In ntp_fmt_ts() in packet-ntp.c time stamps are displayed to 4 digits (0.1
msec). More digits may be significant (e.g., if GPS local clocks are used).
Change time stamp format in g_snprintf() from
%07.4f
to
%09.6f
svn path=/trunk/; revision=29961
epan\dissectors\packet-edonkey.c
In the fuction dissect_emule_sourceOBFU(): the line
ti = proto_tree_add_item(tree, hf_emule_sourceOBFU, tvb, offset, 7 + ((settings & 0x08) ? 16 : 0), FALSE);
should be
ti = proto_tree_add_item(tree, hf_emule_sourceOBFU, tvb, offset, 7 + ((settings & 0x80) ? 16 : 0), FALSE);
and, the line:
if (settings & 0x08)
should be:
if (settings & 0x80)
That is, 0x08 should be revised to 0x80.
reference: the eMule0.49c source code, file PartFile.cpp, line 2730, in the
function CPartFile::AddSources().
svn path=/trunk/; revision=29957
SDNVs are theoretically unlimited in size. The value of most SDNVs in the
Bundle Protocol is practically limited to far less than a 32 bit number. The
initial dissector included only 1 SDNV evaluation routine which returned a 32
bit number. SDNV fields that evaluated to greater than a 32 bit number were
considered in error. One BP implementation chose to add some syntax to one of
the SDNV fields that extends it to more than 32 bits. The patch included here
adds an evaluation routine that will return a 64 bit number. That routine is
called to evaluate the field where it makes sense to have a value in excess of
32 bits.
svn path=/trunk/; revision=29954
Improved AIM protocol dissector:
* Decodes more values acording to official Oscar spec
* Renamed clientautoresp to client_err (as written in spec)
* Fix decoding orror on rendezvous channel
* Other small improvements
svn path=/trunk/; revision=29953
Version 4.8.0 of collectd introduced two new data source types: DERIVE and ABSOLUTE.
With this patch support for the new data source types is added so they are displayed correctly.
svn path=/trunk/; revision=29947
for the MS Power Level and FPC in the L1 Information and MS Power IEs.
This should fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4017
(though I don't have a sample capture to verify the fix and that I didn't
break anything.)
svn path=/trunk/; revision=29944
This patch adds statistics information to the collectd dissector.
Changes by me:
- use ep_alloc for structures being handed to the tap(s) (instead of se_alloc)
- Capitalize the Statistics menu item to get it in the sorted list
svn path=/trunk/; revision=29915
Version 4.7 of collectd introduces cryptographic features for the network
protocol. The current version of the collectd dissector does not know how to
handle these segments and flags them as unknown.
The following two patches add simple support for the TYPE_SIGN_SHA256 and
TYPE_ENCR_AES256 segments. They display the plain text components of
these segments but do not try to verify the signatures or decrypt the encrypted
payload.
Changes by me:
- replace tvb_length_remaining() with tvb_reported_length_remaining()
- replace proto_tree_add_protocol_format() with tvb_tree_add_text()
svn path=/trunk/; revision=29913
Remove a call to checkcol();
Use tfs_set_notset instead of a local true_false_string defintion;
Use consistent indentation;
Adjust some spacing.
svn path=/trunk/; revision=29896
Remove a bunch calls to of check_cols();
Use tfs_set_notset from tfs.c instead of a locally defined tfs struct;
Use consistent indentation;
Adjust spacing on some lines and reformat a few long lines.
svn path=/trunk/; revision=29895
This patch adds support to Wireshark for dissecting UDP packets used by
collectd's network plugin in order to transmit data from ones host to another
host (e.g. centralized storage of statistics while data is collectd on
individual systems)
The current dissector understands the part types supported by collectd-4.5
series and gracefully processes future part types (flagging them as unknown).
In regard to protocol errors or bad packets checks are based on the various
length fields used, parts are marked with warning when length is unexpected;
marked with error when length breaks minimal rules.
svn path=/trunk/; revision=29887
but (since the patch no longer applied cleanly) essentially manually
re-implemented by me:
Rename "stun" to "classic stun" and "stun2" to "stun", to follow the usage
defined in draft-ietf-behave-rfc3489bis-18 section 2.
svn path=/trunk/; revision=29884
Add a target ("x11-dissector") to build the X11 dissector.
