retransmitted, add items to its tree describing those retransmissions (frame
where the retransmission is and RTO). Limit this to 100 retransmissions to
avoid running out of memory in pathological cases.
This adds the filters "sctp.retransmitted" (TSNs that were retransmitted)
and "sctp.retransmitted_count" (count of number of times the TSN was
retransmitted).
The RTO is intentionally not added to the retransmitted TSN tree as it is
already added to the retransmission(s). The RTO is displayed, however.
svn path=/trunk/; revision=21081
add sccp_info to struct _packet_info (Sorry but the way private_data works and the fact that TCAP uses it and BSSAP/RANAP can be tunnelled on GSMMAP over TCAP makes it impossible to avoid)
SCCP
- Have SCCP to have a TAP,
- Fix associations so that every message belongs to the association.
- Export message type values so that they can be used by a tap listener
RANAP
- Have RANAP information attached to the sccp_info
BSSAP + GSM_A
- Have DTAP, BSSMAP and BSSAP info attached to the sccp_info
svn path=/trunk/; revision=21076
- Change "sctp.retransmitted" to "sctp.retransmission" since that field
is set on messages that are retransmissions, not messages that were
retransmitted.
- Change some formatting to make it more consistent.
svn path=/trunk/; revision=21065
The capture file the user supplied had a HTTP chunked response
in it with no actual chunks other than the zero length chunk
indicating the end of the chunks. The fix is to only create
a new_tvb and copy it over the tvb going into the
chunked_encoding_dissector() function if the chunk size is > 0.
svn path=/trunk/; revision=21034
- Split the HTTP tap into two taps: one for the HTTP statistics
and the other for the export object function. This allows the
HTTP statistics to work again (they seem to have been
partially broken since SVN rev 18901).
- Pass the conversation data (conv_data) between functions now
instead of using the global variable stat_info (now only used
for the HTTP stats)
- Pass only pointers from the HTTP dissector to the Export Object
tap, where we'll then copy the values and insert into the slist.
- Make sure we free all memory allocated by this feature when
we're done with it.
- Various other minor improvements
svn path=/trunk/; revision=21021
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
by enforcing that header fields have names of length > 0. This should fix
the display of those fields and also make them filterable (which was the
subject of the bug). Abbreviations are (still) optional: if they are empty
then the field is not filterable.
Update README.developer with this information.
Add header field names in several dissectors where they were missing.
In packet-arp.c give "packet-storm-detected" a name (as above) but also set it
as _GENERATED.
Also remove trailing white space from all the files checked in.
svn path=/trunk/; revision=21018
- don't show EPL src- and dst-address of SoC frame (same as SoA)
- show SoA requested service only if it's not "NO_SERVICE"
- NMT state in StatusResponse in words, not numbers
- don't show MC and PS flags in SoC (it's now configurable via "Preferences")
Furthermore I extended the value_string struct for the NMT-Command-IDs
(asnd_cid_vals). This change is used to fully decode the NMTRequest frames.
svn path=/trunk/; revision=21017
On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21015
On windows if ENDTRY is not evaluated after a exception is being thrown wireshark will crash in dissect_packet() while attempting to pop the last frame of the exception stack.
svn path=/trunk/; revision=21014
epan/dissectors/
packet-bctp.c:
no newline at end of file
packet-epl.c:
C++ style comments are not allowed in ISO C90
packet-sccp.c:
missing initializer
packet-sccp.h:
comma at end of enumerator list
packet-sctp.c:
suggest parentheses around assignment used as truth value
packet-vnc.c:
control reaches end of non-void function
pointer targets in passing argument 1 of 'g_strtod' differ in
signedness
pointer targets in passing argument 3 of 'vnc_client_to_server'
differ in signedness
gtk/
main.c:
C++ style comments are not allowed in ISO C90
u3.h:
function declaration isn't a prototype
Other (trivial) stuff
packet-sccp.h:
Add svn properties
svn path=/trunk/; revision=21011
I've refactored the offending code branch and added some comments so
hopefully the intent is a bit clearer. The loop termination conditions
are now obviously independent of the content on the wire (they were
meant to be before, but I admit it was obscure). I've tried using the
ephemeral memory routines.
Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception. Add Julian to AUTHORS. Update the
release notes.
svn path=/trunk/; revision=21007
- for Q.1950 I used the value_string for GB events as the value_string for the parameters of BNC change.
> In observed event descriptor, it is called “eventName”, but in event descriptor,
> it is called “pkgdName”. It should be “eventName” in both cases.
svn path=/trunk/; revision=20986
When dumping elements in a constructor in dissect_unknown_ber the last element is not put in the correct subtree, because the while- loop does not include the header length when checking for the end.
svn path=/trunk/; revision=20984
- Note in the user's guide that export object is not available
in GTK1 builds of Wireshark.
- Make scanning through the slists more efficient
- Use new tap.c function called have_tap_listener() to only save
object payload data when the export object listener is actively
listening for it.
- Save objects in the HTTP dissector with g_malloc() instead of
se_malloc() and free it when we're done with it - when the
export object window is closed (Fixes bug #1412)
- Various minor improvements
svn path=/trunk/; revision=20980
This patch adds support for key-mgmt session attributes in SDP (defined in RFC 4567). The patch also contains a Multimedia Internet KEYing (MIKEY is defined in RFC 3830) dissector plugin for "mikey" key-mgmt data.
svn path=/trunk/; revision=20977
+ Add the fields sctp.sack_gap_block_start_tsn and sctp.sack_gap_block_end_tsn so that one can filter over a tsn ack acked by a gap block.
svn path=/trunk/; revision=20976
Admittedly not much, so if you have any ideas what the rest means or where
I'm wrong please provide feedback.
As tapa uses udp 5000 and ip protocol 4, I needed to add a hack for the
ip part to properly dispatch betweeen ipip and tapa-tunnel (actually I
was unable to turn the ipip dissector into a heuristic dissector :-)
svn path=/trunk/; revision=20971
- Add to User's Guide
- Add a help button
- Move a lot of code into the shared export_object.c file and out of
dissector specific file export_object_http.c. This will make adding
additional protocols much easier.
- Change comment in packet-http.c to reflect new name (Export Object)
- Various other minor improvements
svn path=/trunk/; revision=20961
Up and running.
As it is analysis will stop at TSN rollover (0xffffffff->0x00000000).
And It will start to misbehave when a TSN is seen again in the same half association (that's a case where an out-of-memory error will probably had happened before).
It still needs testing.
svn path=/trunk/; revision=20947
I attached a patch to this dissector, which includes some corrections, updates and SDO by UDP support. I will upload a sample capture of SDO by UDP to the wiki. The patch is fuzzy tested against the current SVN rev under Linux and it builds also under MSVC2005.
svn path=/trunk/; revision=20937
so invalid type arguments are programming errors; check for them with
DISSECTOR_ASSERT().
Fix a call to use the right value from the packet.
The dissector is a new-style dissector, so register it as such.
svn path=/trunk/; revision=20930
It's disabled. To enable uncomment the preference, recompile and enable it from preferences.
I checking it in because I need it as a reference.
svn path=/trunk/; revision=20929
which applies (for now only) to integer types.
when this flag is specified as PARAM_VALUE the fields name and its value will be pushed onto the info column of the summary line
svn path=/trunk/; revision=20922
these new helpers take a parameter that can be used to decorate the tree and summary line (when this parameter is acted upon/implemented in the code inside the helpers)
WINREG was regenerated using a patched version of PIDL. Mainline version of PIDL does not yet have this patch applied.
svn path=/trunk/; revision=20918
The current RTP/MPEG2 Transport Stream dissector has a bug. When both
Adaptation Field and Payload are present in a packet (AFC==3) the
payload is ignored and Wireshark marks the packet as malformed.
This patch to epan/dissectors/packet-mp2t.c fixes the problem.
svn path=/trunk/; revision=20910
Please find attached a patch to the RSVP dissector that fixes a small inaccuracy when printing the SENDER TSPEC object.
