From Anders Broman: parse security mechanism as specified in RFC 3329
Change-Id: I37300aa45740a11679149550943b3a1614ac8423
Reviewed-on: https://code.wireshark.org/review/138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
- packet-bencode.c had the wrong FSF address
- wslua_int64.c had the license as a footer instead of a header
Change-Id: I71204b36a1034af72874d6fe87929c31c9ff03df
Reviewed-on: https://code.wireshark.org/review/123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
There is no public spec, based only on analyze of packet
It is more easy to found the address IP of Intant AP
Change-Id: I3baf205c5e4ad699b954f4a9fbf4b9e65f82cb36
Reviewed-on: https://code.wireshark.org/review/121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Specification: "If the TxAdd or RxAdd fields are not
defined as used in a given PDU then they shall be considered
Reserved for Future Use."
Change-Id: I767c0df0366afe789624046cda2d49c9875ffe60
Reviewed-on: https://code.wireshark.org/review/103
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Linux USB Header should be in Host Endian.
Also add ENC_HOST_ENDIAN to simplify code.
Change-Id: I95e7d97014633e8fc1d7739d0728780d70c60442
Reviewed-on: https://code.wireshark.org/review/15
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Apparently very recent gcc versions *do* complain about the cast from gint to
enum, despite the comment to the contrary.
Change-Id: I422df9950f1c7c46ca8ea37a0e3abd7aa8fc1c7d
Reviewed-on: https://code.wireshark.org/review/89
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed “GUID” to “CID” (Connection Identifier), as the original term carried common meaning and baggage that was not intended
Change-Id: I04986331aee33be237dab6963c0ff39accf507cd
Reviewed-on: https://code.wireshark.org/review/81
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When the GUID (CID or Connection Identifier in a more recent spec) field in Public Flags is 0, a zero-length item would be added.
This trivial patch prevents a dissector exception by checking the length first.
Change-Id: Idf6d970bc1b0b3f1a8e47618a8759f6a0cd54c65
Reviewed-on: https://code.wireshark.org/review/78
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
messages on the Data Display Channel (DDC)
this dissector is available as an option for I2C messages
it handles EDID messages (Extended Display Identification Data)
and passes HDCP messages on to the HDCP dissector
Change-Id: Ia8d8e73c36e2a1ad560b911dd4c1c9f34997b5c2
Reviewed-on: https://code.wireshark.org/review/63
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Try to dissect even it the size is not as expected.
Windows doesn't use alignment for smb-direct.
Change-Id: I66c465d331aaab5caf28385a6dd3a43b63af2208
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/56
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Change-Id: Ie1b684327a77c265188d916c1242d335c55aa8cb
Reviewed-on: https://code.wireshark.org/review/65
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
add editor modelines
Change-Id: I5433e0d41a30043264a0f60c2166de471c80745c
Reviewed-on: https://code.wireshark.org/review/64
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
This is wrong it breaks all sort of things. The "Volume label field"
is a special case, which can be fixed by using nopad=TRUE.
Change-Id: I3cd3f30ff0076d5e31a735391b175fd68e5fa142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/26
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
* Update to the last IANA icmpv6-parameters (2014-01-30)
* Update to final draft (for RFC 6743 and RFC 6775)
* Add RFC 7112 (Implications of Oversized IPv6 Header Chains) support (Add new Parameter Problem code)
* Fix a encoding arg
Change-Id: I90f65dfc54e5c0aff21a0e7ec2c937304aced02d
Reviewed-on: https://code.wireshark.org/review/62
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
- SNMT messages where presented in a way, where the value of the
field was not pointing to the correct bytes where it came from
- Sender / Receiver where renamed to be better understandable
- SN send to (Receiver) now comes first as it does in the byte
stream
Change-Id: I364cb248bed9489c0cf9c7bf9fbd37b0225dbd78
(Found by checkhf).
Note: There's quite a large amount of hf[] entries which are
commented out. I wonder if there are "top-level" entries
missing from the "parse-tree" arrays ?
svn path=/trunk/; revision=54990
to add missing BASE_RANGE_STRING and to use RVALS instead of VALS.
Fixes crashes in 'tshark -G values' and presumably also fixes
crashes when used in a dissection.
Introduced in SVN #54449.
(I suspect that ' convert_proto_tree_add_text.pl' may need some work
to handle range_strings).
svn path=/trunk/; revision=54984
an hf[] entry but defined as a 'value_string' intead of
as a 'val64_string'.
Caused 'tshark -G values' to crash
(and presumably would also cause a crash when the value-string
is referenced in a dissection):
Introduced in svn #54728
(Note: There's still another 'tshark -G values' crash to to found & fixed)
svn path=/trunk/; revision=54983
restore usage in cms and pkcs12. They never got a valid value in
actx->external.direct_reference because they use another actx in this case.
