adds support for the OSD-2 CREATE USER TRACKING COLLECTION service action, following the approach described in bug 8832. It also implements dissection of the CDB continuation segment.
Change in scsi_osd_extra_data_t:
- Add a continuation_length field (we need that value from the CDB when later dissecting the Data In buffer)
The following fields were added:
- hf_scsi_osd2_cdb_continuation_length
- hf_scsi_osd2_cdb_continuation_format
- hf_scsi_osd2_continued_service_action
- hf_scsi_osd2_cdb_continuation_descriptor_type
- hf_scsi_osd2_cdb_continuation_descriptor_pad_length
- hf_scsi_osd2_cdb_continuation_descriptor_length
- hf_scsi_osd2_source_collection_object_id
The following expert_info fields were added:
- ei_osd2_cdb_continuation_format_unknown (PI_UNDECODED, PI_ERROR)
- ei_osd2_continued_service_action_mismatch (PI_PROTOCOL, PI_WARN)
- ei_osd2_cdb_continuation_descriptor_type_unknown (PI_UNDECODED, PI_WARN)
- ei_osd2_cdb_continuation_descriptor_length_invalid (PI_PROTOCOL, PI_ERROR)
- ei_osd2_cdb_continuation_length_invalid (PI_PROTOCOL, PI_ERROR)
The following value_string arrays were added:
- scsi_osd2_cdb_continuation_format_val (OSD2r4 Table 69)
- scsi_osd2_cdb_continuation_descriptor_type_val (OSD2r4 Table 71)
The following functions were added:
- dissect_osd2_cdb_continuation_length (dissect the cdb continuation length field in cdb and save continuation_length in extra_data)
- dissect_osd2_cdb_continuation (dissect the cdb continuation segment from the data out buffer; currently, descriptor-specific fields are not dissected)
- dissect_osd2_create_user_tracking_collection
Changes in dissect_osd_collection_object_id
- add an int hfindex parameter
- the return type was made void (previously it returned int, but the return type was unused)
- this function is used for filling collection_id related fields (there are several flavors of them) and may be modified for displaying creation/removal information (à la dissect_osd_partition_id)
- one call to dissect_osd_requested_collection_object_id was replaced by dissect_osd_collection_object_id(...,hf_scsi_osd_requested_collection_object_id)
- two calls to dissect_osd_collection_object_id were updated with the new signature
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8922
svn path=/trunk/; revision=50605
fix partitions being inadvertently set as removed.
In dissect_osd_get_attributes and dissect_osd_set_attributes there were calls to dissect_osd_partition_id with the last parameter (is_removed) set to TRUE instead of FALSE. That caused dissect_osd_partition_id reporting the partitions as "removed".
The only service action where is_removed must be TRUE is dissect_osd_remove_partition.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8927
svn path=/trunk/; revision=50603
Changed FATTR4_DISSECT_VALUES arg to FATTR4_BITMAP_ONLY in calls to
dissect_nfs4_fattrs() in cases NFS4_OP_OPEN and NFS4_OP_CREATE of
dissect_nfs4_response_op().
svn path=/trunk/; revision=50602
frames; that should be a separate dlsw.capex_type field.
dlsw.error_cause is a numeric field, so it needs a base; the values in
the value_string table are in hex, so show it in hex.
svn path=/trunk/; revision=50589
this code as C++.
Make pointers to raw packet data pointers to guint8, not pointers to
char, as they're octets, not characters.
svn path=/trunk/; revision=50583
fixes the build errors we're seeing, with complaints about
tvbtest.obj : warning LNK4217: locally defined symbol tvb_XX imported in function test
tvbtest.obj : error LNK2019: unresolved external symbol __imp_tvb_XXX referenced in function run_tests
tvbuff.obj : error LNK2019: unresolved external symbol tvb_XXX referenced in function tvb_new_YYY
svn path=/trunk/; revision=50573
strduped again immediately when they are registered. To make this safe, tweak
the flow a bit so that they are guaranteed to be registered immediately after
being set here.
svn path=/trunk/; revision=50563
Minor Enhancement to add further to the Fast Message conversation structure to
provide Data Region Address/Name lookup.
From me: use tree for lookups, not slist.
svn path=/trunk/; revision=50555
We either want to calculate only offset (compute_offset()), or
offset and remaining length (compute_offset_and_remaining())
Move old generic code to check_offset_length_no_exception())
svn path=/trunk/; revision=50551
+ if there's overflow in check_offset_length_no_exception() just set exception, don't clamp end_offset (it could be an issue for 4GB tvbs :>)
svn path=/trunk/; revision=50549
- Merge _UINT / _INT into one case
- fix possible generation of wrong expression ("some_integer") for unknown value in BASE_NONE field
svn path=/trunk/; revision=50548
Right now it doesn't really matter, cause tvb subsets always have real_data.
