dissector-bug macros. If it's just that we're missing some packets, we
should handle that as best we can and, if there's stuff we can't do,
maybe put something into the protocol summary or tree saying "not enough
information". Don't just spit out a warning message which the user
might not even see.
svn path=/trunk/; revision=35426
the discussion in bug 5541. Since we now have the window size value as
well as the scaled window size, there is no need anymore for the
tcp preference "tcp_window_scaling".
svn path=/trunk/; revision=35425
abbreviation
** ERROR **: Field 'IPv4 Address' (gtpv2.ipv4_addr) is an FT_IPv4 but is being
displayed as BASE_DEC instead of BASE_NONE
svn path=/trunk/; revision=35420
just put the reply body, if any, into the protocol tree as a blob. The
protocol tree will note that it's an unknown status.
svn path=/trunk/; revision=35414
one of the macros to report that, or you have a problem with the packet,
in which case you should note that in the protocol tree, or you have
something you don't understand, in which case you should dissect
whatever of it you do understand and put something appropriate, if
possible, into the protocol tree for the rest.
(And, if the length isn't right, there's not much you can do about it -
you have to trust the length, and manage to fail somewhere else.)
svn path=/trunk/; revision=35408
field names and adding descriptions, changing the Domain GUID in the "LDAP
ping" response to a FT_GUID instead of FT_BYTES, etc.
svn path=/trunk/; revision=35407
In dissect_amqp_0_10_array() if the 'type' is unknown, don't loop (for
potentially a very long time) adding the same element over and over again
(since the type is unknown, we don't know how much to increase the offset so
an exception is never thrown).
svn path=/trunk/; revision=35406
in MSCLDAP packets per Microsoft's MS-ADTS specification, section 7.3.1.1,
revision 26 (11/19/2010). Also re-format code a bit.
svn path=/trunk/; revision=35403
in the tree of the service record broken out. For example,
"_ldap._tcp.domain.com" shows:
Service: ldap
Protocol: tcp
Name: domain.com
svn path=/trunk/; revision=35401
terminated strings (retrieved with tvb_get_ptr()), just use
tvb_get_ephemeral_string() and the standard strtoul{l} functions.
svn path=/trunk/; revision=35394
From me: add 0_9 to names for #defines and routines for 0-9, add expert
info for the "you ran past the end of the field table" error.
svn path=/trunk/; revision=35380
causes (should have been in rev 35366).
When generating TVB subsets, limit the subset's backing and reported lengths to
the (captured) TVB length and the reported TVB length, respectively.
This allows us to dissect most of the packet in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
before asserting out.
It also yields similar better behavior when the capture is limited by a
snapshot length.
svn path=/trunk/; revision=35368
caused the numbering to no longer be lined up so the "SRV" record (#33) type
T_SRV was being given the description "EID" instead of "Service Location"
svn path=/trunk/; revision=35367
- "reported length" to be minimum of the entity's length (taken from the
packet) or the reported length of the TVB.
- "backing length" to be the minimum of the reported length (above) or the
(captured) length of the TVB.
This prevents tvb_new_subset() from generating an exception if the entity's
length (in the packet) is bogus (bigger than what's in the TVB) which allows
dissection to continue to a point where we can show the user what the problem
is.
When dissecting chunks, add an expert info if the item's length is bigger than
what was on the wire (the reported length). (The same could also be done for
parameters and error causes.)
This makes captures like that in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5546
easier to understand.
It also starts getting this dissector using the reported length instead of the
(captured) TVB length (there's more to be done with other tvb subsets).
svn path=/trunk/; revision=35366
in the segment and once to put them into the protocol tree, just do it
once. That also means we don't need to allocate an array for all the
reception claims, so we don't have to worry about the claim count (other
than making sure it's non-negative), and that we won't abort the
dissection until we run past the end of the packet.
