I've just had a bug in one of our private dissectors which meant
that the handle passed to call_dissector was null. This seemed to give
varying behavior - on some Windows installations it hit wireshark's
in-built exception handling, and displayed that the dissector had an
error (correct), but on some installations it just crashed wireshark
(not helpful). I _think_ the difference was whether MSVC was installed
or not, but on a sample of only 3 machines.
Should call_dissector include explicit null handle checks, and if so,
should it:-
a) g_assert - the simple patch attached
b) fallback to doing a data decode (as disabled protocols do)
c) try to invoke the wireshark exception handling for the packet
Or is the correct answer none of the above - the exception handler
should already cope ?
svn path=/trunk/; revision=18869
provided by markdrago@mail.com.
Me: Patch template files instead and regenerate the dissector files.
Fix Makefiles to use the correct asn filenames.
svn path=/trunk/; revision=18866
a new bit 0x00020000 is usde in the TGS-REQ packets and this results in a return of a PAC containing an unknown type 11 field.
the blob in the pac is 200 bytes and NDR encoded. its structure is obvious since it contains 2 conformant and varying arrays and three unique pointers.
enable decoding of this new KDCOptions bit and call it "constrained delegation"
svn path=/trunk/; revision=18857
libgcrypt, enable it in the Windows build.
In packet-ipsec.c:
- Remove non-constants from variable declaration initializations.
- Use ep_alloc() in a couple of places.
- Fix an off-by-one error.
- Reduce the number of SAs in the preferences from 4 to 2. 4 made the
preferences window absolutely enormous. This is probably the wrong
way to fix this.
- Fix up whitespace.
svn path=/trunk/; revision=18856
also change the name of one of the strings we keep around since it is more generic than just used for attributeassertions
svn path=/trunk/; revision=18841
I was looking at the dissector I wrote recently, packet-exec.c, to remember
how to handle conversations and I noticed a comment that isn't clear.
It would throw someone off because it isn't how the dissector was finally written :).
svn path=/trunk/; revision=18833
the supplied patch fixes a problem where the options value should really be used from the conversation found (using
conversation_lookup_hashtable(...) to create a new conversation based on the already stored conversation template (the CONVERSATION_TEMPLATE bit is set in the stored conversation) rather from the options argument passed to the function(s).
This solves a problem that otherwise shows itself where "DISSECTOR_ASSERT(!(conv->options & CONVERSATION_TEMPLATE) && "Use the conversation_create_from_template function when the CONVERSATION_TEMPLATE bit is set in the options mask");" fails sometimes.
svn path=/trunk/; revision=18825
This patch adds a new dissector for the daytime protocol (like the time
protocol, but the date and time is send as a text string). This protocol and
dissector work s over TCP or UDP.
svn path=/trunk/; revision=18823
The time protocol (port 37) dissector (packet-time.c) currently only supports
UDP. The protocol has an identical implementation over TCP as well. This
patch adds support to the dissector for TCP time in addition to the UDP time
packets
svn path=/trunk/; revision=18822
This patch adds the most commonly referenced items from CDP frames to the info
column: the device id (hostname) and port id. For example:
Cisco Discovery Protocol Device ID: myswitch.me.com Port ID:
GigabitEthernet7/12
svn path=/trunk/; revision=18821
- updated to the current (approved) spec. I'm not sure how backwards-compatible this is with older drafts...
- prettified the existing code, including more details in the info column
Also included is a fix to the way the offset at the end of an RTCP BYE packet is calculated (taking into account the NULL. This avoids the 'length wrong' expert item)
svn path=/trunk/; revision=18820
- Add a preference to try to find messages within sctp primitive messages (tries renaming of known mismatches)
- Add outhdr to stub protocol (getting ready for IuB FP)
svn path=/trunk/; revision=18818
A disassembly module I wrote for Pegasus Lightweight Stream Control, a protocol used by some cable set-top boxes for video-on-demand.
svn path=/trunk/; revision=18807
- allow SDP to parse the IP address + port for the MSRP session from the
path attribute
- setup an MSRP conversation using this address, whose data points back
to the SDP frame
- link to the SDP setup frame while dissecting MSRP (can be switched off
by a preference)
- I also changed sdp.media.port to be a numeric field
svn path=/trunk/; revision=18806
fix for h450 to prevent an assertion for uninitialized hffields
Thanks for the capture, Keith. The problem was with h450 hf fields that
weren't initialised sucessfully (at all in one case, or with non-unique
filter strings in several others) - it was hitting an assertion in proto.c
when an attempt was made to use those fields.
