Device->Host detection of ISO 7816 commands in PN532 packets.
From me: clean up indentation a bit in that section of the code.
svn path=/trunk/; revision=48530
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491
least one fuzzed capture contains them, and using ep_strndup() to copy
the line means that the actual amount of memory allocated for the copy
will be less than the length of the line, and code that parses the line
assuming that there are value_len+1 bytes in the buffer (including the
terminating NUL), such as the current parsing code, will break.
We should really have code in Wireshark to handle counted strings, and
have those be what we extract from packets. (And we should handle
non-UTF-8/non-UTF-16 encodings, and octet sequences that aren't valid
strings for their encoding, and handle display of invalid strings and
non-printable characters, and....).
Use g_ascii_ versions of various isXXX() and to{upper,lower}(), so we
don't get surprised by the behavior of the user's locale.
svn path=/trunk/; revision=48490
In Yet Another Protocol, implementation A neglected to set the padding bytes
to 0 and implementation B barfed on said padding (interestingly this
protocol's spec does not include the IETF-normal "receiver MUST ignore the
padding" blurb).
So:
Add the AVP to the dissection tree and add an expert info for when it's not
zero.
Also re-order a few of the hfs and remove a couple unneeded temporary
variables.
svn path=/trunk/; revision=48488
Dissector for NASDAQ's OUCH 4.x protocol.
From me:
- fix svn Id tag
- g_snprintf includes the null-terminator in its len count, so the buffer
only has to be ITEM_LABEL_LENGTH, not (ITEM_LABEL_LENGTH + 1).
svn path=/trunk/; revision=48479
manual flow analysis. Fixes part of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8504
General note: this dissector does *weird* things with sanity checks and
manually throwing exceptions. It needs a general cleanup, but that
is outside the scope of the current bug (and my available time).
svn path=/trunk/; revision=48473
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8214
From me:
- Use spaces for indentation (instead of :4 space tabs");
- Remove trailing whitespace;
- Add placeholder for un-implemented dissection of data types set, struct, bag.
(Probably should use 'expert' but that requires more work since dissection is under
'if (tree)').
svn path=/trunk/; revision=48455
Dissector for NASDAQ's SoupBinTCP protocol (which is non-trivially different
from the old packet-nasdaq-soup dissector).
From me:
- fix CMake entry
- remove C++-style comments
- fix SVN Id tag
svn path=/trunk/; revision=48452