Given the problems with the original attempt, and the fact that there's a new
version of the protocol spec out (v1.1), I took a crack at writing a new
dissector from scratch. It doesn't decode the fields within the message
parameters (there are far too many to bother with for an initial draft), but it
decodes everything else.
Even though it's not complete, I feel it's worth checking in as an intermediate
step (assuming it passes review), since it's still far better than nothing, and
adding full parameter-field decoding is going to take a lot of time simply for
transcribing all the different fields.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1957
svn path=/trunk/; revision=42383
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
Add WebSocket Protocol dissector (RFC6455)
* Support Base Framing Protocol
* Support of major opcode (Text, Binary, Close, Ping, Pong...)
* Support of unmask Payload (Client-to-Server Masking)
TODO
* Add fragmentation support
* Add WebSocket Extensions
svn path=/trunk/; revision=42163
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
This patch adds support for the DVB Bouquet Association Table (BAT) from ETSI
EN 300 468.
With this last patch, the support for the DVB SI table is quite complete.
svn path=/trunk/; revision=41836
Add MAC Address Acquisition Protocol Dissector
Add the dissector for MAAP - the MAC address acquisition protocol for 802.3
Ethernet defined in IEEE1722.
svn path=/trunk/; revision=41811
This patch adds support for the DVB Time Offset Table and the related
descriptor.
It also contains the Stuffing Descriptor as an added bonus.
svn path=/trunk/; revision=41766
This patch adds support for DVB Network Information Table as documented in
ETSI EN 300 468.
The patch also contains additional mpeg descriptors usually found in NIT plus
a few minor bugfix for other descriptors.
svn path=/trunk/; revision=41754
Add support for ETV Data processing & simple MPEG DSM-CC handling.
Witha a change of the name of dissect() in packet-etv.c to dissect-etv_common().
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6978
svn path=/trunk/; revision=41735
I'm contributing a new dissector for the HART/IP protocol. This
protocol is specified by the HART Conformance Foundation (HCF). It is
a standard protocol used in the process control industry. It
essential wraps the multip-drop serial HART packets in TCP or UDP
packets. The standard has been approved by the HCF and has been
assigned UDP/TCP port 5094 by IANA.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6961
--This line, and those below,
will be ignored--
M AUTHORS
M epan/CMakeLists.txt
M epan/dissectors/Makefile.common
AM epan/dissectors/packet-hartip.c
M ui/gtk/main_menubar.c
svn path=/trunk/; revision=41644
Move Y.1711 out of MPLS dissector
ITU-T Y.1711 code was "embedded" into the MPLS dissector in 2006.
This patch moves it into its own dissector.
From me :
Fix a Clang warning
svn path=/trunk/; revision=41486
packet-gmr1_dtap: Add dissector for GMR1 DTAP messages (Step 4(4)).
Added to Cmalelists.txt and #if 0 zero lenght hf array which windows
build did not like.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6921
svn path=/trunk/; revision=41450
A new dissector for IEEE 1722.1.
From me: some code cleanup, including:
- Get rid of some unnecessary local variable initializations.
- Put all of 1722.1 under one subtree.
- Just put if(tree)s in the top-level function rather than scattered throughout.
- Remove a couple "set but not used" warnings (a couple are #if'd out).
- Don't use deprecated functions.
svn path=/trunk/; revision=41282
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol, take II.
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41266
Support for MPLS Packet Loss and Delay Measurement, RFC 6374
Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
Any packetformat is supported: DLM, ILM, DM, DLM+DM and ILM+DM.
From me :
* Prefer proto_tree_add_item when it is possible
* add Modelines information
svn path=/trunk/; revision=41260
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6792
This is a new dissector for the non-standard Ericsson OM2000 protocol, as it is
used for the OML on A-bis of Ericsson RBS 2xxx BTSs.
