_ipack' defined but not used
packet-mip6.c:802: warning: 'hf_pmip6_opt_ipack_res' defined but not used
svn path=/trunk/; revision=35438
packet-gtpv2.c:2648: warning: return type defaults to 'int'
packet-gtpv2.c: In function 'dissect_udp_s_port_nr':
packet-gtpv2.c:2690: warning: unused parameter 'length'
packet-gtpv2.c: In function 'dissect_gtpv2_fq_csid':
packet-gtpv2.c:2845: warning: unused parameter 'length'
packet-gtpv2.c: In function 'dissect_gtpv2_emlpp_pri':
packet-gtpv2.c:2927: warning: implicit declaration of function 'be_emlpp_prio'
packet-gtpv2.c: At top level:
packet-gtpv2.c:3056: warning: initialization from incompatible pointer type
svn path=/trunk/; revision=35431
dissector-bug macros. If it's just that we're missing some packets, we
should handle that as best we can and, if there's stuff we can't do,
maybe put something into the protocol summary or tree saying "not enough
information". Don't just spit out a warning message which the user
might not even see.
svn path=/trunk/; revision=35426
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
abbreviation
** ERROR **: Field 'IPv4 Address' (gtpv2.ipv4_addr) is an FT_IPv4 but is being
displayed as BASE_DEC instead of BASE_NONE
svn path=/trunk/; revision=35420
just put the reply body, if any, into the protocol tree as a blob. The
protocol tree will note that it's an unknown status.
svn path=/trunk/; revision=35414
one of the macros to report that, or you have a problem with the packet,
in which case you should note that in the protocol tree, or you have
something you don't understand, in which case you should dissect
whatever of it you do understand and put something appropriate, if
possible, into the protocol tree for the rest.
(And, if the length isn't right, there's not much you can do about it -
you have to trust the length, and manage to fail somewhere else.)
svn path=/trunk/; revision=35408
field names and adding descriptions, changing the Domain GUID in the "LDAP
ping" response to a FT_GUID instead of FT_BYTES, etc.
svn path=/trunk/; revision=35407
In dissect_amqp_0_10_array() if the 'type' is unknown, don't loop (for
potentially a very long time) adding the same element over and over again
(since the type is unknown, we don't know how much to increase the offset so
an exception is never thrown).
svn path=/trunk/; revision=35406
in MSCLDAP packets per Microsoft's MS-ADTS specification, section 7.3.1.1,
revision 26 (11/19/2010). Also re-format code a bit.
svn path=/trunk/; revision=35403
in the tree of the service record broken out. For example,
"_ldap._tcp.domain.com" shows:
Service: ldap
Protocol: tcp
Name: domain.com
svn path=/trunk/; revision=35401
terminated strings (retrieved with tvb_get_ptr()), just use
tvb_get_ephemeral_string() and the standard strtoul{l} functions.
svn path=/trunk/; revision=35394
From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
causes (should have been in rev 35366).
When generating TVB subsets, limit the subset's backing and reported lengths to
the (captured) TVB length and the reported TVB length, respectively.
This allows us to dissect most of the packet in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
before asserting out.
It also yields similar better behavior when the capture is limited by a
snapshot length.
svn path=/trunk/; revision=35368
caused the numbering to no longer be lined up so the "SRV" record (#33) type
T_SRV was being given the description "EID" instead of "Service Location"
svn path=/trunk/; revision=35367
- "reported length" to be minimum of the entity's length (taken from the
packet) or the reported length of the TVB.
- "backing length" to be the minimum of the reported length (above) or the
(captured) length of the TVB.
This prevents tvb_new_subset() from generating an exception if the entity's
length (in the packet) is bogus (bigger than what's in the TVB) which allows
dissection to continue to a point where we can show the user what the problem
is.
When dissecting chunks, add an expert info if the item's length is bigger than
what was on the wire (the reported length). (The same could also be done for
parameters and error causes.)
This makes captures like that in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
easier to understand.