I was able to test by editing packet-h450.c directly, I couldn't regenerate
it from packet-h450-template.c. I'm attaching a patch to
packet-h450-template.c that hopefully does the same thing. If someone can
generate and check it packet-h450.c in for me I'll retest.
svn path=/trunk/; revision=18804
Hi,
This patch allows FT_NONE items to be built into filter expressions
(i.e. testing for their presence or absence rather than comparing with a
value) using the Apply|Prepare a Filter menus. What drove me to add
this was having to type in !tcp.analysis.out_of_order.
Does this seem reasonable?
Regards,
Martin
svn path=/trunk/; revision=18782
Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
svn path=/trunk/; revision=18780
The barker preamble bit is set when a station associates
which does not support short preambles. When it is 0, short
preambles are allowed.
Me: Add a reference to the spec stating the above.
svn path=/trunk/; revision=18777
This patch:
- adds headers found in later versions of the msrp drafts
- fixes a problem where wrong length values were used while parsing the
request/status line and it was going beyond linelen
- "Transaktion" -> "Transaction"
- status code now appears as a numerical field
- removes unused parameters from check_msrp_header()
- tidies up some indentation
It has survived some fuzz-testing.
svn path=/trunk/; revision=18766
sip_stats.c and tap_sipstat.c:
adds the code 429 ("Provide Referrer Identity", from RFC 3892) to
SIP stats.
chargecontrol.xml packet-diameter.c :
These patches
- add a few more chargecontrol AVPs, and add the vendor-id where needed
- report as expert info when AVPs' lengths don't match their type
svn path=/trunk/; revision=18743
special case some common special attributes such as DomainSid and DomainGuid
and dissect them as SIDs and GUIDs
examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev
svn path=/trunk/; revision=18719
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
add a generated field telling the user and add an expert info entry
This often happens when the capture misses the binding procedure at the beginning of a conversation "capture start too late".
svn path=/trunk/; revision=18687
packet-pktc.c:
Catch an underflow.
packet-ospf.c:
Don't burn CPU cycles unnecessarily.
packet-rpc.c:
Catch an overflow.
packet-mq.c:
Check a header size.
Fix up whitespace.
svn path=/trunk/; revision=18685
packet-diameter.c
- show vendor ID as a decimal number
diameter/chargecontrol.xml
- add more AVP entries from 3GPP TS 32.299 (6.6.0)
svn path=/trunk/; revision=18679
packet-mount.c:
Don't allocate a huge amount of memory.
packet-ntp.c:
Fix a possible format string bug.
packet-ndps.c:
packet-nmas.c:
Fix an off-by-one buffer error.
svn path=/trunk/; revision=18678
- changes the ISUP dissector preference to follow MTP3's preference
rather than having its own (similar to SCCP, M3UA, etc.). I did not
obsolete the old preference because it was never put out in a release
(only SVN users would have seen it). I can change that if desired.
- add dissection of ANSI CRM message
svn path=/trunk/; revision=18661
this also removes several small memory leaks through get_oid_name and get_oid_str_name where the callers nevber freed the data
svn path=/trunk/; revision=18647
packet-diameter.c
--------------------------
I completely reindented dissect_avps() before I made any changes, but
when ignoring white space (in tkdiff, -w plus checking 'Ignore blanks
when diffing'), its easy to see the small changes I've made:
- when fail to find AVP info, show code in tree parent in decimal (as
specs do)
- add an expert info (undecoded, note) to indicate unknown AVP codes
diameter/imscxdx.xml
-------------------------------
- added 'Associated-Identities'
svn path=/trunk/; revision=18641
activate_secondary_pdp_contex_acc - radio priority missing, QoS wrongly dekoded.
Fault in i detach_req: should be ELEM_OPT_TLV
identiy half-octeten ignored.
