implemented, start replacing emem with wmem in dissectors.
Also remove emem.h include from a few files that didn't actually need it.
More to come once in hopefully large batches once I figure out the
appropriate regexes.
svn path=/trunk/; revision=49009
dissector for ISO 10747 Inter Domain Routing Protocol
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8562
from me:
check for negative return value of tvb_reported_length_remaining()
remove unused hf entries
add modelines
don't initialise variables unless it's necessary
make idrp a new-style dissector
svn path=/trunk/; revision=49002
MPLS needs to similarly shrink its own tvb so its caller can tell that
there were bytes left over (e.g. ethernet trailer).
svn path=/trunk/; revision=48994
* "dissect_nfs4_attribute()" was eliminated because the values dissection
portion of that routine was identical to the "dissect_nfs_attributes()"
routine. The code in "dissect_nfs4_bitmap4()" and
"dissect_nfs4_attrlist4()" was also similar so those routines
were also eliminated and their code incorporated in dissect_nfs_fattr4s().
These measures have reduced the size of 'packet-nfs.c' by almost 400 lines.
* Attributes were relabeled according to RFC 5661 (NFS4v1).
o “mand_attr” (REQUIRED attribute) header was changed to "reqd_attr”.
o “recc_attr” (RECOMMENDED attributes) header was changed to “reco_attr”
because "recommended" only has one ‘c’. =)
* In order to be able to list the attribute names horizontally in the
"Attr mask[x]" header (e.g., "Attr mask[0]: 0x0010111a (TYPE, CHANGE, SIZE,
FSID, ACL, FILEID)", “FATTR4_” was removed from the attribute names
(e.g., “FATTR4_TYPE (1)” is now “TYPE (1)”. Note that RFC 5661 does not
define them with a “FATTR4” prefix.
* In GETATTR responses, the “resok4” and “obj_attributes” subtrees were
eliminated because they are neither actual fields nor serve any practical
purpose.
* The READDIR "Directory Listing" subtree was reformatted. "Filename" was
changed to "Entry" because entries can also be directories.
"Value Follows", "cookie", and "Attr mask[n]" were moved within each entry.
If an Entry header is left-clicked all the fields of that entry are
highlighted in the Hex pane. If it is right-clicked the 'nfs.name'
field (filter) can be obtained. Finally, the "attr_vals:<DATA>" (text)
subtree was eliminated because it appears to serve no useful purpose and
clutters the tree.
svn path=/trunk/; revision=48966
Converted to proto_tree_add_text to proto_tree_add_item/expert_info
Allow columns/tree/(sub)dissectors/expert_info to be called at all of the proper times. COL_INFO data still seems a bit verbose when errors occur, but I left it alone, just cleaning up the sequence of events.
Removed some structure definitions where the variables that used them were effectively "useless" once proto_tree_add_item was added (although they weren't that useful before that)
svn path=/trunk/; revision=48958
[ 6%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-pw-fr.c.o
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-pw-fr.c: In function ‘dissect_pw_fr’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-pw-fr.c:81:4: error: typedef ‘packet_quality_e’ locally defined but not used [-Werror=unused-local-typedefs]
} packet_quality_e;
^
svn path=/trunk/; revision=48948
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-dcerpc-rs_pgo.c.o
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-rs_pgo.c: In function ‘dissect_rs_pgo_query_t’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-rs_pgo.c:631:5: error: typedef ‘rs_pgo_query_t’ locally defined but not used [-Werror=unused-local-typedefs]
} rs_pgo_query_t;
^
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-rs_pgo.c: In function ‘dissect_rs_pgo_query_key_t’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-rs_pgo.c:845:5: error: typedef ‘rs_pgo_query_t’ locally defined but not used [-Werror=unused-local-typedefs]
} rs_pgo_query_t;
^
cc1: all warnings being treated as errors
make[2]: *** [epan/CMakeFiles/epan.dir/dissectors/packet-dcerpc-rs_pgo.c.o] Error 1
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-pw-fr.c.o
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-pw-fr.c: In function ‘dissect_pw_fr’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-pw-fr.c:81:4: error: typedef ‘packet_quality_e’ locally defined but not used [-Werror=unused-local-typedefs]
} packet_quality_e;
^
svn path=/trunk/; revision=48947
See Section 5.7 (Setting the AD Bit on Queries) of RFC 6840 (Clarifications and Implementation Notes for DNS Security (DNSSEC))
The semantics of the Authentic Data (AD) bit in the query were
previously undefined. Section 4.6 of [RFC4035] instructed resolvers
to always clear the AD bit when composing queries.
This document defines setting the AD bit in a query as a signal
indicating that the requester understands and is interested in the
value of the AD bit in the response. This allows a requester to
indicate that it understands the AD bit without also requesting
DNSSEC data via the DO bit.
svn path=/trunk/; revision=48942
haven't reassembled, we're probably moving sequentially through the
packet, which means that we'll run past the end of the fragment rather
than past the end of what would have been the reassembled packet had we
reassembled it.
