packet-daap requests registration on that port via http_dissector_add
and thus packet-http does not need to do a default registration on that port.
Also: fix a typo in a comment.
svn path=/trunk/; revision=29265
Here is a patch against SVN that implements preliminary support for USB HID
devices. At the moment it only dissects the initial set up packets (which you
will see if you hotplug a keyboard or mouse.)
The patch also fixes a minor bug in the USB dissector code which reported
certain packets as malformed due to miscounting bytes, and it reports control
packet data and padding data in a more user-friendly manner.
svn path=/trunk/; revision=29256
Part 1:
Rename packet-gsm_abis_ip.c to packet-gsm_ipa.c.
Part 2:
Rename to the content to match the filename.
Part 3:
Add GSM A/SCCP support to the packet-gsm_ipa.c dissector
Adjusted patch to take laforge's comment into account. Use guint16 for the
length and use the ntohs routine to convert the length.
svn path=/trunk/; revision=29254
Support for SPF RR (RFC 4408)
- this has the same format as TXT RR (see section 3.1.1) below.
Currently wireshark 1.2.1 shows this as Unknown type 99
svn path=/trunk/; revision=29253
the behavior of x = x++ is undefined by the ANSI C standard -
they obviously just meant x++;
get rid of unused variables.
svn path=/trunk/; revision=29248
The exception throwing code in except.c/h should be annotated with
"noreturn" to indicate that they never return. Running static analysis
on Wireshark without this annotation causes a lot of false positives
since these analyzers assume that the exception handling code are
ordinary functions that will eventually return.
svn path=/trunk/; revision=29246
- Fix an hf[] entry which had an invalid "strings" field which could cause a crash;
- Remove unneeded #includes;
- Make most functions & etc static;
- Remove declarations for functions never defined;
- Fix certain comments to refer to the correct function names;
- Change global variable to be local to proto_reg_handoff...
- ...
svn path=/trunk/; revision=29239
The Cert Authority hashes in the IKEv2 Cert Request are not dissected properly:
the display offset is not correctly moved on, so the same info is displayed for
all Cert Authority fields.
svn path=/trunk/; revision=29234
for EventTypes.
This addresses also bug 3552 with the until now unusued code.
The eventlog dissector is very incomplete.
While the protocol specification is available now, what is lacking is
example capture files to test with when implementing more of the IDL
definitions.
svn path=/trunk/; revision=29231
bitmap and not as a uint32
this addresses bug 3691 (that was already manually addressed by hand
in the generated dissector)
svn path=/trunk/; revision=29229
its own crypt-aes.
change the integer types to glib style integers
this may/will be helpful if/when we implement our own version of
kerberos
aes decryption of dcerpc since the existing libraries can not (yet)
handle when header signing is used.
we should implement our own decryption of this for cfx+aes just as we
did for classic+arcfour
svn path=/trunk/; revision=29228
verified that we did have enough data in the buffer/tvb, which could
lead to a SEGV.
(for example if we enable KRB5 decryption but we do NOT use TCP
reassembly, and the encrypted data goes beyong the end of the current
segment)
Change the signature to decrypt_krb5_data() to take a TVB instead of a
buffer+length.
Actually check that we do have the entire encrypted PDU before calling
out to the kerberos libraries.
svn path=/trunk/; revision=29213
Date: Mon, 27 Jul 2009 08:55:55 +0000 (+0200)
Subject: patch_ldap_260709
Add a few additional LDAP OIDs
and increase the maximum SASL blob size to be 1M instead of 256kb
svn path=/trunk/; revision=29210
1. Prevent tcpencap (ipsec-tcp) from incorrectly dissecting NDMP PDU fragments;
(Essentially: register NDMP as the dissector for the conversation);
Allows correct NDMP fragment reassembly whether or not the
TCP "Try heuristic sub-dissectors first" preference is enabled.
Fixes Bug #3755 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3755)
2. Use a registered init routine to init the fragment and reassembled tables
each time a complete capture dissection is (re)started.
Fixes a crash.
3. Don't register on TCP port 10000 since the tcpencap dissector needs to own this
port. (The NDMP dissector is a heuristic dissector).