It also starts getting this dissector using the reported length instead of the
(captured) TVB length (there's more to be done with other tvb subsets).
svn path=/trunk/; revision=35366
in the segment and once to put them into the protocol tree, just do it
once. That also means we don't need to allocate an array for all the
reception claims, so we don't have to worry about the claim count (other
than making sure it's non-negative), and that we won't abort the
dissection until we run past the end of the packet.
(The rest of the dissector should be changed to work that way as well.)
svn path=/trunk/; revision=35356
A Patch to enchance the ICMPv6 Router Renumbering for IPv6 (RFC 2894) Dissector
- Make RR field filterable
- Add RR Result Message
- ...
svn path=/trunk/; revision=35355
Add support to EuroCableLabs at bootp opt 60 sub 23.
according to PKT-SP-PROV1.5-I04-090624, paragraph 10.23 Device MIB Support:
type 2 is indicating EuroCableLabs.
svn path=/trunk/; revision=35350
Fix one of the "Conditional jump or move depends on uninitialised value(s)"
errors from Valgrind: always initialize *val in get_sdp_type().
svn path=/trunk/; revision=35343
should've been done in the previous checkin).
Display the "request type" field in a Read Partition request correctly
(only the upper 2 bits matter, and they're an enumerated value).
svn path=/trunk/; revision=35336
which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and
potential code execution.
From me: ep_allocate our buffers.
svn path=/trunk/; revision=35318
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
embedding a version number. Use it.
"This will build and install the binaries and the manpage (pidl.1)."
refers to the process of installing Pidl; put it immediately after the
steps for installing Pidl.
svn path=/trunk/; revision=35305
an array of samr_RidWithAttributeArray structures. Don't equate it to
hf_samr_rid; that causes hf_samr_rid to be added as an item with a
length of -1, but, as hf_samr_rid is an FT_UINT32 field, that causes a
dissector bug error.
The version of Yapp I was using, at least, didn't like C++-style
comments in the IDL file; replace them with C-style comments.
svn path=/trunk/; revision=35304
Give more information about getting Yapp; not everybody using it is
necessarily using SUSE (and, yes, that's how it appears to be spelled
now, even though the "u" was for "und" and not originally capitalized).
svn path=/trunk/; revision=35303
buffer - the size of the latter can't be found with sizeof, as all you
have is a pointer to the buffer. sizeof (pointer) happened, by chance,
to give the right answer on ILP32 platforms, but gave a too-big answer
on LP64 and LLP64 platforms, which meant we overflowed the buffer when
clearing it.
svn path=/trunk/; revision=35297
/*
* Given a tvbuff, an offset into the tvbuff, and a length that starts
* at that offset (which may be -1 for "all the way to the end of the
* tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
* the low or high half byte, formating the digits according to an input digit set,
* if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
* A pointer to the EP allocated string will be returned.
* Note a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
*/
svn path=/trunk/; revision=35286
A patch to enchance the ICMPv6 dissector
- Update RFC Draft (draft-ietf-ipngwg-icmp-name-lookups-07/08) to Final RFC (RFC 4620)
- Make NI field filterable
- ....
svn path=/trunk/; revision=35283
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
make it possible to use element dissecton from this dissector
in other dissectors.
It is left in packet-nas_EPS.c as a comment for easier reference.
svn path=/trunk/; revision=35269
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
Fixes computing of milliseconds in CP56time2a and add "bitstring of 32 bits"
and "step position" support (ASDU types 5,7,32,33,47,51,60 and 64).
svn path=/trunk/; revision=35249
There are 2 parts to the CIGI protocol. 1) Host to IG messages and 2) IG to
Host messages. Currently, Host to IG messages are parsed correctly, but IG to
Host messages show Malformed Packet (or may not even detect as CIGI at all)
Some of the protocol format is different between versions. The "Minor Version"
is used by the dissector to separate the differences, but this field is in a
different location in the IG Control Packet (Host to IG message) vs the Start
of Frame Packet (IG to Host message).
