in the segment and once to put them into the protocol tree, just do it
once. That also means we don't need to allocate an array for all the
reception claims, so we don't have to worry about the claim count (other
than making sure it's non-negative), and that we won't abort the
dissection until we run past the end of the packet.
(The rest of the dissector should be changed to work that way as well.)
svn path=/trunk/; revision=35356
A Patch to enchance the ICMPv6 Router Renumbering for IPv6 (RFC 2894) Dissector
- Make RR field filterable
- Add RR Result Message
- ...
svn path=/trunk/; revision=35355
Add support to EuroCableLabs at bootp opt 60 sub 23.
according to PKT-SP-PROV1.5-I04-090624, paragraph 10.23 Device MIB Support:
type 2 is indicating EuroCableLabs.
svn path=/trunk/; revision=35350
tvb_get_unicode_string()
tvb_get_ephemeral_unicode_string()
These function like their counterparts, tvb_get_string and
tvb_get_epemeral_string, for standard strings.
Also update comment on what the first such function,
tvb_get_ephemeral_unicode_stringz does regarding updating lengthp.
svn path=/trunk/; revision=35344
Fix one of the "Conditional jump or move depends on uninitialised value(s)"
errors from Valgrind: always initialize *val in get_sdp_type().
svn path=/trunk/; revision=35343
should've been done in the previous checkin).
Display the "request type" field in a Read Partition request correctly
(only the upper 2 bits matter, and they're an enumerated value).
svn path=/trunk/; revision=35336
which could be of arbitrary length - even if it's not supposed to be! -
as a value of some other type, by adding them as a registered field,
first check to make sure the length of the field is appropriate for the
type and, if not, show a dissection error, rather than showing a
dissector-bug assertion when we call proto_tree_add_item().
This fixes a bunch of dissector-bug assertions that show up with
malformed BER-encoded packets.
Also, fix a typo, and expand a comment.
svn path=/trunk/; revision=35330
Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and
potential code execution.
From me: ep_allocate our buffers.
svn path=/trunk/; revision=35318
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
embedding a version number. Use it.
"This will build and install the binaries and the manpage (pidl.1)."
refers to the process of installing Pidl; put it immediately after the
steps for installing Pidl.
svn path=/trunk/; revision=35305
an array of samr_RidWithAttributeArray structures. Don't equate it to
hf_samr_rid; that causes hf_samr_rid to be added as an item with a
length of -1, but, as hf_samr_rid is an FT_UINT32 field, that causes a
dissector bug error.
The version of Yapp I was using, at least, didn't like C++-style
comments in the IDL file; replace them with C-style comments.
svn path=/trunk/; revision=35304
Give more information about getting Yapp; not everybody using it is
necessarily using SUSE (and, yes, that's how it appears to be spelled
now, even though the "u" was for "und" and not originally capitalized).
svn path=/trunk/; revision=35303
buffer - the size of the latter can't be found with sizeof, as all you
have is a pointer to the buffer. sizeof (pointer) happened, by chance,
to give the right answer on ILP32 platforms, but gave a too-big answer
on LP64 and LLP64 platforms, which meant we overflowed the buffer when
clearing it.
svn path=/trunk/; revision=35297
/*
* Given a tvbuff, an offset into the tvbuff, and a length that starts
* at that offset (which may be -1 for "all the way to the end of the
* tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
* the low or high half byte, formating the digits according to an input digit set,
* if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
* A pointer to the EP allocated string will be returned.
* Note a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
*/
svn path=/trunk/; revision=35286
A patch to enchance the ICMPv6 dissector
- Update RFC Draft (draft-ietf-ipngwg-icmp-name-lookups-07/08) to Final RFC (RFC 4620)
- Make NI field filterable
- ....
svn path=/trunk/; revision=35283
ICMPv6 Enhancements : make ICMP option filterable (Part 2)
*Merge (and update) FMIPv6 Option with ND Option
*Make ICMP option filterable (use proto_tree_add_item..)
*Reorder ND Option
*Add dissector for RA Flags Extension (RFC5075)
*Add dissector for Handover Key Request/Reply (RFC5269)
*Add dissector for Handover Assist Info / Mobile Node ID (RFC5271)
*Add dissector for DNS Search List (RFC6106
From me removed a c++ style comment and changed
to tvb_memcpy(tvb, (guint8 *)&prefix.bytes in a couple of places.
svn path=/trunk/; revision=35272
make it possible to use element dissecton from this dissector
in other dissectors.
