protocol has a lot of preference items. Change the number of
configurable ESP SAs to 16 (in case someone needs do decrypt many
sessions in a single trace file). Fix up whitespace.
svn path=/trunk/; revision=18903
Attached is a patch to packet-http.c that calls a subdissector for
traffic flowing through a proxy via the HTTP CONNECT method. Most
protocols, especially SSL, can be tunneled through an HTTP proxy.
Wireshark currently says this traffic is "Continuation or non-HTTP
traffic" but this patch turns the payload over to the dissector for the
protocol being tunneled. This is similar to how the Socks dissector
works.
svn path=/trunk/; revision=18901
Please find attached a patch with updates to l2tpv3's l2_sublayer_vals
and pw_types_vals numbers (and pw type decoding).
The previous values belong to a different number space, "MPLS Pseudowire
Types Registry" in http://www.iana.org/assignments/pwe3-parameters, used
by LDP. The new values belong to the correct number space, "L2TPv3
Pseudowire Types" in http://www.iana.org/assignments/l2tp-parameters,
used by L2TPv3. Note that one is a 15-bit number while the other is a
16-bit number. So it's not really removing half of the values; even
though there are some numerical "matches" in the two registries, there
are differences (see for example 12 and 13, and some name changes). From
my knowledge the values not registered are also not used (and part of
the intention of the patch is that they are not misused); a fair
assumption is that it was a clerical error mis-assuming the two
protocols, LDP and L2TPv3, used the same space for "PW Types".
svn path=/trunk/; revision=18900
change all accessor functions to be defines to the emem_tree_ functions.
now to create a tree with a different scope we only need to create a new
..._tree_create() function and set up the appropriate defines
(it was a mistake to call the functions se_tree_create and se_tree_create_non_persistent, they should be the other way around i.e. se_tree_create_persistent and se_tree_create )
svn path=/trunk/; revision=18895
teh tree management and to use trees with different storage scope without too much code duplication.
it would be useful with a tree that had indefinite storage instead of the emem functions which commonly have ep or se storage scope.
indefinite storage scope would be useful for example for managing a global and static set of well known guid to name mappings(not yet implemented) and also for
oid to name mappings.
svn path=/trunk/; revision=18886
add a lot more PROFINET CBA dissection output based on these DCOM context information
still need some improvements, e.g. dissection uses a simple (slow) linear list search
changes are fuzz-tested
svn path=/trunk/; revision=18882
I've attached a patch to the "wlan capture header" dissector to bring it
in line with the current frame format, and a proper URL to obtain said
format. Nothing major, just the addition of a couple of fields and
definitions. The dissector remains backwards-compatible with the older
format.
svn path=/trunk/; revision=18878
I've just had a bug in one of our private dissectors which meant
that the handle passed to call_dissector was null. This seemed to give
varying behavior - on some Windows installations it hit wireshark's
in-built exception handling, and displayed that the dissector had an
error (correct), but on some installations it just crashed wireshark
(not helpful). I _think_ the difference was whether MSVC was installed
or not, but on a sample of only 3 machines.
Should call_dissector include explicit null handle checks, and if so,
should it:-
a) g_assert - the simple patch attached
b) fallback to doing a data decode (as disabled protocols do)
c) try to invoke the wireshark exception handling for the packet
Or is the correct answer none of the above - the exception handler
should already cope ?
svn path=/trunk/; revision=18869
provided by markdrago@mail.com.
Me: Patch template files instead and regenerate the dissector files.
Fix Makefiles to use the correct asn filenames.
svn path=/trunk/; revision=18866
a new bit 0x00020000 is usde in the TGS-REQ packets and this results in a return of a PAC containing an unknown type 11 field.
the blob in the pac is 200 bytes and NDR encoded. its structure is obvious since it contains 2 conformant and varying arrays and three unique pointers.
enable decoding of this new KDCOptions bit and call it "constrained delegation"
svn path=/trunk/; revision=18857
libgcrypt, enable it in the Windows build.
In packet-ipsec.c:
- Remove non-constants from variable declaration initializations.
- Use ep_alloc() in a couple of places.
- Fix an off-by-one error.
- Reduce the number of SAs in the preferences from 4 to 2. 4 made the
preferences window absolutely enormous. This is probably the wrong
way to fix this.
- Fix up whitespace.
svn path=/trunk/; revision=18856
also change the name of one of the strings we keep around since it is more generic than just used for attributeassertions
svn path=/trunk/; revision=18841
I was looking at the dissector I wrote recently, packet-exec.c, to remember
how to handle conversations and I noticed a comment that isn't clear.
It would throw someone off because it isn't how the dissector was finally written :).
svn path=/trunk/; revision=18833
the supplied patch fixes a problem where the options value should really be used from the conversation found (using
conversation_lookup_hashtable(...) to create a new conversation based on the already stored conversation template (the CONVERSATION_TEMPLATE bit is set in the stored conversation) rather from the options argument passed to the function(s).