"Cause" written as "LLC SAPI"
Decoding of TFT.
svn path=/trunk/; revision=18640
attached a patch for the BGP dissector for correct display of
VPLS NLRIs as per the latest spec (draft-ietf-l2vpn-vpls-bgp-08).
svn path=/trunk/; revision=18638
this break old preference settings but as we havent shipped any win32 version with this feature yet it shouldnt be any drama
see wiki for updates on the new format
(we still need many many updates and cleanups to the code but the non-backward compatible preference change must go in asap)
svn path=/trunk/; revision=18609
This should fix some "differ in signedness" warnings (and maybe will raise new ones, which should be fixed at the calling places then)
svn path=/trunk/; revision=18605
Fix Bug 976
Looking at frame 170 in the trace, it looks like
tvb_get_ephemeral_text() struggles with the null character in the middle
of the 4th parameter (in the WWW-Authenticate header) and returns NULL.
The attached patch uses tvb_format_text() instead which also does a
better job of showing the string.
svn path=/trunk/; revision=18589
The patch avoids the crash for unknown messages, adds the Common Id
message dissection which caused it, and also add dissector name
registration for the 2 other protocols which this file can provide.
svn path=/trunk/; revision=18586
ifdef out a few lines of dead code for a feature that is not yet finished
remove two compiler warnings about uninitialized variables (they are not uninitialized, just gcc being dumb)
svn path=/trunk/; revision=18558
replace overly convoluted code with much simpler code.
stateid is a simple 16 byte structure and there is no need to make it more complex than it is.
svn path=/trunk/; revision=18555
1, (minor) the heuristics are too weak and everyting is always decoded either as netapp filehandles or one of the others even when just capturing ibetween say two classic unix boxens
2, (major) you can not filter on specific subfields of the filehandle
observation: 5 people or less in the world care about implementation specific storage of data inside an opaque blob.
remove the too weak heuristics for nfs filehandles.
make decoding of filehandles accorrding to specific implementations controlled by a preference setting.
default this setting to "unknown"
display unknown filehandles using proto_tree_add_item() FT_BYTES/BASE_HEX to make it fitlerable instead of a useless proto_tree_add_text()
wiki needs to be updated tomorrow
svn path=/trunk/; revision=18530
and the weak heuristics often cause wireshark to mistake some segment containing read/write data to be iscsi.
make the heuristics to check that a packet really is iscsi much stronger
svn path=/trunk/; revision=18523
This fixes a redefine of AF_INET6 on AIX 4.3.3. We pull in <sys/socket.h> so the OS can define it first, nullifying the #define in epan/inet_v6defs.h.
svn path=/trunk/; revision=18522
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
This needs to be done for all other Create/Open calls as well but would notmally just be 6 lines tyo add.
I rarely see older methods to open files so others using older clients are encoraged to use these 6 lines to the other places where needed.
svn path=/trunk/; revision=18515
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512
this bug can not currently trigger but if someone would rename the module
in the future then this could potentially cause a null dereference.
svn path=/trunk/; revision=18494
we used the wrong size which caused emem to complain that the canary value had been stomped upon.
another win for the canary feature. thanks gerald
svn path=/trunk/; revision=18491
everytime a ndmp_[scsi|tape]_open is seen create a new itl
we need an itl structure to be able to know what commandset a certain device is using.
svn path=/trunk/; revision=18490
make dissect_scsi_cdb abort with an assert if called with a null pointer for itl.
This means scsi over ndmp will be aborted by an assert sicne ndmp passes a null pointer here always but at least is better than a segv since some cdb's require itl to decode properly.
next checkin will fix ndmp in this regard.
svn path=/trunk/; revision=18489
have neither. For those with MAP_ANON but not MAP_ANONYMOUS, use
MAP_ANON; for those with neither, add some code to use "/dev/zero".
svn path=/trunk/; revision=18488
HP-UX doesn't have MAP_ANON but it does have MAP_ANONYMOUS. Moreoever,
according to mmap(2) on RHEL:
MAP_ANONYMOUS
The mapping is not backed by any file; the fd and offset argu-
ments are ignored. This flag in conjunction with MAP_SHARED is
implemented since Linux 2.4.
MAP_ANON
Alias for MAP_ANONYMOUS. Deprecated.
svn path=/trunk/; revision=18486
to format into a buffer and then pass that buffer.