Substantially, it changes the string
"C-type: 1 - Integrated Services" into the correct one
"C-type: 2 - Integrated Services"
svn path=/trunk/; revision=20900
When dissecting RTP packets with a H.263 payload, the "Mark" flag runs into the Mode A/B flag in the info column.
From me abriviate Payload type to PT.
svn path=/trunk/; revision=20899
Along with this bug, identified by Mark, there is another problem, in that one of the chunks of my earlier patch seemed to get missed off when Anders committed it. This won't break anything yet, as the H.223-over-RTP dissection hasn't landed on trunk yet, but it will cause all sorts of nasties when it does.
Here is a new patch, against current trunk, which should fix Mark's bug, my bug, and a comment typo.
And a patch wich improves the general robustness of the h.223 dissector (making it less likely to crash on malformed data).
Hopefully this also fixes a bug raised by Fabio Sguanci a few weeks ago.
Fabio: I think a better way to fix the problem is to stop the dissector crashing when it finds a malformed PDU, so that it just treats the first pdu as malformed; there is then no need to special-case it.
svn path=/trunk/; revision=20898
use this field in the policy handle helper to indicate not only which frames the handle was opened/close in but also the name of the function that opened it.
eventually, when other pidl support infrastructure is developed it would be nice if this could be expanded to also contain the name of the object/handle opened.
svn path=/trunk/; revision=20895
This patch makes the defragmentation code in the iax2 dissector handle
pinfo->desegment_len=DESEGMENT_ONE_MORE_SEGMENT, in line with
Ronnie's changes to the tcp dissector of 11 November.
svn path=/trunk/; revision=20892
Here's a patch which adds an option enabling subdissectors to request defragmentation of packets over RTP streams, using the
pinfo->desegment_{len,offset} API.
svn path=/trunk/; revision=20891
bring the server message type dissection nearly to completion. As for RealVNC
protocol dissection, the only things not working at 100% is the TCP
reassembly and some ZRLE subencoding types. However, it is is much more useful
shape now than before.
svn path=/trunk/; revision=20886
This patch provide a new function to decode messages when several ASN1 encoding can be used.
This is the case, for example, when a same message has different encoding according to the MAP version, or in case of ASN1 encoder optimization.
At the same time, I did remove the configuration variable "old_gsm_map_version", which is taken into account in the patch.
And likewise, for all the messages defined with the ASN1 sequence "[3] SEQUENCE", this function is called for the decoding.
svn path=/trunk/; revision=20878
let this helper take a parameter to describe how the policy handle should be
managed (is this an open, close ?) to improve policy handle tracking.
(centralizing to a single function of code makes other changes easier)
create defines to indicate OPEN/CLOSE and use them as a start/test in the winreg conformance file.
svn path=/trunk/; revision=20872
pidl will probably be in flux for a short while and this checkin is to reduce the some noice generated to winreg while other changes are implemented.
this change only affects c-code comments in the pidl generated code
svn path=/trunk/; revision=20871
feature lists all of the content found in an HTTP stream (images, http, etc.)
and displays it in a list that allows the user to save each one as a file that
is already reassembled by the dissectors.
svn path=/trunk/; revision=20867
update the conformance file so the correct functions are loaded with the correct PARAM value to signal "in this frame, this policy handle was created"
svn path=/trunk/; revision=20857
While I reading source code of IuUP dissector, I notice some
obvious bugs inside the code. One is a missing assignment
that causes the following "if (iuup_circuit)" block to never execute.
Another is wrong field names.
Althoug both won't show up in final result (for the first bug, the call to
g_hash_table_insert several lines later will do the right thing anyway;
for the second bug, there is no services utilizing more than 3 subflows),
I think it is better to have them fixed.
svn path=/trunk/; revision=20853
Use "break" instead of "goto done" when possible, don't goto a label
that follows immediately, and get rid of labels for which there's no
goto.
svn path=/trunk/; revision=20846
Update the Camel dissector to have the same structure as the gsm map dissector.
Now the dissector correctly handles the Tcap return error component.