Put the X11-related files (back) in the source distribution.
svn path=/trunk/; revision=29871
Put the git version of mesa and xcbproto in the generated header files.
From me: Don't use 'which' to find git--it wouldn't work on Windows.
svn path=/trunk/; revision=29865
This patch adds extension support to the X11 dissector.
I've removed the perl script from the make file, since the new one depends on
perl 5.10, xcbproto (at least git as of today), and mesa (at least the
mesa/src/mesa/glapi directory). It seemed easier to just add the generated
header files to svn directly.
svn path=/trunk/; revision=29854
Implementation of the IEEE 802.15.4 dissector ignores the Auxiliary Security
Header of the MHR (see IEEE 802.15.4-2006 specs p.138).
The attached patch, add two things :
1) Support for dissecting the Auxiliary Security Header
2) Add a preference option to force the dissection of
the FCS field as being in the TI CC24xx format
svn path=/trunk/; revision=29849
The attached patch improves NHRP dissection and encompasses the following
changes:
1) Now displays Request ID and CIE Reply code or Error code in Info column.
2) Added support for RFC 2520 and RFC 2735 extensions and error codes.
References:
-> http://www.ietf.org/rfc/rfc2520.txt?number=2520
-> http://www.ietf.org/rfc/rfc2735.txt?number=2735
Note: Cisco's NAT Address Extension conflicts with RFC 2735's published
Device Capabilities Extension. Both are assigned type 9. As such, I have had
to add some heuristics to differentiate between them. It should be reliable
though since the former carries a CIE with length > 8 bytes, and the latter a
fixed-length payload of 8 bytes.
3) A few fields previously not filterable now are: hf_nhrp_hdr_op_type,
hf_nhrp_hdr_version and hf_nhrp_error_code.
4) Added support for authentication and vendor-private extension header decode.
NOTE: The authentication extension has been added according to RFC 2332. In
practice, it seems that at least with certain Cisco equipment (I tested with
cisco 2851 IOS version 12.4(15)T), they use their own non-standard
authentication extension format. Because of this, Cisco's version of the
extension will likely either be displayed a little differently than one may
expect or be indicated as being mal-formed ... because in reality, it is.
5) Utilizes expert info in a couple more places to indicate mal-formed packets.
Cisco's Error Indication packet, for example, violates RFC 2332 Section 5.2.7
by including extensions in the Error Indication packet as well as by including
erroneous data following the End Extension. Both cases are reported via expert
info now. Previously, at least with the case of the erroneous data following
the End Extension, the packet would almost certainly have been marked
mal-formed anyway. I now just prevent Wireshark from even attempting to decode
the non-sensical mess.
svn path=/trunk/; revision=29833
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
* Disable the TRY_TO_FAKE_THIS_ITEM optimization
* Use GString to store the protocols
We should only do this if the 'hf_frame_protocols' is referenced (unlikely)
svn path=/trunk/; revision=29733
- if (check_col ...) no longer required;
- Use match_strval when verifying the fcn code;
- Add a missing #ifdef;
- Make a global variable static;
- Fix indentation to be consistent in a few places.
svn path=/trunk/; revision=29701
- Remove no longer needed usage of check_col();
- Add some defensive coding;
- Change a few guints to gints;
- Add parentheses to a few expressions;
- Use consistent indentation.
svn path=/trunk/; revision=29655
Suggest a possible less-weak heuristic.
Note that we're not checking the T bit and handling RTP header
compression.
At least as I read TS 29.414, the length indicator isn't supposed to be
zero; however, a length indicator of 0 doesn't keep us from dissecting
further, so just don't bother dissecting the payload. We should,
perhaps, add an expert info for this.
We should perhaps also catch exceptions thrown when dissecting the RTP
packet, so a malformed RTP packet will still let us continue dissecting
the rest of the Nb packet.
svn path=/trunk/; revision=29607
Anders Broman