This will add back the global variable in x509af, but this is needed
until we manage to pass the value in another way.
See comments in bug 9573.
svn path=/trunk/; revision=54975
much as possible" rather than dissecting nothing if the length of a
set of fields (e.g., a "command") seems wrong or if an exception
occurs fetching data before previous fields have been displayed.
In general: just fetch/dissect from start to end: If there is missing
data, a Wireshark exception will eventually occur;
Add lwm subtrees under the lwm protocol tree (*not* as protocols
under the top (outermost) tree.
Fix a bug which caused an exception to be reported as:
"[Packet size limited during capture: LwMesh truncated]"
rather than as the correct: "[Malformed...]"
col_...() and expert...() functions shouldn't be called under 'if(tree)';
Register the heuristic dissector using "IEEE802154_PROTOABBREV_WPAN"
(like certain other dissectors) rather than using "wpan";
missmatch --> mismatch
Fix some long lines.
svn path=/trunk/; revision=54949
offset in the tvbuff of the beginning of the packet to it. Otherwise,
it will never be zero, and the tests will always think the field pointed
to by the offset is present.
svn path=/trunk/; revision=54938
in section 6.1 "Registration.Request Primitive":
The Pool Handle parameter contains a NULL terminated ASCII
string of fixed length.
svn path=/trunk/; revision=54925
tvb_get_string(). (Some versions of the spec speak of ISO 8859-15
strings as well as UTF-8 strings, but we don't appear to try to handle
those.)
Update spec URL.
svn path=/trunk/; revision=54910
be misreading Q.2630.3, as it seems to indicate that the addresses are
BCD, not ASCII, speaking as it does of "hexadecimal digit[s] of
address[es]".
svn path=/trunk/; revision=54909
http://web.archive.org/web/20080308233204/http://dev.aol.com/aim/oscar/#SNAC
"In general strings are not NULL terminated and are encoded using UTF8."
It also says
Authentication
Over the years, the AIM backend has supported several different
methods for authentication. ...
When a client collects the loginId and password for the user it
should not normalize them in any manner. It also should not
prevent the user from entering certain characters as the AIM
name space is constantly changing. For example, currently the
AIM name space is ASCII based, but in the future that may
change. In general, the client should not perform input
checking and instead allow the backend to reject bad values.
which also suggests not assuming ASCII.
So use ENC_UTF_8 in most cases.
For actual messages, it says:
An IM can be encoded in the following different forms:
Name Value Notes
ASCII 0 ANSI ASCII -- ISO 646
UNICODE 2 ISO 10646.USC-2 Unicode
LATIN_1 3 ISO 8859-1
so, if that's the case, the dissector should choose beween
ENC_ASCII|ENC_NA, ENC_UCS_2|ENC_appropriate_ENDIAN, and
ENC_ISO_8859_1|ENC_NA.
Use tvb_get_string_enc() with an encoding rather than tvb_get_string().
svn path=/trunk/; revision=54908
XXX - if we supported various MacXXX character encodings, we could use
those; that might require a preference to specify the encoding.
svn path=/trunk/; revision=54906
v1.1: Personal Information Exchange Syntax:
http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
"When password integrity mode is used to protect a PFX PDU, a password
and salt are used to derive a MAC key. As with password privacy mode,
the password is a Unicode string, and the salt is a byte string."
So, not having found any other references to salts as text strings, copy
it with tvb_memdup(), not tvb_get_string().
svn path=/trunk/; revision=54893
as a string if every byte in it is a printable ASCII character, it's
ASCII. Use tvb_get_string_enc() with an appropriate encoding.
svn path=/trunk/; revision=54889
better.
We don't need eventlog_get_unicode_string_length() in the eventlog
dissector, either - tvb_unicode_strsize() does the job just as well.
svn path=/trunk/; revision=54874
- "Once-only" test not needed in proto_reg_handoff..();
- Set COL_PROTOCOL, clear COL_INFO at the begining of the dissector
before fetching data from the tvb;
- Use tvb_reported_length;
- Use col_set_str/col_append_str where appropriate;
- Zigbee --> lwm;
- Fix typo;
- Reformat some whitespace for consistency.
ToDo:
- Review use of col_...() and expert...() under 'if (tree)';
- Review use of col_clear(..., COL_INFO) after text already added to COL_INFO;
- Review certain tvb fetches to ensure no fetches using a negative offset;
svn path=/trunk/; revision=54871
New Dissector For Lightweight Mesh protocol
A dissector for ATMEL Lightweight Mesh protocol (lwm).
The protocol is carried on the top of 802.15.4 frame.
From me:
* Add Modelines info
* Fix indent (use 4 spaces)
* Remove trailing whitespace
svn path=/trunk/; revision=54856