Make a count an "int" rather than a "size_t" to squelch a (valid)
compiler warning.
svn path=/trunk/; revision=18482
ldap and ldap+sasl
remove a recent ber length validation in packet-ber.c that cant work and breaks reassembly and also makes all ber pacvket sspanning multiple segments show up as malformed packets.
svn path=/trunk/; revision=18465
Check for libgcrypt 1.1.0 (note: I don't know which version
is required, so maybe the version number needs to be changed
for this test to work reliably).
packet-ipsec.c:
- Replace __USE_LIBGCRYPT__ by HAVE_LIBGCRYPT to follow
conventions.
- Warning fixes: signedness in sscanf (%i -> %u)
- Warning fixes: mixed declaration and code
svn path=/trunk/; revision=18460
make the display of the filters more similar to how the ldap c api represents
filters and how they are commonly represented in documentation and other texts.
svn path=/trunk/; revision=18449
Check for printable ASCII - 0x7F is >= 0x20, but it's not printable, and
0x80 through 0xFF aren't ASCII.
Note that we should perhaps be using RFC 2252-style schemas to figure
out which attribute and assertion values are text and which are binary.
svn path=/trunk/; revision=18447
So make the field "frame.marked" visible and tag it as generated.
Move both "time reference" and "marked frame" fields towards the end of the "frame" protocol fields.
Should be copied over to trunk-1.0
svn path=/trunk/; revision=18435
This patch:
- treats the variant field as a variable-length string field. This is
needed for some of the more complicated protocols where the variant
number of the embedded protocol is also represented
- the patch to Makefile.am was not applied from
http://www.wireshark.org/lists/wireshark-dev/200606/msg00009.html
svn path=/trunk/; revision=18427
Added option "ANSI MAP" in Preferences menu, that ansi_map protocol dissector can parse packets with non-standart SSN.
svn path=/trunk/; revision=18358
- shows profile-specific extension data at the end of SR/RR reports (if
packet length has not yet been reached after parsing normal data) and
advances offset (further packets were not recognised+dissected as this
data wasn't being skipped).
- checks that the length of the RTCP data in the whole frame matches the
combined length from the length fields (the last check in RFC 3550, "A.2
RTCP Header Validity Checks") with a generated field and expert info
when wrong.
- reports the length field in all of the message types consistently (the
length was confusingly shown multiplied by 4 only in APP packets...)
svn path=/trunk/; revision=18357
- while parsing fmtp lines, the dissector looks for the MPEG4 'profile-level-id' parameter. If there is no '=' present, it was throwing an exception and the frame marked as malformed (see e.g. the attached
capture)
- I've added a few comments where the code wasn't obvious to me...
svn path=/trunk/; revision=18332
Q.931:I
mprovesthe dissection of Q.931 Channel
Identification information elements, by using proper (filterable) header
fields rather than text tree items.
H253:
make the h.263 dissector dissect the group-of-block
number which comes after a GOB start code.
svn path=/trunk/; revision=18323
H225.cnf
I noticed is that the voip call flow graph does not have a label for the setupAck packet. I traced this to the empty frame_label.
voip_calls.c
It seems to me that in gtk/voip_calls.c tmp_h323info->guid is pointer itself, therefore:
memcmp(&tmp_h323info->guid
should in fact read:
memcmp(tmp_h323info->guid
svn path=/trunk/; revision=18304
if the interval spans the entire 32 bit range.
special case the two common cases when this may happen until a real fix is included.
if the range variable becomes 0 due to 32bit overflow do a g_assert_not_reached to prevent an infinite loop.
this function should be enhanced to work with 64 bit integers.
svn path=/trunk/; revision=18299
- shows profile-specific extension data at the end of SR/RR reports (if
packet length has not yet been reached after parsing normal data) and
advances offset (further packets were not recognised+dissected as this
data wasn't being skipped).
svn path=/trunk/; revision=18245
This version of the patch won't look for the authentication scheme (it
just skips that part for Authentication-Info headers). I tested it
using the enclosed file (pasted from the RFC and fed through
od/text2pcap, then messed around with so I could test the other new
parameters, even if they don't really belong in that header...).
svn path=/trunk/; revision=18244
- h245.asn renamed to MULTIMEDIA-SYSTEM-CONTROL.asn
- rollback changes in .asn sources to keep them in original ITU-T form and put necessary changes into .cnf files
- PER dissectors regenerated
svn path=/trunk/; revision=18238
While in 3GPP spec, the last two (Down/up nextPDCP-PDU seq. no.) would be 2
BYTES. So ethreal could not read the message correctly. We have to modify the
log to make Ethreal analysis it.
