The response of the OSD-2 LIST command may contain attributes in multi-object retrieved attributes format. Currently all proto_items for that attributes are put under the SCSI Payload tree, yielding a large list of items:
Partition Id
Object Type
Attribute Page
Attribute Number
Attribute Length
(optional attribute-specific fields)
Attribute Page, ...
Partition Id
Object Type
Attribute Page, ...
...
This patch classifies the OSD-2 LIST attributes (from the Data In buffer) in one tree per object and one sub-tree per attribute
Partition Id (ett_osd_multi_object tree)
Object Type
Attribute (ett_osd_attribute tree)
Attribute Page
Attribute Number
Attribute Length
(optional attribute-specific fields)
Attribute, ...
Partition Id
Object Type
Attribute Page, ...
...
The same approach is applied to attributes in the Get/Set attributes segments.
A function *attribute_page_numbers_t lookup_osd_attribute(page,number) was created, with common code that is called from dissect_osd_attributes_list, dissect_osd_attribute_value and dissect_osd2_attribute_list_entry.
The trees are built in function dissect_osd_attribute_list_entry. That function was modified for avoiding code duplication with case 0x09 of dissect_osd_attributes_list. A missing padding was added in the process.
The function dissect_osd_partition_id now returns proto_item*, so that we can create a subtree rooted at the partition_id (previously it returned an offset, but the return value was unused).
From me:
Fix clang warning duplicate code...
Remove some trailing whitespace
svn path=/trunk/; revision=50462
In parseFields() ensure that we have at least one byte so that callers
don't have to protect against it returning an offset which hasn't incremented.
Remove a couple of now-unnecessary length-remaining (aka "will the offset
move?") checks.
In some other checks, use tvb_ensure_length_remaining() rather than calling
tvb_length_remaining() and (potentially) THROWing an exception. I'm not sure
if these are really necessary now or not...
svn path=/trunk/; revision=50450
comes with Xcode 3.2.6 (it's not a real problem, but that requires more
flow analysis than that version of the compiler does, apparently).
svn path=/trunk/; revision=50419
Running `tshark -v` (which has the happy effect of doing
epan_init();
epan_cleanup();
with no practical work in-between), now leaks a hair less than 2KB of memory on
my machine. It was over 500KB earlier today :)
svn path=/trunk/; revision=50416
The big problem appears to be that this dissector doesn't support an ICQ version in use today. Maybe having it look less scary will encourage someone to submit a patch that supports a more recent version.
svn path=/trunk/; revision=50387
packet-mpls-echo.c: In function 'dissect_mpls_echo_tlv':
packet-mpls-echo.c:1136:38: error: 'ddsti' may be used uninitialized in
this function [-Werror=maybe-uninitialized]
packet-mpls-echo.c:1065:17: note: 'ddsti' was declared here
svn path=/trunk/; revision=50386
Add informationa about Certificate Authority Authorization (CAA) data to the DNS dissector. See the RFC [1] for more information. Suggestions and improvements are welcome.
[1] http://tools.ietf.org/html/rfc6844
svn path=/trunk/; revision=50370
The final maintenance patch, after excessive testing of the dissection engine.
The last two bugs were:
- FindSafetyFrame did not recognize the correct CRC, which in itself did not
lead to wrongly detected packages, but was inconsistent with the rest.
- CRC == 0 - because 0 is a valid result for the CRC value.
svn path=/trunk/; revision=50312
Remove NULL tree check at start of dissection to ensure expert info is populated.
Overall I think the logic could be a little cleaner (length checking and its tie to expert info seems excessive), but I'm not familiar enough to be comfortable making the changes.
This dissector appears to be vulnerable to DOS attacks through its unsigned 16-bit length fields (just from static inspection). Having the length be a signed 32-bit value even if the length in the protocol field is an unsigned 16-bit value could simplify some of the logic.
svn path=/trunk/; revision=50310
"tcp.analysis.duplicate_ack" has both an hf_ and ei_ "item" so that the duplicate ack # and frame # can be assembled properly in the tree. Since hf_tcp_analysis_duplicate_ack is of type FT_NONE, the duplicative display filter name is okay.
svn path=/trunk/; revision=50302
(That is: Don't create the array on the stack each time
the function is called).
Reduces code memory usage and execution time.
