not limited to len = 4 (can be a multiple of 4)
Bug: 13521
Change-Id: I668dbff6d8a7b0a4260da31393bb70d2c5431455
Reviewed-on: https://code.wireshark.org/review/20705
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC5575 says Route Distinguisher is inserted between "length" and "NLRI
value" fields when the BGP NLRI type is VPNv4 Flow Spec (AFI=1,
SAFI=134) and this is the same for VPNv6 and L2VPN.
This patch fixes the BGP dissector to decode the missing Route
Distinguisher field in Flow Spec NLRI decoder.
Change-Id: Ib45d96bb399b80be69ca70ea552d2c07b07a9782
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Reviewed-on: https://code.wireshark.org/review/20653
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I87454ea95bc64a39e4e60ba374e9cafb574e744c
Reviewed-on: https://code.wireshark.org/review/20501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7cb6f73efb1e37eba977dc6912041d5969989696
Reviewed-on: https://code.wireshark.org/review/20399
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Shutdown communication is now also allowed on Admin Reset NOTIFICATION messages:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-idr-shutdown-04.txt
Change-Id: I6450d3d5de5aef4bd709ba2b211ca717784b00a7
Reviewed-on: https://code.wireshark.org/review/19886
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do the NLRI length checks in the switch cases for each route type, and
do them for *all* route types, rather than throwing a random check in
for one particular route type.
There is no need to fail up front for unknown route types; at least
dissect the type and length, and fail in the switch statement.
Dissect the route descriptor in each of the switch cases, after the
length check, rather than doing it up front.
Add a comment noting where the prefix route type comes from.
Change-Id: Iae26ecd467d4b36dbcf52e7998bd2881405281aa
Reviewed-on: https://code.wireshark.org/review/19774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When decode_prefix4() gets called with more prefixes the length of
proto_tree_add_subtree_format() should not be the total length.
As the "Withdrawn route" part was the only one where decode_prefix4() has
been called with a tlen not equal 0 we can eliminate the tlen parameter.
Bug: 13146
Change-Id: I708dec2cecbed6054b60190104b82c72d54e8037
Reviewed-on: https://code.wireshark.org/review/18852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Parses large communities as specified in https://tools.ietf.org/html/draft-heitz-idr-large-community-04
Path Attribute - LARGE_COMMUNITY: 65536:1:1 65536:1:2 65536:1:3
Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
1... .... = Optional: Optional
.1.. .... = Transitive: Transitive
..0. .... = Partial: Complete
...0 .... = Length: Regular length
Type Code: LARGE_COMMUNITY (32)
Length: 36
Large communities: 65536:1:1
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 1
Large communities: 65536:1:2
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 2
Large communities: 65536:1:3
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 3
Bug: 13083
Change-Id: I8db0601f621ceb6fb2e170ed9bfc2747091495ee
Reviewed-on: https://code.wireshark.org/review/18172
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12891
Change-Id: I70ed7f8a08122c559128b8df4d65e03be8201e1a
Reviewed-on: https://code.wireshark.org/review/17683
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Palúch <Peter.Paluch@fri.uniza.sk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:12601
Change-Id: I555ee8097ea81e1afa8f2f5b2aba8fce60742016
Reviewed-on: https://code.wireshark.org/review/17107
Reviewed-by: Michael Mann <mmann78@netscape.net>
afi can take only one of the 2 above values, according to the
check at the beginning of the function.
Change-Id: I6652a5c64b4fbc8d2e907afb3b4f66d187ff9745
Reviewed-on: https://code.wireshark.org/review/17011
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Route type 5 do have optional fields that was not properly decoded (MPLS labels)
Bug: 12631
Change-Id: I12d61ef170d4e0f6e6d2c7bf25f149db84c186d7
Reviewed-on: https://code.wireshark.org/review/16576
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Garri Djavadyan
Change-Id: I6dd4bd20d82a3f2cb8aa45f740f72d33e33053da
Ping-Bug:12604
Reviewed-on: https://code.wireshark.org/review/16374
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12568
Change-Id: Ibf063293041d749664f6e6ecd2455024ea3fd4ed
Reviewed-on: https://code.wireshark.org/review/16237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The enhanced checkhf.pl in https://code.wireshark.org/review/#/c/15717/
validates ei items in addition to href items. This patch addresses the
false positive ERRORS reported by the enhanced checkhf.pl for a "cosmetic"
issue (missing space after { in ei array entries).
