special case some common special attributes such as DomainSid and DomainGuid
and dissect them as SIDs and GUIDs
examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev
svn path=/trunk/; revision=18719
Fix a bug introduced recently in packet-rpc.c.
Replace DISSECTOR_ASSERT() with THROW(ReportedBoundsError) in my recent
checkins, since fuzz-test.sh sets WIRESHARK_ABORT_ON_DISSECTOR_BUG.
svn path=/trunk/; revision=18693
add a generated field telling the user and add an expert info entry
This often happens when the capture misses the binding procedure at the beginning of a conversation "capture start too late".
svn path=/trunk/; revision=18687
packet-pktc.c:
Catch an underflow.
packet-ospf.c:
Don't burn CPU cycles unnecessarily.
packet-rpc.c:
Catch an overflow.
packet-mq.c:
Check a header size.
Fix up whitespace.
svn path=/trunk/; revision=18685
packet-diameter.c
- show vendor ID as a decimal number
diameter/chargecontrol.xml
- add more AVP entries from 3GPP TS 32.299 (6.6.0)
svn path=/trunk/; revision=18679
packet-mount.c:
Don't allocate a huge amount of memory.
packet-ntp.c:
Fix a possible format string bug.
packet-ndps.c:
packet-nmas.c:
Fix an off-by-one buffer error.
svn path=/trunk/; revision=18678
- changes the ISUP dissector preference to follow MTP3's preference
rather than having its own (similar to SCCP, M3UA, etc.). I did not
obsolete the old preference because it was never put out in a release
(only SVN users would have seen it). I can change that if desired.
- add dissection of ANSI CRM message
svn path=/trunk/; revision=18661
this also removes several small memory leaks through get_oid_name and get_oid_str_name where the callers nevber freed the data
svn path=/trunk/; revision=18647
packet-diameter.c
--------------------------
I completely reindented dissect_avps() before I made any changes, but
when ignoring white space (in tkdiff, -w plus checking 'Ignore blanks
when diffing'), its easy to see the small changes I've made:
- when fail to find AVP info, show code in tree parent in decimal (as
specs do)
- add an expert info (undecoded, note) to indicate unknown AVP codes
diameter/imscxdx.xml
-------------------------------
- added 'Associated-Identities'
svn path=/trunk/; revision=18641
activate_secondary_pdp_contex_acc - radio priority missing, QoS wrongly dekoded.
Fault in i detach_req: should be ELEM_OPT_TLV
identiy half-octeten ignored.
"Cause" written as "LLC SAPI"
Decoding of TFT.
svn path=/trunk/; revision=18640
attached a patch for the BGP dissector for correct display of
VPLS NLRIs as per the latest spec (draft-ietf-l2vpn-vpls-bgp-08).
svn path=/trunk/; revision=18638
this break old preference settings but as we havent shipped any win32 version with this feature yet it shouldnt be any drama
see wiki for updates on the new format
(we still need many many updates and cleanups to the code but the non-backward compatible preference change must go in asap)
svn path=/trunk/; revision=18609
This should fix some "differ in signedness" warnings (and maybe will raise new ones, which should be fixed at the calling places then)
svn path=/trunk/; revision=18605
Fix Bug 976
Looking at frame 170 in the trace, it looks like
tvb_get_ephemeral_text() struggles with the null character in the middle
of the 4th parameter (in the WWW-Authenticate header) and returns NULL.
The attached patch uses tvb_format_text() instead which also does a
better job of showing the string.
svn path=/trunk/; revision=18589
The patch avoids the crash for unknown messages, adds the Common Id
message dissection which caused it, and also add dissector name
registration for the 2 other protocols which this file can provide.
svn path=/trunk/; revision=18586
ifdef out a few lines of dead code for a feature that is not yet finished
remove two compiler warnings about uninitialized variables (they are not uninitialized, just gcc being dumb)
svn path=/trunk/; revision=18558
replace overly convoluted code with much simpler code.
stateid is a simple 16 byte structure and there is no need to make it more complex than it is.
svn path=/trunk/; revision=18555
1, (minor) the heuristics are too weak and everyting is always decoded either as netapp filehandles or one of the others even when just capturing ibetween say two classic unix boxens
2, (major) you can not filter on specific subfields of the filehandle
observation: 5 people or less in the world care about implementation specific storage of data inside an opaque blob.
remove the too weak heuristics for nfs filehandles.
make decoding of filehandles accorrding to specific implementations controlled by a preference setting.
default this setting to "unknown"
display unknown filehandles using proto_tree_add_item() FT_BYTES/BASE_HEX to make it fitlerable instead of a useless proto_tree_add_text()
wiki needs to be updated tomorrow
svn path=/trunk/; revision=18530
and the weak heuristics often cause wireshark to mistake some segment containing read/write data to be iscsi.
make the heuristics to check that a packet really is iscsi much stronger
svn path=/trunk/; revision=18523
This fixes a redefine of AF_INET6 on AIX 4.3.3. We pull in <sys/socket.h> so the OS can define it first, nullifying the #define in epan/inet_v6defs.h.
svn path=/trunk/; revision=18522
reuse the recent structure for fid->filename mappings since the problemspace is virtually the same
(go to tired of trying to find the sharename in 10mpacket traces with 1000s of shares)
svn path=/trunk/; revision=18516
This needs to be done for all other Create/Open calls as well but would notmally just be 6 lines tyo add.