(See SVN #50271)
svn path=/trunk/; revision=50300
In my last patch (bug #8847), I overlooked a place where I had to check for
the old CRC as well, which led to packages that were not detected anymore.
This 4 lines fix it. As usual, the patch was tested and works.
svn path=/trunk/; revision=50294
as a voip_call_state value; don't have it sometimes a voip_call_state
and sometimes a frame subtype.
This should squelch some complaints from newer versions of Clang about
unnecessary array-bounds checks - the array-bounds checks are done on
frame subtypes, where they *are* necessary (nothing prevents an
untrustworthy IAX2 implementation or an untrustworthy capture file
writer from putting an arbitrary value in the packets), not on
voip_call_state values (where it was only necessary because the value
wasn't, in that case, a voip_call_state value, it was a frame subtype
cast to a voip_call_state).
svn path=/trunk/; revision=50277
Fix Coverity CID 1040371 (Negative loop bound) by not assignin the return value of tvb_length_remaining() to an unsigned integer and then using that value for loop termination. Instead, assign the return value to a signed integer and only if tvb_length_remaining() returns a value greater than zero do we even begin to loop.
In addition, use tvb_length_remaining() instead of tvb_length() to determine if more data exists, and then if it does, when displaying the payload bytes following the cmd_id, only pass the number of remaining bytes following the cmd_id rather than the entire length, which would include the 1 byte for the cmd_id itself.
Other minor changes.
svn path=/trunk/; revision=50274
TLS decryption fails when trying to decrypt XMPP sessions using start_tls as
the port in the key list of the SSL preferences.
Looking at the code, the XMPP dissector has 2 issues:
1) The crude XML element detection for XMPP segmentation is run before
checking if the SSL dissector should be called. As a result, the SSL dissector
is not called at the appropriate times.
2) The SSL dissector is called withoug resetting the desegment flags are not
manipulated as the SMTP dissector does so segmented SSL packets are not properly
reconstructed. Generally this causes the server hello not to be detected.
A proposed patch to fix these issues is attached.
svn path=/trunk/; revision=50272
1. More items "filterable" through proto_tree_add_item and expert_add_info_format_text
2. Update protocol spec reference
3. Remove some length checks to allow for malformed packets within dissect_vlan_info since the entire "vlan info structure" is necessary.
svn path=/trunk/; revision=50262
From Yuri Schaeffer
It addresses the following issues:
- Payload was included for all CAPPACKET messages. Even when not flagged by bitmap (bug).
- Frame Checksum (FCS) was not read from bitmap all following data is off by 4. (bug)
- Headers indicated in bitmap could use own subtree
- Payload is malformed because it is assumed the span 'the rest of the packet'. In reality more commands can follow. (bug)
svn path=/trunk/; revision=50228
The attached patch fixes the integer type of the WCCP identity mask value.
This is a bitmask which should be printed as hex, it doesn't make sense to
print it as an IPv4 address. See
http://tools.ietf.org/id/draft-wilson-wrec-wccp-v2-01.txt section 5.7.7 and
the attached capture file as an example.
The current draft http://tools.ietf.org/html/draft-mclaggan-wccp-v2rev1-00#section-6.15
doesn't mention "mask" in the names of the field any more, but the description
still describes them as mask values.
svn path=/trunk/; revision=50211
The I and R flags in Map-Notify LISP control packets are shown at an incorrect
position. The attached patch fixes the bug.
svn path=/trunk/; revision=50210
Added a "subtree context" structure to asn1_ctx_t. This should allow other ASN.1 dissector global variables to be replaced when only used for transferring data between fields in a subtree.
svn path=/trunk/; revision=50208
Recent versions of GlusterFS have extended the RPC protocol with new
procedures. The RPC-program-version has not been updated (yet?).