I.e., there's little reason to care whether we're past the end of the
fragment but not past the end of the packet, or whether we're past the
end of the packet; in either case, we're past the end of the fragment,
and if somebody wants to know whether the packet is malformed by
stopping short of certain fields, they should enable reassembly.
So we get rid of the explicit fragment length in tvbuffs and, instead,
have a "this is a fragment" flag; if that flag is set, we throw
FragmentBoundsError rather than ReportedBoundsError if we run past the
end of the reported data.
(This also means we could flag the tvbuff even if we don't know how
large the reassembled packet will be, e.g. when doing IP reassembly.)
Replace tvb_new_subset_length_fragment() with tvb_new_subset_length()
and a new "set the "this is a fragment flag"" routine.
svn path=/trunk/; revision=48940
Major NFS dissector cleanup. Consistent naming, spacing, line wrapping,
variable initialization, ...
For full details see comment #18 of the bug.
svn path=/trunk/; revision=48934
ENC_BIG_ENDIAN or ENC_LITTLE_ENDIAN.
Treat the AP PS Buffer State subfield of the QoS field the same way we
treat other subfields in the second byte of the QoS field - show it as
the upper 8 bits of the (shown as big-endian) QoS field. Fix a bitmap
while we're at it.
Show the channel map as an FT_NONE - it's a structure with two bytes.
svn path=/trunk/; revision=48924
first fragment of a non-reassembled packet, and we know the length the
packet would have if it were reassembled, this field holds the length of
the fragment, and the "reported length" field shows the length the
packet would have if it were reassembled, so going past the end of the
fragment but staying within the length of the reassembled packet can be
reported as "dissection would have worked if the packet had been
reassembled" rather than "the packet is too short, so it was probably
malformed".
Add a FragmentBoundsError exception, thrown in the "dissection would
have worked if the packet had been reassembled" case.
Add a new tvb_new_subset_length_fragment() routine to create a new
subset tvb with specified fragment and reported lengths. Use it in the
CLNP dissector.
Add some more sanity checks in the CLNP dissector.
svn path=/trunk/; revision=48917
trying to handle reassembly of packets with *differing* handshake length
values a bit better.
Make coding style a little more consistent.
svn path=/trunk/; revision=48916
data stream", only the first FIN segment is reported with the
reassembled packet.
Show the TCP fragment tree *before* processing the payload, so it's
shown even if processing the payload throws an exception.
svn path=/trunk/; revision=48915
data stream", only the first FIN segment is reported with the
reassembled packet.
Show the TCP fragment tree *before* processing the payload, so it's
shown even if processing the payload throws an exception.
svn path=/trunk/; revision=48914
we thrown an exception if the lengths are too long.
For UCS-2/UTF-16 strings, do an extra length check to avoid overflows,
but throw ReportedBoundsError if the check fails, so we report them the
same way we report other too-large length errors.
Just use proto_tree_add_item() to put UCS-2/UTF-16 strings (assumed to
be UTF-16, not UCS-2; is that correct?) into the protocol tree.
svn path=/trunk/; revision=48913
From Uli Heilmeier
The current version of the SMTP dissector expects a 'AUTH LOGIN' mechanism without checking the mechanism.
When some other mechanism (like NTLM or PLAIN) is in use the decoding is wrong. Furthermore it is expected that the username is in a seperate packet. When the username is in the AUTH line the password is shown as smtp.auth.username and the username is not decoded.
svn path=/trunk/; revision=48910
created by taking packet-dvb-eit.c, doing a global search and replace of
"ei" with the new name, and then doing further editing).
svn path=/trunk/; revision=48891
Cleanup included:
1. converting proto_tree_add_text to proto_tree_add_item.
2. Converting state machines to use frame data instead of a large hash structure.
3. Apply consistent whitespace, add modelines
4. Remove global variable used for recursion, replaced with frame data.
5. Update protocol spec links
6. Add some "manual" fragmentation support. The goal was to fix bug 2157, but it appears some TCP SEQ/ACK inconsistencies may be getting in the way.
svn path=/trunk/; revision=48874
what these are). It gets freed slightly before we need to access it in order to
correctly free other glib memory.
Discovered accidentally while valgrinding the capture from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8584
svn path=/trunk/; revision=48870
When the remote client sended a node set, it contains nodes info
The node info it shows like (1 3cad1f360cc51870d3e68d61ed604078bc608ee2 60.173.31.54:43365), but this node's true ip and port is 99.192.73.131:26025. When we expand these items, the ips and ports in detailed information are right.
From me :
It is a problem of encoding (LITTLE ENDIAN => BIG ENDIAN) and wrong offset
Some issue with Peers info
svn path=/trunk/; revision=48850
Add ACE4_INHERITED_ACE flag and NFS4ERR_DELEG_REVOKED error code.
Replace NFS4ERR_NODEV error code by NFS4ERR_DQUOT error code.
See RFC 5661 for details.
svn path=/trunk/; revision=48825
Numerous improvements and fixes for the OpenSafety dissector (too many to
usefully list here; see the bug).
As noted by Pascal, also fix a copy-paste error in the preferences registration.
svn path=/trunk/; revision=48817