Some improvement have been made for ApplyChargingReport too.
svn path=/trunk/; revision=20835
"If the bitstring is empty, there shall be no subsequent octets, and the initial octet shall be zero."
The BER dissector marked empty bitstrings as "Padding", but they are now marked as "Empty".
http://www.wireshark.org/lists/wireshark-dev/200702/msg00574.html
svn path=/trunk/; revision=20834
This is purely empirical as I can find no standard that says it should be there.
However successful LDAP/SASL/GSSAPI between AD and Java client shows it seems to be present.
If the confounder is not dissected, the LDAPMessage to fail to be decoded.
svn path=/trunk/; revision=20833
1) Handle empty (zero length) saslCredentials
2) Handle "GSSAPI" auth_mech when identified from the bind
3) Annotate column info to show SASL service applied to LDAP operation
svn path=/trunk/; revision=20830
- move dcom-cba and pn-rt files into profinet plugin (where they really belong)
- move some common pn functionality into new packet-pn.c/h instead of having duplicate code
svn path=/trunk/; revision=20825
this resolves some issues where the decode is ok but the hexpane shows corrupted memory where the decrypted blob should be.
svn path=/trunk/; revision=20824
A patch to update the gsm map definition up to 3GPP TS 29.002 V7.5.0 (2006-09) Release 7 There is a little impact on the GTP dissector, because I had to change the name of the Local ErrorCode in the gsm map asn1 definition due to a conflict with the Camel dissector.
svn path=/trunk/; revision=20823
(since we do not yet use all of the various idl files from s4 i commented out the import directove from the idl file since othervise it would generate #include directives for files we do not yet provide)
svn path=/trunk/; revision=20816
Also:
- Fix a division-by-zero error in FP dissector
- Correct the way DCT2000 IPPrim addresses and ports are dissected and displayed
svn path=/trunk/; revision=20812
Create two new files (ws_strsplit.[ch]) that use GTK2 code to override
the buggy g_strsplit() function when compiling for GTK1. Include this
work-around function (ws_strsplit) in libwireshark.def. Add notes on usage
to README.developer. Include epan/ws_strsplit.h in all files that use
g_strsplit().
svn path=/trunk/; revision=20804
Attached is a wireshark patch that adds support for decoding DHCP option 125
and the DHCP option 125 suboptions defined by the DSL Forum's TR-111
specification.
svn path=/trunk/; revision=20783
the SSC dissector should be in fairly good shape now modulo some missing
dissectors for a few data in/out buffers that someone that needs them can easily add
svn path=/trunk/; revision=20776
this allows us to use g_hash_table_new() instead of g_hash_table_new_full() and thus make it compileable under gtk1.2
this should probably be completely converted into se_tree's and se_alloc to completely remove the hashtable altogether
svn path=/trunk/; revision=20758
* Remove macros_dlg, the DFMacros UAT goes in the menu with all the rest
* in packet-user_encap.c WTAP_ENCAP=XXX has become useless information for the user leave just the DLT#
svn path=/trunk/; revision=20753
In the attached patch, the K12 wiretap now saves the content of record
after captured packet data. The K12 dissector then could extract them and provide
useful information to properly dissect FP frames (user plane of UTRAN Iub
interface).
svn path=/trunk/; revision=20749
not the data length (the packet might've been cut short by a snapshot
length).
Fetch the reported length with an accessor.
svn path=/trunk/; revision=20743
The file epan/dissectors/packet-k12.c uses the function
strcasestr() which is not available on e.g. Windows. So I cooked
up a patch to epan/strutil.c to add epan_strcasestr() (is there a more
suited place for such a function?)
svn path=/trunk/; revision=20734
dissect_ansi_map_sms_originationrestrictions()
Also close a couple of comments, remove one /* embedded in a comment,
remove a couple unused variables (still lots of unused params in there),
and fix indentation of some proto_item and proto_tree variable declarations.
svn path=/trunk/; revision=20730
This patch adds decodes for 802.11n information elements. Since 802.11n
isn't a formal standard yet they are not using the final packet
structures or ie type numbers. But there are already 802.11n pre
release devices out there and these decodes do seem to correctly decode
the IEs that they use.
svn path=/trunk/; revision=20725
- new: ICBALogicalDevice2::PBAddressInfo
- enhanced: GROUPERRORDEF
simplify ett registration
add a callback for SAFEARRAY data dissection
svn path=/trunk/; revision=20723
Wireshark complains about bogus udp length when processing last fragment of UDP data.