It also includes a dissector for a shim-layer protocol that Ericsson uses for
IP-based A-bis like the RBS 2409. As the protocol is not publicly documented,
I have invented the name "EHDLC" (Ericsson HLDC) for it.
svn path=/trunk/; revision=41195
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41134
TThis is a new dissector for the GSM A-bis OML protocol as specified in TS
12.21,
including some Siemens and ip.access vendor-specific extensions.
The protocol is called from both classic ISDN (LAPD) based A-bis as well as the
gsm_ipa dissector.
- Fixed the encoding argument to proto_add_item()
- Removed Attribute as that does not compile on windows.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5784
svn path=/trunk/; revision=40851
the existing "mac-lte" UDP heuristic dissector. It is hoped that it will be
possible to register a DLT for use with this format.
svn path=/trunk/; revision=40580
The ANSI C12.22 protocol is a smart grid protocol for utility meters, including
gas, water and electric. The dissector implemented in the patch file includes
full support for all EPSEM (Extended Protocol Specification for Electricity
Metering) services and includes a full implementation of the C12.22 security
modes.
[...]
To decrypt the attached sample file, you need to set up the key table in the
preferences to include key 0 with a value of 6624C7E23034E4036FE5CB3A8B5DAB44.
Me: Fixes for:
[ 64%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c: In function ‘dissect_epsem’:
../../asn1/c1222/packet-c1222-template.c:860:15: error: variable ‘ft’ set but not used [-Werror=unused-but-set-variable]
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c:103:19: error: ‘c1222_flags’ defined but not used [-Werror=unused-variable]
svn path=/trunk/; revision=40500
please.
Move some generated DCERPC dissectors back to the clean list; if they
actually *do* generate warnings, move them back.
svn path=/trunk/; revision=40479
Dissector for the bzr smart server protocol
The attached patch adds basic support for dissecting the bzr smart server protocol ( http://wiki.wireshark.org/Bazaar ).
svn path=/trunk/; revision=40259
dissector for ELCOM communication protocol. This protocol is
used mainly by power utilities, to exchange historical, cyclic, and event based
data between SCADA systems.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6616
svn path=/trunk/; revision=40071
kNet (KristalliNet) dissector for Wireshark
kNet is a connection-oriented network protocol for transmitting arbitrary application-specific messages between network hosts. It is designed primarily for applications that require a method for rapid space-efficient real-time communication. kNet is an application-level protocol which can be ran either over UDP, TCP or SCTP transports.
From me :
* Add Modelines information and fix trailing whitespace
* Merge packet-knet.h in packet-knet.c
* Make Checkhf happy
* Fix Clang/GCC Warning about unused variable
* Add Authors info & CMakeList.txt
svn path=/trunk/; revision=40010
packet-x11.c: hundreds of:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/x11-extension-implementation.h: In function ‘xselinuxGetClientContext’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/x11-extension-implementation.h:27994:9: warning: variable ‘f_resource’ set but not used [-Wunused-but-set-variable]
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/x11-extension-implementation.h: In function ‘xselinuxGetClientContext_Reply’:
dissectors/packet-dcerpc-mapi.c: set but not used
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_Release_req’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8592:14: warning: variable ‘tree’ set but not used [-Wunused-but-set-variable]
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_Release_repl’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8617:14: warning: variable ‘tree’ set but not used [-Wunused-but-set-variable]
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_RecipSMTP’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8848:14: warning: variable ‘tree’ set but not used [-Wunused-but-set-variable]
dissecots/packet-dcerpc-drsuapi.c: set but not used
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-drsuapi.c: In function ‘drsuapi_dissect_DsGetNCChangesCtr7’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-drsuapi.c:2920:17: warning: variable ‘tree’ set but not used [-Wunused-but-set-variable]
Btw.: Does it really make sense to use an extra CMakefile for the dcerpc/ dir?