It is left in packet-nas_EPS.c as a comment for easier reference.
svn path=/trunk/; revision=35269
I've just finished to write a ncacn_http dissector for Wireshark which
provides the ability to dissect Outlook anywhere packets properly (as
specified by [MS-RPCH].pdf documentation.
svn path=/trunk/; revision=35259
is a unicode (UTF-16) version of tvb_get_ephemeral_stringz(). It scans
a tvbuff for a UTF-16 string and converts it to UTF-8 upon return.
svn path=/trunk/; revision=35253
Fixes computing of milliseconds in CP56time2a and add "bitstring of 32 bits"
and "step position" support (ASDU types 5,7,32,33,47,51,60 and 64).
svn path=/trunk/; revision=35249
There are 2 parts to the CIGI protocol. 1) Host to IG messages and 2) IG to
Host messages. Currently, Host to IG messages are parsed correctly, but IG to
Host messages show Malformed Packet (or may not even detect as CIGI at all)
Some of the protocol format is different between versions. The "Minor Version"
is used by the dissector to separate the differences, but this field is in a
different location in the IG Control Packet (Host to IG message) vs the Start
of Frame Packet (IG to Host message).
Attached patch to correct this.
svn path=/trunk/; revision=35241
is what packet-smb.c uses) and add extra line breaks. Both changes are
for improved readbility of the frequent complex and cryptic loops.
svn path=/trunk/; revision=35238
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
Add support for dissecting TDLS (IEEE 802.11z) frames.
These are mostly used as Action frames that are encapsulated in Data frames (to go through any AP).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5493
svn path=/trunk/; revision=35208
When I coded the decoding of the feature group indicator, I decided to do not display the feature group content when it is not supported. After further thinking I find it more useful to always display the features of a given indicator whether it is supported or not.
svn path=/trunk/; revision=35200
It seems that Hay Systems Limited (HSL) is using stream 0xDD to transport
human-readable debug messages from the BTS to the BSC.
svn path=/trunk/; revision=35196
As it seems, there are systems that use an IPA multiplex layer but don't use
it on the standard ports that ip.access is using them for the A-bis interface.
This patch adds a user-configurable preference for the TCP and UDP ports the
IPA dissector should work on.
svn path=/trunk/; revision=35195
Bug 5494 - FP-Hint: Display correct DCH-ID value
In FP-Hint, DCH-IDs are stored as a 5-bit value. While a 5-bit value can
hold values from 0..31, DCH-IDs in the NBAP, RNSAP and RRC protocols
have values from 1..32.
This patch adds 1 to the DCH-ID in FP-Hint in order to display the
correct DCH-ID value in the protcol tree.
svn path=/trunk/; revision=35190
header as the "Routing Domain" field as introduced in RFC 1388 [January 1993]
and obsoleted as of RFC 1723 [November 1994]. Defaults to FALSE.
svn path=/trunk/; revision=35187
- Initialize a few static global variables;
- Remove two unnecessary calls to g_hash_table_foreach_remove;
- Do whitespace cleanup and use consistent indentation;
- Fix a few typos and fix up several comments.
svn path=/trunk/; revision=35183
Specifically: free all dynamically allocated memory after each test (or
at program completion).
Also: add some debug functions (conditionally enabled) to print information
about the fragment_table and reassembled_table fd-chains.
svn path=/trunk/; revision=35172
Enhancements to BACnet's bacapp dissector
Details:
1) Added the low and high instance parameters of the who-is command to the
summary view, if present.
2) Added dissecting of the property active-cov-subscriptions.
3) Added tag details to the decoded view of ProcessId.
4) Fixed the indent levels of the recipientProcess decoding.
5) Fixed the indent tree levels for ReadPropertyMultiple-ACK when decoding
error response.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5473
svn path=/trunk/; revision=35170
Add a bunch of NetFlow/IPFIX extensions from Plixer and ntop.
A little cleanup as well.
From me: remove duplicate blurbs.
svn path=/trunk/; revision=35142
Various fixes for AgentX protocol decoding:
1/ Fixed the decode of get & getnext PDU to correctly iterate over range lists.
2/ Re-adjust PDU header highlighting to hightlight all 20 octets instead of
only the first 4.
3/ Altered the decode hierarchy so that PDU bodys are no longer a sub-component
of the PDU header, but is now at the same level as the header.