Change-Id: I87876ce2cfa4b0e11cb22f457bd9ab025d939e5c
Reviewed-on: https://code.wireshark.org/review/15739
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From draft-drao-bgp-l3vpn-virtual-network-overlays
Change-Id: I0a0137b6a8b8fbb4b4efd6f5e08eba5ed6d7a9d6
Reviewed-on: https://code.wireshark.org/review/15477
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
dissection.
- 20 *rightmost* bits of the 'SID/Label' field represent
a MPLS label (Adjacency-SID already fixed).
- Add support for SR-Capabilities (TLV 1034) and SR-Algorithm
(TLV 1035) dissection (draft-gredler-idr-bgp-ls-segment-routing-ext-01).
Change-Id: Ib02137f1c41c4a201afee5d61cf2b6bf88d59991
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/15306
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When additional path index are in use there must be more remaining data bytes.
Therefore we return only 1 when the len is greater 1.
Bug has been reported by Garri.
Bug: 12240
Change-Id: Ia24311dcedc450e4208df875bc254c9744dec5dd
Reviewed-on: https://code.wireshark.org/review/14396
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BGP-LS is just a collector of IGP link state information. Some
fields are encoded "as-is" from the IGP, hence in order to dissect
them properly we must be aware of their origin, e.g. IS-IS or OSPF.
So, *before* dissecting LINK_STATE attributes we must get the
'Protocol-ID' field that is present in the MP_[UN]REACH_NLRI
attribute. The tricky thing is that there is no strict order for path
attributes on the wire, hence we have to keep track of 1) the
'Protocol-ID' from the MP_[UN]REACH_NLRI and 2) the offset/len of
the LINK_STATE attribute. We store them in per-packet proto_data and
once we got both we are ready for the LINK_STATE attribute dissection.
Change-Id: Ibe2b7f5c9039ad63a72f3f9fb8a9c33c0be44ed0
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13970
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
if length is set to 7 then the 20 *rightmost* bits of
the 'SID/Label/Index' field represent a MPLS label.
Change-Id: If196af244549b75a80de11c1d8e11507e9a6ce58
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13848
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
parsing
Change-Id: I55d0b435ae1b12e14a20dd9ea18ba05188b0e378
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13666
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3
Reviewed-on: https://code.wireshark.org/review/13069
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They're not just addresses, they also include a mask length for IPv4 and
a prefix length for IPv6. Rename them appropriately.
Rename the old ipv4_addr_and_mask() and ipv6_addr_and_mask() to reflect
that 1) they fetch data from a tvbuff and 2) *don't* fetch the mask
length or prefix length, those lengths are passed as arguments to
indicate how many bytes worth of address to fetch.
Change-Id: I4cad5a186ad7bfcb60022a91dbe8bc8479e6471f
Reviewed-on: https://code.wireshark.org/review/13035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The offsetof() macro is an ANSI C library feature.
Change-Id: I2ac91b0b4c94c6f6baf14133b076fdc5ed2e182b
Reviewed-on: https://code.wireshark.org/review/12707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-ncp2222.inc: The 'ncp_rec->func == 0x59' condition was already verified in line 7300.
packet-bgp: The 'nlri_len < 21' condition was already verified in line 3879
packet-rtp.c: The 'p_conv_data' condition was already verified in line 1460
Change-Id: I65299718b26454596e3f25665d413a17a99e4ce0
Reviewed-on: https://code.wireshark.org/review/12341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixing ESI Label extended community
Fixing PMSI label field decoding on 20 bits
Fixing inclusive multicast Ethernet tag route
Fixing Ethernet segment route
Bug: 11650
Change-Id: Ifadcc3099f681a5c9480d1ccdd50b29ef4c0069f
Reviewed-on: https://code.wireshark.org/review/12430
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BGP: add the ability to decode Opaque extented community and in particular tunnel type
Change-Id: Ife53a267a2311397123a4e670924c673904bccbd
Ping-Bug: 11650
Reviewed-on: https://code.wireshark.org/review/12076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic368dd8e83cf39e0c934da0ae2744778e2d54ce6
Reviewed-on: https://code.wireshark.org/review/12050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 11650
Change-Id: I1e6418afe1d02da9f30c429c0220932d74344b8d
Reviewed-on: https://code.wireshark.org/review/11775
Reviewed-by: Michael Mann <mmann78@netscape.net>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3e72fddc6ed380780d7e2e1c8df87e580138188d
Reviewed-on: https://code.wireshark.org/review/11271
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_get_ipv6() takes a struct e_in6_addr *, use that here too.