It compares length field from UDP header with payload size of last fragment.
Attached is my attempt to fix this by referring to tvp->length instead of pinfo->iplen - pinfo->iphdrlen.
Also set some items attribute to generated.
svn path=/trunk/; revision=20722
Fix an obvious error in the nfs4 stateid parsing. The stateid is used in a number of common operations (such as open and setattr), so this caused a lot of misparsing.
svn path=/trunk/; revision=20700
Wed, Jan 31, 2007 at 7:24 PM
To: wireshark-dev@wireshark.org
Hello,
Please consider for checkin the following new dissectors, for the FMP protocol.
FMP (File Mapping Protocol) is the network protocol basis for EMC's HighRoad (MPFS) technology. Highroad is used to allow multiple clients to share access to NAS-shared files while allowing clients to directly access data volumes (via, for example, Fibre Channel or iSCSI). EMC currently uses this technology in our Celerra NAS servers, and we're currently in the process of open sourcing portions of the technology.
FMP actually consists of two ONC/RPC-based protocols - the core FMP protocol, and FMP/Notify. The latter is used as an asynchronous callback to inform clients of status changes, such as lock revocation.
We'd like to offer these dissectors to Wireshark users for help in debugging or otherwise troubleshooting MPFS-related problems. There are still a few minor changes that need to be made ( i.e. a handful of fields that aren't decoded) but the dissector is overall fairly complete and very usable.
Let me know if there are questions or feedback, or otherwise if other info is needed (like sample captures, which I don't want to send out to the mailing list).
Thanks,
Ian Schorr
EMC Corporation
svn path=/trunk/; revision=20679
- most paramaters have data set to NULL, have them added to the tree
- avoid the context tracing mecanism bailing out if a ContextList appears in the packet.
- in q9150 do not attempt to dissect sdp unless we believe it is sdp
(BTW we need heuristics for sdp and other potential payloads of this parameter..)
svn path=/trunk/; revision=20649
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
The PERSISTENT REVERVE OUT dissectors uses the table of the PERSISTENT REVERVE
IN command to decode the Service Action field which is obviously not correct.
This patch fixes the problem.
svn path=/trunk/; revision=20631
Mikus. Add a buf_len parameter to ip_to_str_buf(), and make sure it's
enforced. Copy the release notes over from the 0.99.5 trunk and add a
note about the ISUP dissector (which is affected by the overrun).
svn path=/trunk/; revision=20607
Gerrit Renker fixed a bug in DCCP dissector about long timestamps. (bad offsets)
He wrote:
> attached is a patch which updates the offsets of the timestamps.
> I have verified this against [RFC 4342, sec. 13] and it seems correct.
Also fixed file properties
svn path=/trunk/; revision=20606
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
plus:
Add Kriang to the AUTHORS list (and once at it upate my own record)
svn path=/trunk/; revision=20580
the lack of SSID). Wildcarding combines the passphrase with the last
seen SSID and attempts decryption. The last-seen stack is only one
element tall, which means it may get clobbered on busy and diverse
networks. We can expand it if needed.
Make internal functions static in airpdcap.c. Rearrange the
AIRPDCAP_KEY_ITEM struct so that the passphrase and SSID don't get
clobbered when we set our PSK.
svn path=/trunk/; revision=20572
This patch fixes three problems with the SCSI persistent reserve in command:
- The Additional length starts at offset 4 and not 0
- The len field contains the length used by the keys and doesn't include the header length.
So don't substract the header length from the length.
- The key list is traversed from the beginning to end end and not the other way around.
svn path=/trunk/; revision=20568