- Dissect ICQ TLV values
- Dissect channel 1 and channel 2 messages correctly in Oscar (required
for dissecting direct connections)
svn path=/trunk/; revision=12072
move CIP protocol to own dissector
clean up code and fix variable names
add more info to info column
fixed decoding of embedded messages in Unconnected send and
Multiple Service packets
add more info to path decoding
add more filter options/clean up
complete CIP vendor codes
svn path=/trunk/; revision=12070
append MPLS fields and values to the MPLS Header subtree;
correct the string displayed for MPLS Label;
don't show non-reserved MPLS label values as "Unknown".
svn path=/trunk/; revision=12065
- Dissect the DC (Direct Connection) info structure
- Dissect the complete buddy icon family (you can now save buddy
icons as .JPG's/.PNG's directly from the capture using the "Export
selected bytes..." option!)
- Add a function that dissects a sequence of TLV's instead of having
while() loops all over the place.
svn path=/trunk/; revision=12063
Remove some code duplication from the Oscar dissector (reduces
the number of lines by 500) by providing a custom registration
function for oscar families (aim_init_family). This also fixes
a number of issues with column names.
Add minor updates such as adding support for the Capability Info
TLV on users.
svn path=/trunk/; revision=12060
1. Fix dissection of Check Point vendor ID version field. The length was
wrong.
2. Added dissection of payloads 130 and 131, which were used in early
NAT-T drafts (and are still used by MS and others). They are equal to
payloads 15 & 16, (NAT-D, NAT-OA), respectively.
3. Added ASN.1 decoding of Certificate requests of type X.509
Certificate - Signature (4)
4. Added ASN.1 decoding of ID of type ID_DER_ASN1_DN (9)
svn path=/trunk/; revision=12059
if that pointer is non-null, put the field in question into the protocol
tree under the top-level item for that attribute/value pair, rather than
hardcoding particular fields for particular attribute codes.
Use BASE_NONE, not BASE_DEC, for FT_STRING, FT_BYTES, and FT_IPv4
fields.
svn path=/trunk/; revision=12048
NETTL_SUBSYS_NS_LS_ICMPV6 - they don't even have IP headers, so we need
to directly call the ICMP and ICMPv6 dissectors.
svn path=/trunk/; revision=12047
within the file) and "burst offset" field (offset of this packet within
the burst).
The burst header is not present if the SYS flag is set in the packet or
if the data offset field is non-zero.
Compute the offset, within a burst packet, of the data, as we advance
through the burst header - and don't advance through the burst header if
it's not present.
Properly display the fields in the "missing fragment list".
svn path=/trunk/; revision=12041
- Support for more generic TLV's
- Support for two more SNAC families: email and sst
- Support for extended status (as used by iChat)
- Use correct TLV in SSI RightsInfo
- Dissect and handle FNAC flags field correctly
svn path=/trunk/; revision=12022
make the dissectors "new-style" dissectors and return 0 for packets that
don't look like iSNS. Do this *before* doing TCP reassembly - once
you've done reassembly, it's too late.
Don't set the columns in the main dissector routines - it's also done in
the PDU dissector, which is sufficient. Set the protocol column to
"iSNS", not "isns".
svn path=/trunk/; revision=12015
I've written this patch to use the 'Delay since last SR' (DLSR) field found
in SR reports to calculate and report roundtrip-propagation delays. This is
described in rfc 3550, section 6.4.1, inside the description of DLSR.
Only the endpoint can compute the end-end roundtrip delay, and only they
know exactly when the report is received and can compare it with the 'Last
SR timestamp' (LSR) that they set. This patch instead takes the difference
between the capture times of the 2 reports and subtracts the DLSR (the LSR
is checked in case the SR it's referring to wasn't captured). The time
difference represents a roundtrip network delay between the point of capture
and the sender of the SR containing the DLSR.
svn path=/trunk/; revision=11998
1. As you said visible fileds are much better.
2. As they became visible I noticed the length and offset of the fields
were wrong, I fixed them.
3. I added few more "essential" fields (as a colleague told me as soon
as you move away from 3G some fileds like username become the most
important)
svn path=/trunk/; revision=11991
NTLMSSP, the state of the RC4 stream is dependent on the stub being
decrypted before the verifier.