Without fix, and with small modification in ensure_contigous_no_expcetion() to first check for ->tvb_get_ptr() and later real_data
epan doesn't work and it flood console with warnings like:
** (process): WARNING **: Dissector bug, protocol IPv4, in packet 3823: tvbuff.c:976: failed assertion "exception > 0"
svn path=/trunk/; revision=50537
The dissector defines some one-byte fields as UFLOAT. Defining them as UINT
fixes the decoding error for CAT48 version 1.21.
svn path=/trunk/; revision=50532
Apply the fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3290
to proto_tree_add_bits_item(). That is, test that we have offset+length bytes
left in the TVB before trying to fake the item.
svn path=/trunk/; revision=50504
->tvb_init() knows nothing about new tvb and can only do some kind of bzero()
it's much better if we initialize object after tvb_new() [which anyway must be done]
+ try to fix OSX build.
svn path=/trunk/; revision=50490
Before:
user0 - USER 0
user1 - USER 1
user10 - USER 10
user11 - USER 11
user12 - USER 12
user13 - USER 13
user14 - USER 14
user15 - USER 15
user2 - USER 2
user3 - USER 3
user4 - USER 4
user5 - USER 5
user6 - USER 6
user7 - USER 7
user8 - USER 8
user9 - USER 9
After:
user0 - USER 0
user1 - USER 1
user2 - USER 2
user3 - USER 3
user4 - USER 4
user5 - USER 5
user6 - USER 6
user7 - USER 7
user8 - USER 8
user9 - USER 9
user10 - USER 10
user11 - USER 11
user12 - USER 12
user13 - USER 13
user14 - USER 14
user15 - USER 15
svn path=/trunk/; revision=50482
Convert the last DISSECTOR_ASSERTs into potential expert infos, and do the right
offset manipulation and verification to avoid long (or infinite) loops when
those conditions are hit. This includes fixing some long loops I accidentally
introduced in r50432.
svn path=/trunk/; revision=50478
reported by Laurent Butti
a TPDU's length field must never be 0
this length field was decremented without prior checking,
allocating length-1 bytes of memory caused a dissector assert
svn path=/trunk/; revision=50474
The response of the OSD-2 LIST command may contain attributes in multi-object retrieved attributes format. Currently all proto_items for that attributes are put under the SCSI Payload tree, yielding a large list of items:
Partition Id
Object Type
Attribute Page
Attribute Number
Attribute Length
(optional attribute-specific fields)
Attribute Page, ...
Partition Id
Object Type
Attribute Page, ...
...
This patch classifies the OSD-2 LIST attributes (from the Data In buffer) in one tree per object and one sub-tree per attribute
Partition Id (ett_osd_multi_object tree)
Object Type
Attribute (ett_osd_attribute tree)
Attribute Page
Attribute Number
Attribute Length
(optional attribute-specific fields)
Attribute, ...
Partition Id
Object Type
Attribute Page, ...
...
The same approach is applied to attributes in the Get/Set attributes segments.
A function *attribute_page_numbers_t lookup_osd_attribute(page,number) was created, with common code that is called from dissect_osd_attributes_list, dissect_osd_attribute_value and dissect_osd2_attribute_list_entry.
The trees are built in function dissect_osd_attribute_list_entry. That function was modified for avoiding code duplication with case 0x09 of dissect_osd_attributes_list. A missing padding was added in the process.
The function dissect_osd_partition_id now returns proto_item*, so that we can create a subtree rooted at the partition_id (previously it returned an offset, but the return value was unused).
From me:
Fix clang warning duplicate code...
Remove some trailing whitespace
svn path=/trunk/; revision=50462
In parseFields() ensure that we have at least one byte so that callers
don't have to protect against it returning an offset which hasn't incremented.
Remove a couple of now-unnecessary length-remaining (aka "will the offset
move?") checks.
In some other checks, use tvb_ensure_length_remaining() rather than calling
tvb_length_remaining() and (potentially) THROWing an exception. I'm not sure
if these are really necessary now or not...
svn path=/trunk/; revision=50450
column. Conversation spans (setup frame to last frame) are shown with a
square bracket. Linked frames are shown with a circle.
Use correct column justifications in Qt. Move common
justification-related packet list code to ui/packet_list_utils.[ch].
