This patch adds the most commonly referenced items from CDP frames to the info
column: the device id (hostname) and port id. For example:
Cisco Discovery Protocol Device ID: myswitch.me.com Port ID:
GigabitEthernet7/12
svn path=/trunk/; revision=18821
- updated to the current (approved) spec. I'm not sure how backwards-compatible this is with older drafts...
- prettified the existing code, including more details in the info column
Also included is a fix to the way the offset at the end of an RTCP BYE packet is calculated (taking into account the NULL. This avoids the 'length wrong' expert item)
svn path=/trunk/; revision=18820
- Add a preference to try to find messages within sctp primitive messages (tries renaming of known mismatches)
- Add outhdr to stub protocol (getting ready for IuB FP)
svn path=/trunk/; revision=18818
A disassembly module I wrote for Pegasus Lightweight Stream Control, a protocol used by some cable set-top boxes for video-on-demand.
svn path=/trunk/; revision=18807
- allow SDP to parse the IP address + port for the MSRP session from the
path attribute
- setup an MSRP conversation using this address, whose data points back
to the SDP frame
- link to the SDP setup frame while dissecting MSRP (can be switched off
by a preference)
- I also changed sdp.media.port to be a numeric field
svn path=/trunk/; revision=18806
fix for h450 to prevent an assertion for uninitialized hffields
Thanks for the capture, Keith. The problem was with h450 hf fields that
weren't initialised sucessfully (at all in one case, or with non-unique
filter strings in several others) - it was hitting an assertion in proto.c
when an attempt was made to use those fields.
I was able to test by editing packet-h450.c directly, I couldn't regenerate
it from packet-h450-template.c. I'm attaching a patch to
packet-h450-template.c that hopefully does the same thing. If someone can
generate and check it packet-h450.c in for me I'll retest.
svn path=/trunk/; revision=18804
Hi,
This patch allows FT_NONE items to be built into filter expressions
(i.e. testing for their presence or absence rather than comparing with a
value) using the Apply|Prepare a Filter menus. What drove me to add
this was having to type in !tcp.analysis.out_of_order.
Does this seem reasonable?
Regards,
Martin
svn path=/trunk/; revision=18782
Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
svn path=/trunk/; revision=18780
The barker preamble bit is set when a station associates
which does not support short preambles. When it is 0, short
preambles are allowed.
Me: Add a reference to the spec stating the above.
svn path=/trunk/; revision=18777
This patch:
- adds headers found in later versions of the msrp drafts
- fixes a problem where wrong length values were used while parsing the
request/status line and it was going beyond linelen
- "Transaktion" -> "Transaction"
- status code now appears as a numerical field
- removes unused parameters from check_msrp_header()
- tidies up some indentation
It has survived some fuzz-testing.
svn path=/trunk/; revision=18766
sip_stats.c and tap_sipstat.c:
adds the code 429 ("Provide Referrer Identity", from RFC 3892) to
SIP stats.
chargecontrol.xml packet-diameter.c :
These patches
- add a few more chargecontrol AVPs, and add the vendor-id where needed
- report as expert info when AVPs' lengths don't match their type
svn path=/trunk/; revision=18743
special case some common special attributes such as DomainSid and DomainGuid
and dissect them as SIDs and GUIDs
examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev
svn path=/trunk/; revision=18719
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
add a generated field telling the user and add an expert info entry
This often happens when the capture misses the binding procedure at the beginning of a conversation "capture start too late".
svn path=/trunk/; revision=18687
packet-pktc.c:
Catch an underflow.
packet-ospf.c:
Don't burn CPU cycles unnecessarily.
packet-rpc.c:
Catch an overflow.
packet-mq.c:
Check a header size.
Fix up whitespace.
svn path=/trunk/; revision=18685
packet-diameter.c
- show vendor ID as a decimal number
diameter/chargecontrol.xml
- add more AVP entries from 3GPP TS 32.299 (6.6.0)
svn path=/trunk/; revision=18679
packet-mount.c:
Don't allocate a huge amount of memory.
packet-ntp.c:
Fix a possible format string bug.
packet-ndps.c:
packet-nmas.c:
Fix an off-by-one buffer error.
svn path=/trunk/; revision=18678
- changes the ISUP dissector preference to follow MTP3's preference
rather than having its own (similar to SCCP, M3UA, etc.). I did not
obsolete the old preference because it was never put out in a release
(only SVN users would have seen it). I can change that if desired.
- add dissection of ANSI CRM message
svn path=/trunk/; revision=18661
this also removes several small memory leaks through get_oid_name and get_oid_str_name where the callers nevber freed the data
svn path=/trunk/; revision=18647
packet-diameter.c
--------------------------
I completely reindented dissect_avps() before I made any changes, but
when ignoring white space (in tkdiff, -w plus checking 'Ignore blanks
when diffing'), its easy to see the small changes I've made:
- when fail to find AVP info, show code in tree parent in decimal (as
specs do)
- add an expert info (undecoded, note) to indicate unknown AVP codes
diameter/imscxdx.xml
-------------------------------
- added 'Associated-Identities'
svn path=/trunk/; revision=18641
activate_secondary_pdp_contex_acc - radio priority missing, QoS wrongly dekoded.