Attached patch to correct this.
svn path=/trunk/; revision=35241
is what packet-smb.c uses) and add extra line breaks. Both changes are
for improved readbility of the frequent complex and cryptic loops.
svn path=/trunk/; revision=35238
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Add support for dissecting TDLS (IEEE 802.11z) frames.
These are mostly used as Action frames that are encapsulated in Data frames (to go through any AP).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5493
svn path=/trunk/; revision=35208
When I coded the decoding of the feature group indicator, I decided to do not display the feature group content when it is not supported. After further thinking I find it more useful to always display the features of a given indicator whether it is supported or not.
svn path=/trunk/; revision=35200
It seems that Hay Systems Limited (HSL) is using stream 0xDD to transport
human-readable debug messages from the BTS to the BSC.
svn path=/trunk/; revision=35196
As it seems, there are systems that use an IPA multiplex layer but don't use
it on the standard ports that ip.access is using them for the A-bis interface.
This patch adds a user-configurable preference for the TCP and UDP ports the
IPA dissector should work on.
svn path=/trunk/; revision=35195
Bug 5494 - FP-Hint: Display correct DCH-ID value
In FP-Hint, DCH-IDs are stored as a 5-bit value. While a 5-bit value can
hold values from 0..31, DCH-IDs in the NBAP, RNSAP and RRC protocols
have values from 1..32.
This patch adds 1 to the DCH-ID in FP-Hint in order to display the
correct DCH-ID value in the protcol tree.
svn path=/trunk/; revision=35190
header as the "Routing Domain" field as introduced in RFC 1388 [January 1993]
and obsoleted as of RFC 1723 [November 1994]. Defaults to FALSE.
svn path=/trunk/; revision=35187
- Initialize a few static global variables;
- Remove two unnecessary calls to g_hash_table_foreach_remove;
- Do whitespace cleanup and use consistent indentation;
- Fix a few typos and fix up several comments.
svn path=/trunk/; revision=35183
Enhancements to BACnet's bacapp dissector
Details:
1) Added the low and high instance parameters of the who-is command to the
summary view, if present.
2) Added dissecting of the property active-cov-subscriptions.
3) Added tag details to the decoded view of ProcessId.
4) Fixed the indent levels of the recipientProcess decoding.
5) Fixed the indent tree levels for ReadPropertyMultiple-ACK when decoding
error response.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5473
svn path=/trunk/; revision=35170
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
Various fixes for AgentX protocol decoding:
1/ Fixed the decode of get & getnext PDU to correctly iterate over range lists.
2/ Re-adjust PDU header highlighting to hightlight all 20 octets instead of
only the first 4.
3/ Altered the decode hierarchy so that PDU bodys are no longer a sub-component
of the PDU header, but is now at the same level as the header.
4/ Corrected the highlighted length of decoded OIDs.
5/ Added bitwise decoding of the PDU 'flag' octet.
From me:
- Remove unnecessary includes.
- Some indentation/white space cleanup.
- Remove (new) duplicate blurbs
svn path=/trunk/; revision=35141
bug #5466 with some minor whitespace modifications from me and a fix of an
invalid offset introduced with the patch. Fuzz testing still needs to be done.
I can't seem to get the fuzz tester to work with the capture files attached to
the bug report.
svn path=/trunk/; revision=35137
Comment in the code asked....
/*XXX: 2 bytes skipped ?? */
Here is what I have found.
The high byte (1) indicates the Classification Engine ID
The low bytes (3) indicate the application ID
Engine ID of 5 is NBAR Standard.
Engine ID of 6 is NBAR Custom.
Attached patch displays all 4 bytes (type and ID) in a readable way. Also
allows better filtering.
svn path=/trunk/; revision=35116
MongoDB dissector improperly decodes cursorID in OP_KILL_CURSORS command.
The size of the CursorID is 64 bits, while the code assumes they are 4 bits,
though correctly incrementing the pointer. Fix this typo.
svn path=/trunk/; revision=35103
The scsi_persresv_type_val field in packet-scsi.c contains a mapping of
persistent reservation opcodes to their descriptive types. The opcode for the
Exclusive Access - Registrants Only field is incorrectly set to 7, when the
correct opcode is 6 (as per SPC-2 onward). The attached patch corrects this
discrepancy.