Add a last_frame element to conversation_t.
svn path=/trunk/; revision=50447
Right now we have about 36K of ett items, and tree_is_expanded takes: 144K of memory (36K*sizeof(gboolean))
By making tree_is_expanded bit array, it reduce size to 4.5K (36K/8)
svn path=/trunk/; revision=50434
comes with Xcode 3.2.6 (it's not a real problem, but that requires more
flow analysis than that version of the compiler does, apparently).
svn path=/trunk/; revision=50419
Running `tshark -v` (which has the happy effect of doing
epan_init();
epan_cleanup();
with no practical work in-between), now leaks a hair less than 2KB of memory on
my machine. It was over 500KB earlier today :)
svn path=/trunk/; revision=50416
of leaks, and I suspect they won't be necessary (we can always add them back
using wmem if they do turn out to be needed).
svn path=/trunk/; revision=50409
The big problem appears to be that this dissector doesn't support an ICQ version in use today. Maybe having it look less scary will encourage someone to submit a patch that supports a more recent version.
svn path=/trunk/; revision=50387
packet-mpls-echo.c: In function 'dissect_mpls_echo_tlv':
packet-mpls-echo.c:1136:38: error: 'ddsti' may be used uninitialized in
this function [-Werror=maybe-uninitialized]
packet-mpls-echo.c:1065:17: note: 'ddsti' was declared here
svn path=/trunk/; revision=50386
Add informationa about Certificate Authority Authorization (CAA) data to the DNS dissector. See the RFC [1] for more information. Suggestions and improvements are welcome.
[1] http://tools.ietf.org/html/rfc6844
svn path=/trunk/; revision=50370
just define WS_DLL_PUBLIC_NOEXTERN inside the ifdefs, and define
WS_DLL_PUBLIC as WS_DLL_PUBLIC_NOEXTERN followed by "extern".
Then rename WS_DLL_PUBLIC_NOEXTERN to WS_DLL_PUBLIC_DEF, to clarify that
it's what should be used for definitions; at least on Windows, you
*have* to use it when declaring arrays without a size, and, whilst you
might be able to use WS_DLL_PUBLIC for definitions of functions and
perhaps data definitions other than no-size arrays, it might be clearer
to rename WS_DLL_PUBLIC to WS_DLL_PUBLIC_DECL and use it only for
declarations.
svn path=/trunk/; revision=50334
Also added an enumeration for checksum validation status, as verifying checksums is considered "expert" functionality.
svn path=/trunk/; revision=50322
Now proto_data_add_maybe_interesting_field:
- it actually add field_info to interesting hash_tree
- accept only required parameters
- is called only by proto_tree_add_node
svn path=/trunk/; revision=50321
Right now for proto_tree_add format & _format_value TRY_TO_FAKE_THIS_ITEM() is called twice
one from 'format' function, second time from 'no format' function.
This reduces size of .text by 10K:
text data bss dec hex filename
76012 112 56 76180 12994 proto-after.o
86324 112 56 86492 151dc proto-before.o
svn path=/trunk/; revision=50318
The final maintenance patch, after excessive testing of the dissection engine.
The last two bugs were:
- FindSafetyFrame did not recognize the correct CRC, which in itself did not
lead to wrongly detected packages, but was inconsistent with the rest.
- CRC == 0 - because 0 is a valid result for the CRC value.
svn path=/trunk/; revision=50312
Remove NULL tree check at start of dissection to ensure expert info is populated.
Overall I think the logic could be a little cleaner (length checking and its tie to expert info seems excessive), but I'm not familiar enough to be comfortable making the changes.
This dissector appears to be vulnerable to DOS attacks through its unsigned 16-bit length fields (just from static inspection). Having the length be a signed 32-bit value even if the length in the protocol field is an unsigned 16-bit value could simplify some of the logic.
svn path=/trunk/; revision=50310
"tcp.analysis.duplicate_ack" has both an hf_ and ei_ "item" so that the duplicate ack # and frame # can be assembled properly in the tree. Since hf_tcp_analysis_duplicate_ack is of type FT_NONE, the duplicative display filter name is okay.
svn path=/trunk/; revision=50302
(That is: Don't create the array on the stack each time
the function is called).
Reduces code memory usage and execution time.
(See SVN #50271)
svn path=/trunk/; revision=50300
In my last patch (bug #8847), I overlooked a place where I had to check for
the old CRC as well, which led to packages that were not detected anymore.
This 4 lines fix it. As usual, the patch was tested and works.
svn path=/trunk/; revision=50294
Alexis La Goutte