Correctly set the length and reported length of the tvb for the stub
(the reported length of that tvb should be set based on the *reported*
length of the parent tvbuff, not the captured length).
svn path=/trunk/; revision=11938
and "if (!tree)" checks updates the Info column and calls subdissectors,
so we can't bypass all of it - don't bypass any of it.
svn path=/trunk/; revision=11903
so that IF kerberos succeeds in decrypting a blob it can print a nice
"[Decrypted using: keytab principal foo/bar@REALM]"
or
"[Decrypted using: key learnt from frame xx]"
This makes it much easier to keep track of what keys decrypt what blob
and is very useful for illustrating the sequence of keys that are exchanged and used in kerberos during the AS/TGS/AP exchanges.
svn path=/trunk/; revision=11853
ethereal used to (bug) print in the summary line
"[Continuation to #%d]" where %d was the current frame number.
Fix this bug and let %d print the frame number of the first frame for this multiframe PDU.
(Strange that no one has complained about this one)
svn path=/trunk/; revision=11852
make ethereal attempt to automatically detect wether header digest is used or not for iscsi sessions.
This makes ethereal decode the packets properly EVEN for perfectly normal sessions where
the discovery session is performed with no digest but the normal login session negotiates digest.
the detected headerdigest setting is tcp session wide and thus it
it does not work for such initiators (if such exist) that resuse the same socketpair between the discovery and normal login sessions.
svn path=/trunk/; revision=11850
later this soon to be implemented structure (and not the conversation) will
hold the information we need to track wether
digests etc are in use or not.
this also allows some minor indentation cleanups as well.
svn path=/trunk/; revision=11848
try to access the conversation structures unless the
proper preferences are enabled (so that the structs exists iun the first place)
svn path=/trunk/; revision=11845
If window scaling is NOT offered in the SYN+ACK then window scaling will
not be used at all, so clear it if we saw it offered previously in the SYN packet.
If the window is scaled in a packet, make ethereal display that by appendign the
string " (scaled)" to the end of the tcp.window line in the
decode pane.
svn path=/trunk/; revision=11837
1. Fix Fax Number NDS attribute. This was causing malformed
packet message due to improper decoding.
2. Do not try to decode packet beyond connection status when
return value is non-zero (error condition).
svn path=/trunk/; revision=11836
This tag was part of an early kerberos draft but had dissapeared
when 1510 was published.
this early draft exist in implementations in the wild.
add 4 extra checksum types as well from that draft.
svn path=/trunk/; revision=11834
references to a packet - just re-"decrypt" it (not a lot of work, given
the sophisticated encryption MAPI uses). We don't save decrypted data
for non-trivial encryptions, so there's not much of a reason to save it
here - and the code to save it was at least sometimes not finding it
again, causing crashes.
Set the length and reported length of the decrypted data tvbuff
appropriately.
svn path=/trunk/; revision=11812
From Luis Ontanon: add some fields for filtering r packet-isup which adds A,B and C numbers to the
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up
svn path=/trunk/; revision=11811
integers.
Make FT_INT64 and FT_UINT64 add numerical values, rather than byte-array
values, to the protocol tree, and add routines to add specified 64-bit
integer values to the protocol tree.
Use those routines in the RSVP dissector.
svn path=/trunk/; revision=11796
I (hopefully) didn't changed any protocol fields or preference file names, but only the GUI labels appearing in the protocol display and the protocol preferences.
Also added a note to the protocol preferences (where appropriate), that you have to enable "Allow subdissectors to reassemble TCP streams" at the corresponding protocol settings for TCP reassembling to take effect.
If you encounter any mistakes I've made here, please let me know...
svn path=/trunk/; revision=11784
fields (that is called,calling and redirecting number). Changed the patch to not use hidden fields and some code clean up.
svn path=/trunk/; revision=11780
the NTLMv2 blob, so don't bother dissecting it for now - perhaps we
should see how much of the NTLMv2 response remains, and, if there is
any, put it into the tree as extra data.
svn path=/trunk/; revision=11765
encapsulated options, just give up on the option in which they're
encapsulated.
Note that for the Relay Message option, we should perhaps dissect the
option data as a DHCP message, not just a sequence of options.
svn path=/trunk/; revision=11756
produces some floating-point noise in the nanoseconds field; we've
required 64-bit integer support for a while, so use that.
svn path=/trunk/; revision=11754
- test for NULL conversation data to avoid a potential crash when
looking up stream setup info (as RTP dissector does);
- adds a heuristic function (like RTP, this is a preference
initially set to off).
svn path=/trunk/; revision=11748
byte - and a length of 1 is used to put the message digest into the
protocol tree, which agrees with that. Therefore, "tvb_get_guint8()"
should be used to fetch it.
svn path=/trunk/; revision=11746
(or, as that documentation calls it, the language name) is the database
name; mark it as such.