This solves a problem that otherwise shows itself where "DISSECTOR_ASSERT(!(conv->options & CONVERSATION_TEMPLATE) && "Use the conversation_create_from_template function when the CONVERSATION_TEMPLATE bit is set in the options mask");" fails sometimes.
svn path=/trunk/; revision=18825
This patch adds a new dissector for the daytime protocol (like the time
protocol, but the date and time is send as a text string). This protocol and
dissector work s over TCP or UDP.
svn path=/trunk/; revision=18823
The time protocol (port 37) dissector (packet-time.c) currently only supports
UDP. The protocol has an identical implementation over TCP as well. This
patch adds support to the dissector for TCP time in addition to the UDP time
packets
svn path=/trunk/; revision=18822
This patch adds the most commonly referenced items from CDP frames to the info
column: the device id (hostname) and port id. For example:
Cisco Discovery Protocol Device ID: myswitch.me.com Port ID:
GigabitEthernet7/12
svn path=/trunk/; revision=18821
- updated to the current (approved) spec. I'm not sure how backwards-compatible this is with older drafts...
- prettified the existing code, including more details in the info column
Also included is a fix to the way the offset at the end of an RTCP BYE packet is calculated (taking into account the NULL. This avoids the 'length wrong' expert item)
svn path=/trunk/; revision=18820
- Add a preference to try to find messages within sctp primitive messages (tries renaming of known mismatches)
- Add outhdr to stub protocol (getting ready for IuB FP)
svn path=/trunk/; revision=18818
A disassembly module I wrote for Pegasus Lightweight Stream Control, a protocol used by some cable set-top boxes for video-on-demand.
svn path=/trunk/; revision=18807
- allow SDP to parse the IP address + port for the MSRP session from the
path attribute
- setup an MSRP conversation using this address, whose data points back
to the SDP frame
- link to the SDP setup frame while dissecting MSRP (can be switched off
by a preference)
- I also changed sdp.media.port to be a numeric field
svn path=/trunk/; revision=18806
fix for h450 to prevent an assertion for uninitialized hffields
Thanks for the capture, Keith. The problem was with h450 hf fields that
weren't initialised sucessfully (at all in one case, or with non-unique
filter strings in several others) - it was hitting an assertion in proto.c
when an attempt was made to use those fields.
I was able to test by editing packet-h450.c directly, I couldn't regenerate
it from packet-h450-template.c. I'm attaching a patch to
packet-h450-template.c that hopefully does the same thing. If someone can
generate and check it packet-h450.c in for me I'll retest.
svn path=/trunk/; revision=18804
Hi,
This patch allows FT_NONE items to be built into filter expressions
(i.e. testing for their presence or absence rather than comparing with a
value) using the Apply|Prepare a Filter menus. What drove me to add
this was having to type in !tcp.analysis.out_of_order.
Does this seem reasonable?
Regards,
Martin
svn path=/trunk/; revision=18782
Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
svn path=/trunk/; revision=18780
The barker preamble bit is set when a station associates
which does not support short preambles. When it is 0, short
preambles are allowed.
Me: Add a reference to the spec stating the above.
svn path=/trunk/; revision=18777
This patch:
- adds headers found in later versions of the msrp drafts
- fixes a problem where wrong length values were used while parsing the
request/status line and it was going beyond linelen
- "Transaktion" -> "Transaction"
- status code now appears as a numerical field
- removes unused parameters from check_msrp_header()
- tidies up some indentation
It has survived some fuzz-testing.
svn path=/trunk/; revision=18766
sip_stats.c and tap_sipstat.c:
adds the code 429 ("Provide Referrer Identity", from RFC 3892) to
SIP stats.
chargecontrol.xml packet-diameter.c :
These patches
- add a few more chargecontrol AVPs, and add the vendor-id where needed
- report as expert info when AVPs' lengths don't match their type
svn path=/trunk/; revision=18743
special case some common special attributes such as DomainSid and DomainGuid
and dissect them as SIDs and GUIDs
examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev
svn path=/trunk/; revision=18719
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
add a generated field telling the user and add an expert info entry
This often happens when the capture misses the binding procedure at the beginning of a conversation "capture start too late".
svn path=/trunk/; revision=18687
packet-pktc.c:
Catch an underflow.
packet-ospf.c:
Don't burn CPU cycles unnecessarily.
packet-rpc.c:
Catch an overflow.
packet-mq.c:
Check a header size.
Fix up whitespace.
svn path=/trunk/; revision=18685
packet-diameter.c
- show vendor ID as a decimal number
diameter/chargecontrol.xml
- add more AVP entries from 3GPP TS 32.299 (6.6.0)
svn path=/trunk/; revision=18679
packet-mount.c:
Don't allocate a huge amount of memory.
packet-ntp.c:
Fix a possible format string bug.
packet-ndps.c:
packet-nmas.c:
Fix an off-by-one buffer error.
svn path=/trunk/; revision=18678
- changes the ISUP dissector preference to follow MTP3's preference
rather than having its own (similar to SCCP, M3UA, etc.). I did not
obsolete the old preference because it was never put out in a release
(only SVN users would have seen it). I can change that if desired.
- add dissection of ANSI CRM message
svn path=/trunk/; revision=18661
this also removes several small memory leaks through get_oid_name and get_oid_str_name where the callers nevber freed the data
svn path=/trunk/; revision=18647