The attached patch also adds support for dissecting opcodes 7 and 8, the two
all registrants reservation types present in SPC-3 onward.
svn path=/trunk/; revision=35099
The information which is used to determine which sub-dissector to use for the
various Data messages within an SCCP connection is only present within the
initial Connection Request, so even with connection tracking on, unless the
trace contains the Connection Request no sub-dissector is called. It is common
for traces to only contain a single carried protocol anyway - e.g. RANAP.
The supplied patch adds a user preference for a "default payload"
sub-dissector, which is called in preference to the Data dissector if nothing
else has claimed the packet first.
svn path=/trunk/; revision=35098
The packet-sccp.c has a bug in the declared valid ranges of the SSN and DPC
values in the user table used to match to a subdissector. The SSN range is 16
bits rather than 8 (not really an issue) but the DPC range is 16 bits rather
than 24 - so many traces cannot be matched by this table.
svn path=/trunk/; revision=35097
The attached patch against that dissector contains :
FIX:
- counting statistics over encrypted packages (line 610 ff)
NEW:
- tag sametime message type 0x0025 as known
MISC:
- better comment
- new line clean ups
svn path=/trunk/; revision=35077
I just found a small bug in LTE PDCP dissector with current top of tree.
If global preference global_pdcp_dissect_user_plane_as_ip is set to true, the dissector will try to decode an IP frame even with signalling plane.
PDCP-LTE
...0 0000 = Seq Num: 0
Signalling Data: 0800183aa808
MAC: 0x00000000 (0)
[Malformed Packet: IP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
With the attached patch, I get the correct output for both signalling and user plane PDUs.
svn path=/trunk/; revision=35076
This corrects the specific issue reported in Bug #3317
wherein the dissector decided there was a valid but unknown
header when dissecting a binary (non text) message with a ":"
as the last byte.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3317
Note that a larger issue remains: the IMF dissector
presumably shouldn't really even try to dissect a
binary payload (which is proably encrypted text).
svn path=/trunk/; revision=35017
I'd like to share my enhancements to the TDS dissector with everyone.
The list of improvements follows:
- nearly complete dissection of RPC calls,
- detection and dissection of the ALL_HEADERS rule,
- corrected some existing proto_tree fields to support filters,
- other minor fixes where the interpretation of data conflicted with the
official documentation from MS.
I tested the new code on a variety of different TDS captures with many diverse
RPC calls. The code compiles and works on 32-bit Linux, I didn't check those
changes on other platforms though.
From me:
- terminate all value_strings
- change ++*offset to *offset += 1 (I think that's more readable)
- replace all the dissector assertions which could be caused by malformed
packets with expert infos
- Don't throw ReportedBoundsError when the packets have unexpected data in
them, just report an expert info and continue on
svn path=/trunk/; revision=35007
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
For now, only enable it for logged PDCP frames, i.e. not for PDCP found inside RLC (that won't work properly until RLC re-assembly is implemented).
svn path=/trunk/; revision=35000
indicate that these fields are unused in this case and must be zero.
Furthermore, if the value is non-zero, add an expert info warning about it.
Fixes bug 3631.
svn path=/trunk/; revision=34998
text, etc. are "sane" before:
1) requesting enough bytes (from reassembly) to dissect them all
2) (and) attempting to add them all to the tree
Request all the bytes we'll need to dissect all those rectangles/sub-rectangles
before starting dissection rather than checking before dissecting each
rectangle/sub-rectangle.
Use tvb_get_ephemeral_string().
Use _U_ to mark unused arguments.
Fix up some indentation.
Get rid of one more DISSECTOR_ASSERT.
svn path=/trunk/; revision=34977
Several fixes that make Tight VNC negotiation properly parsed.
It was not parsed correctly previously, for multiple reasons.
svn path=/trunk/; revision=34976
Jaap Keuter