Change-Id: Id8b368daa05c151a61d4bc01dc88c00da13e9c88
Reviewed-on: https://code.wireshark.org/review/10953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
From draft-ietf-idr-bgp-extended-messages
Update BGP Capability Codes to 2015-09-30
Change-Id: I2f3b44ad8ad7a9e5444cdfbfb22bf7d0538ffbfc
Reviewed-on: https://code.wireshark.org/review/10826
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part7
Fix last proto_tree_add_text (use expert info)
Change-Id: I9c4c053e5fc94f57608c7ee8355e6e16f8af6bd1
Reviewed-on: https://code.wireshark.org/review/8697
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 5
Update SAFNUM_LAB_VPNUNIMULC/SAFNUM_LAB_VPNMULCAST/SAFNUM_LAB_VPNUNIMULC
Simplify code but no tested on real pcap
Change-Id: I02fc1bc8d4b406f34918130d1eb24d514c24385c
Reviewed-on: https://code.wireshark.org/review/8695
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 4
Update BGP Type TUNNEL_ENCAPS_ATTR
Change-Id: Ib166cf42e4eee3513f4c2f64e18eb5de2ed4acf2
Reviewed-on: https://code.wireshark.org/review/8694
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Part 2
Update VPLS-BGP and BGP-AD
Change-Id: I6a311bfc69d9666be6f83e38042745162701aaac
Reviewed-on: https://code.wireshark.org/review/8485
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 1
Change-Id: Icbc73690370eba07e77b35d2815346f1d5a44347
Reviewed-on: https://code.wireshark.org/review/8386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 1 of a few
Change-Id: I413f23dfa92da5488ca8a7f62ca0738b25004635
Reviewed-on: https://code.wireshark.org/review/8117
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Support per draft-ietf-grow-bmp-07
Change-Id: Iadb833157e7832077429c048e28e9814da29e2c6
Reviewed-on: https://code.wireshark.org/review/7192
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Wrong offset (14 -> 20) to get IP Address Legnth
Issue Reported by Rui
Bug: 10873
Change-Id: Ib7aa80ac78028a2c8d548f4030278166be9ed0cc
Reviewed-on: https://code.wireshark.org/review/6657
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These cases were pretty easy to identify. Also replaced some comments that referenced ep_alloced memory, when it's now in fact wmem_alloced.
Change-Id: I07d2f390a9c0b34aa2956880476755d1acf5db0a
Reviewed-on: https://code.wireshark.org/review/6392
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I79c613cbdd8dc939dd4c29ebc477fb6eefd5bfc4
Reviewed-on: https://code.wireshark.org/review/6371
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1d258923a7a63539ec8456d3e306bca5016a1e4b
Reviewed-on: https://code.wireshark.org/review/6060
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I40d0c8253743183aecef252040b7dd6742ae5c71
Reviewed-on: https://code.wireshark.org/review/5934
Reviewed-by: Michael Mann <mmann78@netscape.net>
We're adding it with proto_tree_add_ipv4(), so that it's displayed as,
and can be tested as, an IPv4 address. That means that the field for it
must be of type FT_IPv4, *even though it's calculated from an 8-bit
prefix value* - you can't make it an FT_UINT8.
Change-Id: I7d668fb2a707cdda4ad228afcbdcaf47ee6cba1b
Reviewed-on: https://code.wireshark.org/review/5960
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I3b5afb8a59f6443624708b9fecfdcbe93dad59ef
Note: Some of the filters, when/if used, could have caused Wireshark crashes.
Reviewed-on: https://code.wireshark.org/review/5575
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Fix AS Path Heuristic
Issue reported by Jon
Bug: 10742
Change-Id: Ie5e4108bd93464a2d1076dcc4f322171ea8e68cb
Reviewed-on: https://code.wireshark.org/review/5564
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The offset used for BGP community tag dissection is a wrong one.