Fault in i detach_req: should be ELEM_OPT_TLV
identiy half-octeten ignored.
"Cause" written as "LLC SAPI"
Decoding of TFT.
svn path=/trunk/; revision=18640
attached a patch for the BGP dissector for correct display of
VPLS NLRIs as per the latest spec (draft-ietf-l2vpn-vpls-bgp-08).
svn path=/trunk/; revision=18638
this break old preference settings but as we havent shipped any win32 version with this feature yet it shouldnt be any drama
see wiki for updates on the new format
(we still need many many updates and cleanups to the code but the non-backward compatible preference change must go in asap)
svn path=/trunk/; revision=18609
This should fix some "differ in signedness" warnings (and maybe will raise new ones, which should be fixed at the calling places then)
svn path=/trunk/; revision=18605
Fix Bug 976
Looking at frame 170 in the trace, it looks like
tvb_get_ephemeral_text() struggles with the null character in the middle
of the 4th parameter (in the WWW-Authenticate header) and returns NULL.
The attached patch uses tvb_format_text() instead which also does a
better job of showing the string.
svn path=/trunk/; revision=18589
The patch avoids the crash for unknown messages, adds the Common Id
message dissection which caused it, and also add dissector name
registration for the 2 other protocols which this file can provide.
svn path=/trunk/; revision=18586
ifdef out a few lines of dead code for a feature that is not yet finished
remove two compiler warnings about uninitialized variables (they are not uninitialized, just gcc being dumb)
svn path=/trunk/; revision=18558
replace overly convoluted code with much simpler code.
stateid is a simple 16 byte structure and there is no need to make it more complex than it is.
svn path=/trunk/; revision=18555
1, (minor) the heuristics are too weak and everyting is always decoded either as netapp filehandles or one of the others even when just capturing ibetween say two classic unix boxens
2, (major) you can not filter on specific subfields of the filehandle
observation: 5 people or less in the world care about implementation specific storage of data inside an opaque blob.
remove the too weak heuristics for nfs filehandles.
make decoding of filehandles accorrding to specific implementations controlled by a preference setting.
default this setting to "unknown"
display unknown filehandles using proto_tree_add_item() FT_BYTES/BASE_HEX to make it fitlerable instead of a useless proto_tree_add_text()
wiki needs to be updated tomorrow
svn path=/trunk/; revision=18530
and the weak heuristics often cause wireshark to mistake some segment containing read/write data to be iscsi.
make the heuristics to check that a packet really is iscsi much stronger
svn path=/trunk/; revision=18523
This fixes a redefine of AF_INET6 on AIX 4.3.3. We pull in <sys/socket.h> so the OS can define it first, nullifying the #define in epan/inet_v6defs.h.
svn path=/trunk/; revision=18522
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
This needs to be done for all other Create/Open calls as well but would notmally just be 6 lines tyo add.
I rarely see older methods to open files so others using older clients are encoraged to use these 6 lines to the other places where needed.
svn path=/trunk/; revision=18515
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512
this bug can not currently trigger but if someone would rename the module
in the future then this could potentially cause a null dereference.
svn path=/trunk/; revision=18494
we used the wrong size which caused emem to complain that the canary value had been stomped upon.
another win for the canary feature. thanks gerald
svn path=/trunk/; revision=18491
everytime a ndmp_[scsi|tape]_open is seen create a new itl
we need an itl structure to be able to know what commandset a certain device is using.
svn path=/trunk/; revision=18490
make dissect_scsi_cdb abort with an assert if called with a null pointer for itl.
This means scsi over ndmp will be aborted by an assert sicne ndmp passes a null pointer here always but at least is better than a segv since some cdb's require itl to decode properly.
next checkin will fix ndmp in this regard.
svn path=/trunk/; revision=18489
have neither. For those with MAP_ANON but not MAP_ANONYMOUS, use
MAP_ANON; for those with neither, add some code to use "/dev/zero".
svn path=/trunk/; revision=18488
HP-UX doesn't have MAP_ANON but it does have MAP_ANONYMOUS. Moreoever,
according to mmap(2) on RHEL:
MAP_ANONYMOUS
The mapping is not backed by any file; the fd and offset argu-
ments are ignored. This flag in conjunction with MAP_SHARED is
implemented since Linux 2.4.
MAP_ANON
Alias for MAP_ANONYMOUS. Deprecated.
svn path=/trunk/; revision=18486
to format into a buffer and then pass that buffer.
Make a count an "int" rather than a "size_t" to squelch a (valid)
compiler warning.
svn path=/trunk/; revision=18482