It also says there's some other stuff, such as a client MAC address,
after the database offset/length (and that the NTLMSSP message doesn't
come right after the database offset/length, there's an offset/length
for the NTLMSSP message). Put in a comment about that.
svn path=/trunk/; revision=11713
protocol "dhcpfo", to match the filter names of its fields; that - or
changing the long name or abbreviation of the protocol - fixes the core
dump (which was in a check for a name being legal).
svn path=/trunk/; revision=11631
ISC DHCP Server 3.0 failover protocol dissection
Note: I tried to make the port configurable via prefs
but failed to do so: It always cashed on startup so it
is commented out for now.
svn path=/trunk/; revision=11630
1. define new TDS packet type (17) - NTLM authentication packet. Call
the ntlmssp dissector to dissect it when needed.
2. define new TDS packet type (18) - donno what it is exactly, but it's
there. Will dissect it someday.
3. heuristic in netlib_check_login_pkt should also check port 2433.
4. unify the dissection of msg and err token. They have the same
structure.
5. improve the dissection of the above mentioned token.
svn path=/trunk/; revision=11616
include of <resolv.h> in any system header file gets the system
<resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]).
svn path=/trunk/; revision=11615
NTLMSSP-related than SMB-related, and documents about NTLMSSP talk about
it, so it's a little more convenient to keep all that stuff together -
and export it through a packet-ntlmssp.h header.
svn path=/trunk/; revision=11585
"Negotiate 56", meaning that 56-bit encryption is supported - and that
"Negotiate 128" means that 128-bit encryption is supported, so note that
in the blurb for that flag.
It also says that the values for "Request Init Response", "Request Accept
Response", and 'Request Non-NT Session Key" are a factor of 16 away from
what our #defines say they are, and that 0x000[124]0000 are "Target Type
{Domain,Server,Share}". Note that in a comment.
svn path=/trunk/; revision=11582
check whether "match_strval()" returned a null pointer before
using its return value;
mark the end-of-burst packet.
Clean up white space.
svn path=/trunk/; revision=11551
31A and 31B in the 2000 and later 802.3 specs. (Dissecting them is left
as an exercise for the student.)
Clean up whitespace a bit.
svn path=/trunk/; revision=11536
the distribution, as was the case in the past.
Arrange that RCS IDs be expanded, and that the EOL style be native, for
epan/dissectors/Makefile.{am,common,nmake}.
svn path=/trunk/; revision=11532
before running it (printing echo commands puts extra gunk into the
output), and remove some additional generated files when doing "make
distclean".
svn path=/trunk/; revision=11517
x509af is now virtually complete (the attribute userPassword still needs
an attribute dissector but after that, x509af is complete)
svn path=/trunk/; revision=11510
explicitly pass NULL as the tree argument to
"dissect_ndr_uint32()" - "tree", which was passed before, was
definitely null at that point, and the intent is that it not put
anything into the protocol tree;
use the correct offset when putting items into the protocol tree
(the offset has been advanced just past the end of the field at
the time the items are being put into the protocol tree).
svn path=/trunk/; revision=11506
use this and create a new tvbsubset so that
1, reading too much data is flagged as MALFORMED PACKET indicating a bug in the dissector (or a packet that IS malformed)
2, this also implicitely passes the length of the data through the ber.oid dissector handle in case we want to pick it up later.
svn path=/trunk/; revision=11490
(see how good it is to put markers for emacs macros in the files, it was pretty quick, wasnt it? i even tested the resulting code.)
svn path=/trunk/; revision=11481
Also implement the attribute organizationName which is of this type.
(Add magic comments so emacs-macros will be happy.)
svn path=/trunk/; revision=11479
in promiscuous mode, packets captured promiscuously show up as 802.11
packets encapsulated in Ethernet, with an Ethernet type of 0x2452.
svn path=/trunk/; revision=11451
to the ethereal build.
The dissections are semi-useful but incomplete.
The big problem still remaining is the x509if Name object not being
dissected properly thus causing the dissection to get out of sync/fail
halfway through the certificate structure.
work in progress but already semi-useful.
svn path=/trunk/; revision=11440
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410