I rarely see older methods to open files so others using older clients are encoraged to use these 6 lines to the other places where needed.
svn path=/trunk/; revision=18515
add an expansion to the fid that display which frame itr was opened in and when it was closed.
someone may want to add tracking of actual filenames here as well. i am not sure i need that feature myself so ...
svn path=/trunk/; revision=18512
this bug can not currently trigger but if someone would rename the module
in the future then this could potentially cause a null dereference.
svn path=/trunk/; revision=18494
we used the wrong size which caused emem to complain that the canary value had been stomped upon.
another win for the canary feature. thanks gerald
svn path=/trunk/; revision=18491
everytime a ndmp_[scsi|tape]_open is seen create a new itl
we need an itl structure to be able to know what commandset a certain device is using.
svn path=/trunk/; revision=18490
make dissect_scsi_cdb abort with an assert if called with a null pointer for itl.
This means scsi over ndmp will be aborted by an assert sicne ndmp passes a null pointer here always but at least is better than a segv since some cdb's require itl to decode properly.
next checkin will fix ndmp in this regard.
svn path=/trunk/; revision=18489
have neither. For those with MAP_ANON but not MAP_ANONYMOUS, use
MAP_ANON; for those with neither, add some code to use "/dev/zero".
svn path=/trunk/; revision=18488
HP-UX doesn't have MAP_ANON but it does have MAP_ANONYMOUS. Moreoever,
according to mmap(2) on RHEL:
MAP_ANONYMOUS
The mapping is not backed by any file; the fd and offset argu-
ments are ignored. This flag in conjunction with MAP_SHARED is
implemented since Linux 2.4.
MAP_ANON
Alias for MAP_ANONYMOUS. Deprecated.
svn path=/trunk/; revision=18486
to format into a buffer and then pass that buffer.
Make a count an "int" rather than a "size_t" to squelch a (valid)
compiler warning.
svn path=/trunk/; revision=18482
ldap and ldap+sasl
remove a recent ber length validation in packet-ber.c that cant work and breaks reassembly and also makes all ber pacvket sspanning multiple segments show up as malformed packets.
svn path=/trunk/; revision=18465
Check for libgcrypt 1.1.0 (note: I don't know which version
is required, so maybe the version number needs to be changed
for this test to work reliably).
packet-ipsec.c:
- Replace __USE_LIBGCRYPT__ by HAVE_LIBGCRYPT to follow
conventions.
- Warning fixes: signedness in sscanf (%i -> %u)
- Warning fixes: mixed declaration and code
svn path=/trunk/; revision=18460
make the display of the filters more similar to how the ldap c api represents
filters and how they are commonly represented in documentation and other texts.
svn path=/trunk/; revision=18449
Check for printable ASCII - 0x7F is >= 0x20, but it's not printable, and
0x80 through 0xFF aren't ASCII.
Note that we should perhaps be using RFC 2252-style schemas to figure
out which attribute and assertion values are text and which are binary.
svn path=/trunk/; revision=18447
So make the field "frame.marked" visible and tag it as generated.
Move both "time reference" and "marked frame" fields towards the end of the "frame" protocol fields.
Should be copied over to trunk-1.0
svn path=/trunk/; revision=18435
This patch:
- treats the variant field as a variable-length string field. This is
needed for some of the more complicated protocols where the variant
number of the embedded protocol is also represented
- the patch to Makefile.am was not applied from
http://www.wireshark.org/lists/wireshark-dev/200606/msg00009.html
svn path=/trunk/; revision=18427
Added option "ANSI MAP" in Preferences menu, that ansi_map protocol dissector can parse packets with non-standart SSN.
svn path=/trunk/; revision=18358
- shows profile-specific extension data at the end of SR/RR reports (if
packet length has not yet been reached after parsing normal data) and
advances offset (further packets were not recognised+dissected as this
data wasn't being skipped).
- checks that the length of the RTCP data in the whole frame matches the
combined length from the length fields (the last check in RFC 3550, "A.2
RTCP Header Validity Checks") with a generated field and expert info
when wrong.