4/ Corrected the highlighted length of decoded OIDs.
5/ Added bitwise decoding of the PDU 'flag' octet.
From me:
- Remove unnecessary includes.
- Some indentation/white space cleanup.
- Remove (new) duplicate blurbs
svn path=/trunk/; revision=35141
bug #5466 with some minor whitespace modifications from me and a fix of an
invalid offset introduced with the patch. Fuzz testing still needs to be done.
I can't seem to get the fuzz tester to work with the capture files attached to
the bug report.
svn path=/trunk/; revision=35137
UTF-8 support instead of isprint(). This allows the middle packet details
pane to display UTF-8 strings instead of escaping them with \xxx notation.
svn path=/trunk/; revision=35131
truncates newly created and copied strings. The problem was that
strlen() (which returns a length not counting the NULL terminator) was
being mixed with functions that do malloc() (which need to allocate
memory large enough to inculde the NULL string terminator).
svn path=/trunk/; revision=35128
Comment in the code asked....
/*XXX: 2 bytes skipped ?? */
Here is what I have found.
The high byte (1) indicates the Classification Engine ID
The low bytes (3) indicate the application ID
Engine ID of 5 is NBAR Standard.
Engine ID of 6 is NBAR Custom.
Attached patch displays all 4 bytes (type and ID) in a readable way. Also
allows better filtering.
svn path=/trunk/; revision=35116
MongoDB dissector improperly decodes cursorID in OP_KILL_CURSORS command.
The size of the CursorID is 64 bits, while the code assumes they are 4 bits,
though correctly incrementing the pointer. Fix this typo.
svn path=/trunk/; revision=35103
The scsi_persresv_type_val field in packet-scsi.c contains a mapping of
persistent reservation opcodes to their descriptive types. The opcode for the
Exclusive Access - Registrants Only field is incorrectly set to 7, when the
correct opcode is 6 (as per SPC-2 onward). The attached patch corrects this
discrepancy.
The attached patch also adds support for dissecting opcodes 7 and 8, the two
all registrants reservation types present in SPC-3 onward.
svn path=/trunk/; revision=35099
The information which is used to determine which sub-dissector to use for the
various Data messages within an SCCP connection is only present within the
initial Connection Request, so even with connection tracking on, unless the
trace contains the Connection Request no sub-dissector is called. It is common
for traces to only contain a single carried protocol anyway - e.g. RANAP.
The supplied patch adds a user preference for a "default payload"
sub-dissector, which is called in preference to the Data dissector if nothing
else has claimed the packet first.
svn path=/trunk/; revision=35098
The packet-sccp.c has a bug in the declared valid ranges of the SSN and DPC
values in the user table used to match to a subdissector. The SSN range is 16
bits rather than 8 (not really an issue) but the DPC range is 16 bits rather
than 24 - so many traces cannot be matched by this table.
svn path=/trunk/; revision=35097
In the Windows C Runtime the strings in the global array _tzname[]
are encoded using the "system default ansi code page".
They must be converted to UTF8 before use by Wireshark/GTK.
(See comment in the code for details).
Fixes Bug #5421 (I hope).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5421
Also: Fix bug: when the timezone name is not available from the system
?ST was used when ?DT should have been used (and vice-versa).
svn path=/trunk/; revision=35086
Limit the length of manuf names to 8 characters in make-manuf (this matches
the (old) limit in addr_resolv.c).
Dynamically allocate memory to store the manuf name in epan/addr_resolv.c so
that we don't end up corrupting the UTF-8 if/when we need to truncate the
string.
svn path=/trunk/; revision=35082
The attached patch against that dissector contains :
FIX:
- counting statistics over encrypted packages (line 610 ff)
NEW:
- tag sametime message type 0x0025 as known
MISC:
- better comment
- new line clean ups
svn path=/trunk/; revision=35077
I just found a small bug in LTE PDCP dissector with current top of tree.
If global preference global_pdcp_dissect_user_plane_as_ip is set to true, the dissector will try to decode an IP frame even with signalling plane.
PDCP-LTE
...0 0000 = Seq Num: 0
Signalling Data: 0800183aa808
MAC: 0x00000000 (0)
[Malformed Packet: IP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
With the attached patch, I get the correct output for both signalling and user plane PDUs.
svn path=/trunk/; revision=35076
Anders Broman