The attached adds support dissecting the FREMOVEXATTR, FALLOCATE and
DISCARD procedures.
svn path=/trunk/; revision=50207
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8718
More zigbee dissection, adding the following clusters:
- appliance identification
- meter identification
- appliance statistics
- appliance events and alert
svn path=/trunk/; revision=50202
According to ETSI TS 102 771 (GSE implementation guidelines), "mandatory extension headers" - when GSE's protocol type field is (strictly) less than 256 (0x100) - are of 'pre-defined length (and format) that must be known by all GSE receivers'.
svn path=/trunk/; revision=50180
From Jiří Engelthaler
1) Wrong bits definitions for SIQ.BL, SIQ.SB, SIQ.NT, SIQ.IV, QDS.BL, QDS.SB, QDS.NT, QDS.IV
2) Invalid field abbrev for VTI Transient
3) Wrong bit size for SCO.QU, DCO.QU, RCO.QU
4) Changes from BASE_DEC to BASE_HEX
5) Several code style changes
svn path=/trunk/; revision=50145
Added support for VHT TPE IE and also tested it
Also fixed a small typo from "IEEE Stc" to "IEEE Std" for all 802.11ac references.
From me:
* Remove some trailing whitespace
* Fix bitmask PWR Info Unit
* Modify expert_info to display error in PWR Info Count
* Fix (possibility) loop
* Fix value_string (not need to have Reserved...)
svn path=/trunk/; revision=50123
We should deprecate the use of hidden fields, at least for fields that arei
useful in filters. To make it easier for users to discover and use the fields.
Change the highly useful field for TCP segment payload length from
being a hidden field to be a generated field instead.
svn path=/trunk/; revision=50112
request for implicit conversion from 'gpointer' to 'char *' not permitted
in C++ [-Werror=c++-compat]
and
enum conversion when passing argument 3 of 'krb5_crypto_init' is invalid
in C++ [-Werror=c++-compat]
svn path=/trunk/; revision=50108
Within BGP Update message for BGP VPLS (RFC 4761) some parts of Extended Community "Layer2 Info" are incorrectly decoded:
1. Encapsulation - Unknown (0x13). Per RFC 4761 encap type 0x13 is "VPLS" (clause 3.2.4);
2. Control Flags - per RFC 4761 (clause 3.2.4) two least-significant bits (6 and 7) are defined as:
"C" (bit 6, Control Word): value 1 - Control Word is required - and value 0 - Control Word is not required; decoding is correct (at least for value 0);
"S" (bit 7, Sequence delivery): value 1 - Sequence delivery is required - and value 0 - Sequence delivery is not required; decoding is incorrect, because for value 0 (sequence delivery is not required) you provide description that "Sequence delivery is required".
Also, there is description (at the same string) "F Flag (reserved) set. IETF document draft-ietf-l2vpn-vpls-multihoming (clause 3.3.1) updates RFC 4761 and defines two additional bits within Control Flags byte - D (bit 0, "Down") and F (bit 2, "Flush"). You provide description that "F Flag (reserved) set" when this flag actually is not set (value 0). Furthermore, you don't provide description about status of flag D (in attached dump in the first packet flag D is set and unset in the second packet).
svn path=/trunk/; revision=50085
The global variable 'address_item' was not always being set to NULL
before the dissection of a new frame. Do more to set it in the general
case, and in the particular case of an MTSBindResult_PDU, which was
triggering an error in the supplied capture.
There may be other entry points where this still safely isn't being
set.
svn path=/trunk/; revision=50083
basically whatever we want with it, and this cleans up a couple of licensecheck
errors).
Fix FSF address in one dissector.
svn path=/trunk/; revision=50080
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8718
Move zbee-on-off to zbee-general in preparation to avoid an enormous number of
small files when adding dissection for more zbee cluster types.
svn path=/trunk/; revision=50078
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8824
Convert bluetooth emem trees to wmem trees.
Add modelines and fix indentation.
Correct typo in wmem_tree.h that still referred to emem.
svn path=/trunk/; revision=50076
These dissectors allocate ephemeral or seasonal memory in UAT callbacks, which
really makes no sense because UAT callbacks can occur when there is no packet or
file in scope, making this effectively a leak if the user is fiddling with their
UAT and never opens a capture.
Emem let you get away with this, wmem forces an assertion. Back out the changes
so that the UATs are usable until the code can be properly fixed to not use
out-of-scope allocators.
svn path=/trunk/; revision=50073
found a bunch more asn1 dissectors using emem without ever directly including
the header. Convert those to wmem as well, which involves add a number of
#include directives since dissectors do *not* automatically pull in the wmem
headers.
svn path=/trunk/; revision=50066
the same captured and reported lengths so that we don't end up throwing
BoundsErrors ("Packet size limited during capture") when the packet is simply
malformed.
This fixes one of the issues reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8816
svn path=/trunk/; revision=50055