- reports the length field in all of the message types consistently (the
length was confusingly shown multiplied by 4 only in APP packets...)
svn path=/trunk/; revision=18357
- while parsing fmtp lines, the dissector looks for the MPEG4 'profile-level-id' parameter. If there is no '=' present, it was throwing an exception and the frame marked as malformed (see e.g. the attached
capture)
- I've added a few comments where the code wasn't obvious to me...
svn path=/trunk/; revision=18332
Q.931:I
mprovesthe dissection of Q.931 Channel
Identification information elements, by using proper (filterable) header
fields rather than text tree items.
H253:
make the h.263 dissector dissect the group-of-block
number which comes after a GOB start code.
svn path=/trunk/; revision=18323
H225.cnf
I noticed is that the voip call flow graph does not have a label for the setupAck packet. I traced this to the empty frame_label.
voip_calls.c
It seems to me that in gtk/voip_calls.c tmp_h323info->guid is pointer itself, therefore:
memcmp(&tmp_h323info->guid
should in fact read:
memcmp(tmp_h323info->guid
svn path=/trunk/; revision=18304
if the interval spans the entire 32 bit range.
special case the two common cases when this may happen until a real fix is included.
if the range variable becomes 0 due to 32bit overflow do a g_assert_not_reached to prevent an infinite loop.
this function should be enhanced to work with 64 bit integers.
svn path=/trunk/; revision=18299
- shows profile-specific extension data at the end of SR/RR reports (if
packet length has not yet been reached after parsing normal data) and
advances offset (further packets were not recognised+dissected as this
data wasn't being skipped).
svn path=/trunk/; revision=18245
This version of the patch won't look for the authentication scheme (it
just skips that part for Authentication-Info headers). I tested it
using the enclosed file (pasted from the RFC and fed through
od/text2pcap, then messed around with so I could test the other new
parameters, even if they don't really belong in that header...).
svn path=/trunk/; revision=18244
- h245.asn renamed to MULTIMEDIA-SYSTEM-CONTROL.asn
- rollback changes in .asn sources to keep them in original ITU-T form and put necessary changes into .cnf files
- PER dissectors regenerated
svn path=/trunk/; revision=18238
While in 3GPP spec, the last two (Down/up nextPDCP-PDU seq. no.) would be 2
BYTES. So ethreal could not read the message correctly. We have to modify the
log to make Ethreal analysis it.
Add disection of TargetID.
svn path=/trunk/; revision=18228
doing the reassembly internally in acl instead of calling reassembly.c since the fragmentation is so simple and packets are so small anyway so full reassembly.c support would be overkill.
svn path=/trunk/; revision=18223
this dissector will not yet detect when ppp is passed over the rfcomm link
but the old code to detect and deescapt the ppp data is still in the dissector, though ifdeffed out to serve as inspiration when ppp over rfcomm captures are made available.
the only captures i have with rfcomm are for raw serial communications so they dont contain any ppp frames. :-(
svn path=/trunk/; revision=18221
higher layer protocols need the chandle, cid and direction (from pinfo) in order to identify packets for the same "conversation"
(it is not a conversation per se in bluetooth butn one unidirectional flow that we track)
svn path=/trunk/; revision=18220
acl chandle + direction + l2cap-CID to uniquely identify a single specific
flow of PDU packets.
So we need to pass the chandle upp from acl to l2cap at least.
It would have been nice to handle this using "conversations" but the bluetooth
stack does not eaily map to the idiom host:port<->host:port
instead in bluetooth you have unidirectional flows that are identified by ACL-chandle:L2CAP-CID:direction and additional state held inside l2cap would attach two such flows together into a "conversation".
Bluetooth packets themself only indentify "half" of the two way conversation.
svn path=/trunk/; revision=18218
The UMA-message Handover From UMAN Command includes the complete L3-message (and header) and not only the handover-IE's.
svn path=/trunk/; revision=18215
- Many DCT2000 protocols can be embedded within an IP primitive
message. Add a heuristic to see if we can find the protocol payload
within in IP primitive message, and look for an ethereal dissector
matching the DCT2000 protocol name (this is useful for simple protocol
testing where no physical links are involved)
- Make some more of these protocols (diameter, http, mgcp) findable by name
- Adds protocol 'variant' number to stub and dissector
- Break the duplicated writing of the stub header out into a separate
function
svn path=/trunk/; revision=18212
- step to new ASN.1 API - pass asn_ctx_t* through PER dissectors instead of packet_info*
- PER ALIGNED/UNALIGNED flag moved to asn_ctx_t
- PER created tree item pointer moved to asn_ctx_t
- add nbap into PER dissectors in asn1/Makefile.nmake
- use add_oid_str_name() instead of register_ber_oid_name() in H.225 and H.245
- export asn_ctx_init from library
- PER dissectors regenerated
svn path=/trunk/; revision=18209
buffer argument is a mallocated buffer, so sizeof doesn't return its
size, it returns the size of the pointer to the buffer. Fixes bug 907.
svn path=/trunk/; revision=18186