4. Strengthen the heuristic checking slightly.
5. Other minor changes.
svn path=/trunk/; revision=29208
Change, that fix infinite loop for dissections of elements:
- Pulse notification
- Line Information
- PSTN FSM state
- Autonomous signalling sequence
- Sequence response
- Performance grading
- Rejection cp cause
Me prefix hf vars with hf_v52_
svn path=/trunk/; revision=29207
From Jakub Zawadzki:
This patch is cut&paste code from gtk/main_packet_list.c:packet_list_compare()
to new function frame_data_compare()
+ it make use of new function inside packet_list_compare() and
packet_list_compare_records()
svn path=/trunk/; revision=29165
This patch is cut&paste code from gtk/main_packet_list.c:packet_list_compare()
to new function frame_data_compare()
+ it make use of new function inside packet_list_compare() and
packet_list_compare_records()
svn path=/trunk/; revision=29164
I still get a compilation error...
packet-bacapp.c: In function `dissect_bacapp':
packet-bacapp.c:6350: warning: 'bacapp_invoke_id' might be used uninitialized in this function
... although I've followed the paths (including the setting of 'segment'), and it looks bogus to me.
svn path=/trunk/; revision=29154
data is available, not how big the packet really is.
Clean up white space.
Get rid of an unused parameter and two unused variables.
svn path=/trunk/; revision=29152
Added some new features to BACnet dissection:
- ListOfObjectPropertyReferences in scheduler
- RestartReason
- Properties for loop-object
- LogDeviceObjectProperty in trend-log object
- log-buffer entries in trend-log object
- reassemby of fragmented messages
- fallback changed if iconv-library is not here
Me: Moved includes from .h to .c as thats how we normaly do it.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3736
svn path=/trunk/; revision=29151
Fix regressions in r29130 and r29133
In r29130 formating for DSECS was changed. (old: %01d now: %02d)
In r29133 adding sign was removed (old: buf[0] = '-' now: buf[0] = '\0')
svn path=/trunk/; revision=29146
This patch optimizes proto_tree_prime_hfid() + friends and
plugs a memleak in the process.
From me:
Removed unused hfindex in proto_tree_new_item()
Fixed ref_count entry in struct header_field_info.
svn path=/trunk/; revision=29137
As for now, Wireshark supports only 96-bit (or 0-bit for NULL authentication)
integrity control values (ICVs) for IPsec ESP. While the autentication field is
of variable length, this may lead to situations where the whole packet is not
parsable.
To solve this, I added generic classes (not checked) for 128, 192 and 256 bit
ICVs to the ESP dissector. I also split the HMAC-SHA-256 autentication
algorithm to HMAC-SHA-256-128 (128 bit as defined in RFC 4868) and
HMAC-SHA-256-96 (from the very first draft, nevertheless unpatched Linux and
BSDs do it this way).
svn path=/trunk/; revision=29121
v5.2-User Adaptation Layer and V5.2 Interface.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3732
Me:
Removed check_col(), hf blurbs, removed global vars and regestering
SCTP port in packet-v52.c.
svn path=/trunk/; revision=29096
Patch with some improvements for packet ziop dissector following patch
about MIOP dissector submitted by Kovarththanan Rajaratnam.
From me:
Add a link to the protocol specification. Don't tvb_memcpy over
structs! Remove some more tvbuffs. Don't call proto_item_add_subtree if
we're not going to use the trees. Call proto_tree_add_item instead of
proto_tree_add_text Remove a bunch of unused ett_ variables and a few
other now-unused variables. Register the field array with the correct
length.
svn path=/trunk/; revision=29095
Chunks handled individually rather than as complete messages which have
the risk of being fragmented and unrecognizable.
Added FLV data type.
Allow simultaneous RTMP streams to be handled independently.
svn path=/trunk/; revision=29069
This patch optimizes the data source name processing in add_new_data_source()
by delaying it. We now simply store the constant string and lazily compute the
name when needed. This gives a performance boost because we only need the name
if we have multiple data sources.
svn path=/trunk/; revision=29066
"EVER!") Expand the entry/scope struct to include private enterprise
numbers instead of casting guint32s to arbritrary chunks of memory.
Limit the number of entries and scopes we allocate. Don't allocate
memory every time we see a new template. Don't use a C++ keyword for
variable names.
svn path=/trunk/; revision=29061
- Use value_string to convert strings
- Added more types and codes from IANA
Removed use of check_col()
Some white space cleanup
svn path=/trunk/; revision=29054
- Use value_string to convert strings
- Added more types and codes from IANA
Removed use of check_col()
Check checksum also if no tree
Some white space cleanup
svn path=/trunk/; revision=29050
to 224.0.0.x with a TTL>1. Some protocols (notably VRRP and GLBP)
send out a TTL of 255 and thus cause a notice. That should be fixed,
so for now: Add a FIXME about that.
svn path=/trunk/; revision=29024
Within the attached diff file are two source files, packet-dtn.h and
packet-dtn.c. Their function is to decode Bundle Protocol PDUs sent using the
UDP or TCP Convergence Layers. These protocols have been released by the
Internet Research Task Force and are described in RFC 4838 and RFC 5050.