(The rest of the dissector should be changed to work that way as well.)
svn path=/trunk/; revision=35356
A Patch to enchance the ICMPv6 Router Renumbering for IPv6 (RFC 2894) Dissector
- Make RR field filterable
- Add RR Result Message
- ...
svn path=/trunk/; revision=35355
Add support to EuroCableLabs at bootp opt 60 sub 23.
according to PKT-SP-PROV1.5-I04-090624, paragraph 10.23 Device MIB Support:
type 2 is indicating EuroCableLabs.
svn path=/trunk/; revision=35350
tvb_get_unicode_string()
tvb_get_ephemeral_unicode_string()
These function like their counterparts, tvb_get_string and
tvb_get_epemeral_string, for standard strings.
Also update comment on what the first such function,
tvb_get_ephemeral_unicode_stringz does regarding updating lengthp.
svn path=/trunk/; revision=35344
Fix one of the "Conditional jump or move depends on uninitialised value(s)"
errors from Valgrind: always initialize *val in get_sdp_type().
svn path=/trunk/; revision=35343
should've been done in the previous checkin).
Display the "request type" field in a Read Partition request correctly
(only the upper 2 bits matter, and they're an enumerated value).
svn path=/trunk/; revision=35336
which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and
potential code execution.
From me: ep_allocate our buffers.
svn path=/trunk/; revision=35318
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
embedding a version number. Use it.
"This will build and install the binaries and the manpage (pidl.1)."
refers to the process of installing Pidl; put it immediately after the
steps for installing Pidl.
svn path=/trunk/; revision=35305
an array of samr_RidWithAttributeArray structures. Don't equate it to
hf_samr_rid; that causes hf_samr_rid to be added as an item with a
length of -1, but, as hf_samr_rid is an FT_UINT32 field, that causes a
dissector bug error.
The version of Yapp I was using, at least, didn't like C++-style
comments in the IDL file; replace them with C-style comments.
svn path=/trunk/; revision=35304
Give more information about getting Yapp; not everybody using it is
necessarily using SUSE (and, yes, that's how it appears to be spelled
now, even though the "u" was for "und" and not originally capitalized).
svn path=/trunk/; revision=35303
buffer - the size of the latter can't be found with sizeof, as all you
have is a pointer to the buffer. sizeof (pointer) happened, by chance,
to give the right answer on ILP32 platforms, but gave a too-big answer
on LP64 and LLP64 platforms, which meant we overflowed the buffer when
clearing it.
svn path=/trunk/; revision=35297
/*
* Given a tvbuff, an offset into the tvbuff, and a length that starts
* at that offset (which may be -1 for "all the way to the end of the
* tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
* the low or high half byte, formating the digits according to an input digit set,
* if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
* A pointer to the EP allocated string will be returned.
* Note a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
*/
svn path=/trunk/; revision=35286
A patch to enchance the ICMPv6 dissector
- Update RFC Draft (draft-ietf-ipngwg-icmp-name-lookups-07/08) to Final RFC (RFC 4620)
- Make NI field filterable
- ....
svn path=/trunk/; revision=35283
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
make it possible to use element dissecton from this dissector
in other dissectors.
It is left in packet-nas_EPS.c as a comment for easier reference.
svn path=/trunk/; revision=35269
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
is a unicode (UTF-16) version of tvb_get_ephemeral_stringz(). It scans
a tvbuff for a UTF-16 string and converts it to UTF-8 upon return.
svn path=/trunk/; revision=35253
Fixes computing of milliseconds in CP56time2a and add "bitstring of 32 bits"
and "step position" support (ASDU types 5,7,32,33,47,51,60 and 64).
svn path=/trunk/; revision=35249
There are 2 parts to the CIGI protocol. 1) Host to IG messages and 2) IG to
Host messages. Currently, Host to IG messages are parsed correctly, but IG to
Host messages show Malformed Packet (or may not even detect as CIGI at all)
Some of the protocol format is different between versions. The "Minor Version"
is used by the dissector to separate the differences, but this field is in a
different location in the IG Control Packet (Host to IG message) vs the Start
of Frame Packet (IG to Host message).
Attached patch to correct this.
svn path=/trunk/; revision=35241
is what packet-smb.c uses) and add extra line breaks. Both changes are
for improved readbility of the frequent complex and cryptic loops.
svn path=/trunk/; revision=35238
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Guy Harris