Add disection of TargetID.
svn path=/trunk/; revision=18228
doing the reassembly internally in acl instead of calling reassembly.c since the fragmentation is so simple and packets are so small anyway so full reassembly.c support would be overkill.
svn path=/trunk/; revision=18223
this dissector will not yet detect when ppp is passed over the rfcomm link
but the old code to detect and deescapt the ppp data is still in the dissector, though ifdeffed out to serve as inspiration when ppp over rfcomm captures are made available.
the only captures i have with rfcomm are for raw serial communications so they dont contain any ppp frames. :-(
svn path=/trunk/; revision=18221
higher layer protocols need the chandle, cid and direction (from pinfo) in order to identify packets for the same "conversation"
(it is not a conversation per se in bluetooth butn one unidirectional flow that we track)
svn path=/trunk/; revision=18220
acl chandle + direction + l2cap-CID to uniquely identify a single specific
flow of PDU packets.
So we need to pass the chandle upp from acl to l2cap at least.
It would have been nice to handle this using "conversations" but the bluetooth
stack does not eaily map to the idiom host:port<->host:port
instead in bluetooth you have unidirectional flows that are identified by ACL-chandle:L2CAP-CID:direction and additional state held inside l2cap would attach two such flows together into a "conversation".
Bluetooth packets themself only indentify "half" of the two way conversation.
svn path=/trunk/; revision=18218
The UMA-message Handover From UMAN Command includes the complete L3-message (and header) and not only the handover-IE's.
svn path=/trunk/; revision=18215
- Many DCT2000 protocols can be embedded within an IP primitive
message. Add a heuristic to see if we can find the protocol payload
within in IP primitive message, and look for an ethereal dissector
matching the DCT2000 protocol name (this is useful for simple protocol
testing where no physical links are involved)
- Make some more of these protocols (diameter, http, mgcp) findable by name
- Adds protocol 'variant' number to stub and dissector
- Break the duplicated writing of the stub header out into a separate
function
svn path=/trunk/; revision=18212
- step to new ASN.1 API - pass asn_ctx_t* through PER dissectors instead of packet_info*
- PER ALIGNED/UNALIGNED flag moved to asn_ctx_t
- PER created tree item pointer moved to asn_ctx_t
- add nbap into PER dissectors in asn1/Makefile.nmake
- use add_oid_str_name() instead of register_ber_oid_name() in H.225 and H.245
- export asn_ctx_init from library
- PER dissectors regenerated
svn path=/trunk/; revision=18209
buffer argument is a mallocated buffer, so sizeof doesn't return its
size, it returns the size of the pointer to the buffer. Fixes bug 907.
svn path=/trunk/; revision=18186
955 UMA: Handover Command message not decoded.
956 UMA: multirate-configuration not decoded correctly .
957 UMA: Received Signal Level List not decoded.
svn path=/trunk/; revision=18179
if the GetVersionEx() call fails, force the dwPlatformId to VER_PLATFORM_WIN32_WINDOWS so the return value from VirtualProtect() won't trigger an assert.
svn path=/trunk/; revision=18178
- complete dissector for greeting/login packets
- nearly complete dissector for requests, except:
+ parameters for COM_EXECUTE
+ requests from replication slave
- added some features to response dissectors
svn path=/trunk/; revision=18174
- adds application/xpidf+xml as a media type known to be xml
- appends /xml to the protocol column (as SDP does). It would be nice
to append the top-level element, or the name taken from a matching DTD,
but this will do for now (at least its a short name).
- corrects the help text for the preference. I can see that it is
registered as a heuristic for "http", "sip" and "media"
I've also included a slightly updated version of reginfo.dtd (RFC 3680)
for the dtds folder.
svn path=/trunk/; revision=18173
zero-length - oid_to_subid_buf() can be called when we're not in the
middle of a dissection, and throwing a "dissector bug" assertion in that
case is itself a bug.
svn path=/trunk/; revision=18164
Ronnie Sahlberg