Detailed information on DTN can be obtained at www.dtnrg.org.
svn path=/trunk/; revision=29010
ClassifierID should be before Priority field in the Extended Classifier of
PacketCable Multimedia Protocol. Also the reference to PacketCable Multimedia
document PKT-SP-MM-I02-040930 is wrong because there is no definition about
Extended Classifier. My fix is based on PacketCable Multimedia
PKT-SP-MM-I04-080522 document.
svn path=/trunk/; revision=28969
This patch protects against malformed Unique ID lengths (>= 252 bytes) and
defer all tvb_xxx related calls to when we actually need them. This allows us
to dissects as much as possible before bailing out (in case of a malformed
length).
From me:
Add a link to the protocol specification. Remove packet-miop.h along
with some struct definitions. (Don't tvb_memcpy over structs!) Remove
some more tvbuffs. Don't call proto_item_add_subtree if we're not going
to use the trees. Call proto_tree_add_item instead of
proto_tree_add_text Remove a bunch of unused ett_ variables. Add an
expert item for the protocol version. Register the field array with the
correct length.
svn path=/trunk/; revision=28963
- implement "ether" attribute;
- parse "abinary" attribute [uses existing radius_abinary()]
Also: add a comment in packet-radius.h about the meaning of the encrypt flag.
svn path=/trunk/; revision=28952
This patch correctes serveral minor things.
1. Adds decoding of generic services to classes that have a separate dissect
function.
2. Adds new error codes.
3. Adds new CIP objects.
4. Extends the VendorID list.
svn path=/trunk/; revision=28951
In the RADIUS dissector, the function radius_register_avp_dissector() registers
vendors that are not already present in the dictionary hash-table. As far as I
can see, there are two problems with this:
1. The function does not set the number of type/length octets and the has_flags
variable for that AVP, which is required to correctly decode AVP/VSA values
2. In some situations, the function is called _before_ radius_load_dictionary()
is called (for example for the vendor 3GPP (ID: 10415))
Therefore, all vendor entries that are created by calling
radius_register_avp_dissector() leave their type_octets and length_octets un-initialized,
which causes incorrect decoding.
[Result: Radius dissector displays messages such as:
"Malformed Packet: RADIUS" and "Error/Malformed: Malformed Packet(Exception occurred)"]
The attached patch fixes this problem by assuming that the dictionary knows the
'ground truth' about the type/length octet and the has_flags information and allows it to
overwrite these values even for vendors that have already been loaded.
Also: (from Bill Meier): set the type/length octet and the has_flags variables to default
"standard" values (1,1,FALSE) in radius_register_avp_dissector().
Fixes Bug #3651 (and Bug #3635).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3651https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3635
svn path=/trunk/; revision=28937
(plus some additional changes by me).
Handle BASE_RANGE_STRING display types properly
We always treat header field info strings as value_string's undiscriminated.
However, if the header field info display is marked as BASE_RANGE_STRING, we
need to treat them as range_string's. This wasn't properly handled in the
filter expression dialog and in the filter toolbar which would cause a crash
upon referencing any fields marked as BASE_RANGE_STRING.
svn path=/trunk/; revision=28931
The template cache contains pointers that are session-scope (only freed in
netflow_reinit()) but still we use g_malloc(). This patch changes that so we
now use se_alloc(). With this patch I'm able to reproduce the crash
("Per-session memory corrupted").
svn path=/trunk/; revision=28927
template, differentiate between Netflow v9 and IPFIX, which require
different interpretations. Add other minor fixes and comments.
svn path=/trunk/; revision=28911
rid of another, as the pointer in question is non-null in all calls (if
somebody adds another call with a null pointer, it'll crash when
dereferencing the pointer in any case).
svn path=/trunk/; revision=28900
which case it won't crash, or it will be null, in which case that just
trades one crash for another, and we should fix the crash.
svn path=/trunk/; revision=28898
Fixes crash reported in Bug #3578. [https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3578]
Essentially: CLEANUP_CALL_AND_POP wasn't being executed for certain error exits from
dissect_attribute_pairs() thus leaving a CLEANUP entry on the exception stack.
Also: vsa_buffer_table wasn't being destroyed if an exception occurred in dissect_attribute_pairs.
svn path=/trunk/; revision=28891
The previous check is incorrect when the first ldap frame in the capture is
selected and the filter is changed, or selecting "Follow TCP Stream".
Also removed check_col().
svn path=/trunk/; revision=28889
More packet decoding for Intellon powerline devices.
From me put proto_register_homeplug() last in the file and whitespace changes.
svn path=/trunk/; revision=28872
- Fix ncp2222.py and all the epan/dissectors/dcerpc dissectors. The
latter required changes to idl2wrs which used variadic macros (not supported in MSVC 6.0).
- Cleanup PIDL conformance files
svn path=/trunk/; revision=28856