Bug: 10746
Change-Id: I1d1d443568bb97a0b3b95a312762ac0a3102326a
Reviewed-on: https://code.wireshark.org/review/5562
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Create filters (expert and hf_) that have the "most bang for the buck" (ie have many instances for a single filter)
Change-Id: I61995e41c5b298df77e084e65cdf30ebe95da1e6
Reviewed-on: https://code.wireshark.org/review/4086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add also a expert info when unable determine ASN length (2 or 4 bytes)
Bug: 10399
Change-Id: I24978e29e24f38c2e01e4b953a5a51496f0cf5a6
Reviewed-on: https://code.wireshark.org/review/3831
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
What mystical new compiler upgrade is this?
Change-Id: I89b3bfb53b9a19bbfb1cc8339d38cdc4a4652c62
Reviewed-on: https://code.wireshark.org/review/3347
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
an hf[] entry but defined as a 'value_string' intead of
as a 'val64_string'.
Caused 'tshark -G values' to crash
(and presumably would also cause a crash when the value-string
is referenced in a dissection):
Introduced in svn #54728
(Note: There's still another 'tshark -G values' crash to to found & fixed)
svn path=/trunk/; revision=54983
BGPTYPE_LINK_STATE_ATTR is temporarily set to 99, would need change when IANA allocate a Path Attribute value for BGP-LS
From me :
* Fix indent
* fix arg encoding (via encoding-args tools)
svn path=/trunk/; revision=54728
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
Step 4 : Convert proto_tree_add_text calls to proto_tree_add_item and use new name of RFC4271 ( Withdrawn Routes Length ...)
svn path=/trunk/; revision=51184
Enhance BGP Dissector
Step 3 :Variable consistency and renaming, adding RFC and draft as comments (Preperation for next enhance...)
From me :
Fix some typo/whitespace
Make checkhf happy...
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
svn path=/trunk/; revision=51182
Within BGP Update message for BGP VPLS (RFC 4761) some parts of Extended Community "Layer2 Info" are incorrectly decoded:
1. Encapsulation - Unknown (0x13). Per RFC 4761 encap type 0x13 is "VPLS" (clause 3.2.4);
2. Control Flags - per RFC 4761 (clause 3.2.4) two least-significant bits (6 and 7) are defined as:
"C" (bit 6, Control Word): value 1 - Control Word is required - and value 0 - Control Word is not required; decoding is correct (at least for value 0);
"S" (bit 7, Sequence delivery): value 1 - Sequence delivery is required - and value 0 - Sequence delivery is not required; decoding is incorrect, because for value 0 (sequence delivery is not required) you provide description that "Sequence delivery is required".
Also, there is description (at the same string) "F Flag (reserved) set. IETF document draft-ietf-l2vpn-vpls-multihoming (clause 3.3.1) updates RFC 4761 and defines two additional bits within Control Flags byte - D (bit 0, "Down") and F (bit 2, "Flush"). You provide description that "F Flag (reserved) set" when this flag actually is not set (value 0). Furthermore, you don't provide description about status of flag D (in attached dump in the first packet flag D is set and unset in the second packet).
svn path=/trunk/; revision=50085
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
Enhance Route Refresh Capability : Add draft-ietf-idr-bgp-enhanced-route-refresh-02
Not yet support new NOTIFICATION error code : ROUTE-REFRESH Message Error (Value To Be Defined)
From me :
* Make some Route Refresh fields filterable
svn path=/trunk/; revision=45217
BGP bad decoding for Graceful Restart Capability with only helper support
BGP Capability in OPEN message: Graceful restart capability (64).
So when the length of the capability value is smaller that 6 (6 meaning full
support of GR capa, with significants elements and at least one AFI/SAFI), the
code interprets it as erroneous.
However,as described in RFC4724: " When a sender of this capability does not
include any <AFI, SAFI> in the capability, it means that the sender is not
capable of preserving its forwarding state during BGP restart, but supports
procedures for the Receiving Speaker (as defined in Section 4.2 of this
document). In that case, the value of the Restart Time field advertised by the
sender is irrelevant".
So, length of exactly 2 is valid but has to be interpreted with a particular
meaning.
In the dissector code, a length of 2 should be a special case for this capa,
decoding as "Graceful Restart helper mode only" or something like that, and
maybe also displaying an expert message if the Restart flag is not 0 in this
case, since here it's not expected to be possible.
svn path=/trunk/; revision=45216
Alexis La Goutte