I'd rather the the idl2wrs.c in tools/ and the generatorstuff in epan/CMake
More files with the same problem.
svn path=/trunk/; revision=39968
as errors:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_Release_req’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8592:14: error: variable ‘tree’ set but not used [-Werror=unused-but-set-variable]
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_Release_repl’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8617:14: error: variable ‘tree’ set but not used [-Werror=unused-but-set-variable]
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c: In function ‘mapi_dissect_struct_RecipSMTP’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-dcerpc-mapi.c:8848:14: error: variable ‘tree’ set but not used [-Werror=unused-but-set-variable]
svn path=/trunk/; revision=39965
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
Dissector for the USB Integrated Circuit Card Interface Device Class (CCID)
I've implemented a reasonable subset of a dissector for the USB CCID specification (as described at http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf), during the course of experimenting with an ACS ACR122U ISO 14443 card reader and MiFare tokens.
It currently identifies all of the message types listed in that specification,ng.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines
* Fix Checkhf (Remove a unused entry)
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
svn path=/trunk/; revision=39750
Dissector for the NXP MiFare Protocol
I've just finished writing a dissector for the NXP-proprietary MiFare Protocol, as used alongside ISO 14443-A by a popular range of contactless (not-so-smart) cards, and various emulations, variants and clones thereof.
It currently supports all of the commands listed in http://www.nxp.com/documents/data_sheet/MF1S703x.pdf that also happen to be supported by LibNFC (http://code.google.com/p/libnfc/) - modulo the "NAK" and CRC bytes, since I haven't found examples of their usage in my USB traces, and I didn't want to hand-craft (probably incorrect) examples for testing.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines;
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
* Add Modelines information
svn path=/trunk/; revision=39746
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
Enhance Universal Alcatel Protocol
Several fixes and heuristic version. You can also specify the ports (as in the previous version), if the heuristic version is not working properly.
svn path=/trunk/; revision=39691
BitTorrent DHT dissector for wireshark
From me :
* Fix encoding attribut for proto_tree_add_item (with fix-encodings-args script)
svn path=/trunk/; revision=39653
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
New Protocol Submission for MVRP (Multiple VLAN Registration Protocol)
New dissector submission for Multiple VLAN Registration Protocol (MVRP) defined in 802.1ak Standard, section 11. MVRP is used to to dynamically create and update Dynamic VLAN Registration Entries.
From me :
* Fix error from fix-encodings-args script
* Add Modeline information
* Added packet-mrp-mvrp.c to CMakeLists.txt
svn path=/trunk/; revision=39477
Add dissector for public protocol Flight Message Transfer Protocol (FMTP)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6433
- Modified and moved col_add_fstr outside of if(tree)
- call data dissector for data
- use ENC_BIG_ENDIAN
- minor cleanups
svn path=/trunk/; revision=39403
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5929
From me:
packet-cipmotion.c:
FT_BOOLEAN fields with bitmasks need a bit-fieldwidth in the hf[] entry 'display' field;
Define attribute_size as guint32 since it has to store guint8*guint16;
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
Remove trailing whitespace from lines;
Other minor cleanup and reformatting.
packet-enip.c:
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
svn path=/trunk/; revision=39396
This is a dissector for the BRP (Bandwidth Reservation Protocol). This protocol
is used by various telecommunications vendors to establish VoD (Video
On-Demand) sessions between a STB (Set Top Box) at the customer's home and the
VoD server at the video head-end.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6428
- Changed hf blurbs to NULL
- Used dissector_add_handle() as the proposed port is registered to a different protocol.
svn path=/trunk/; revision=39254
New dissectors: (UA) Universal Alcatel Protocol and transport UAUDP
From me :
* Prefer proto_tree_add_item (when is possible)
* Use 4-space indenting
* Add Modeline information
* Fix Clang Warning
svn path=/trunk/; revision=39167
Add dissector for XMCP protocol.
From me:
- Fixed an obvious bug setting transaction_id_key[2].key = NULL,
where transaction_id_key is defined with only 2 elements.
- Only register heur_dissector once.
- Only find media_type_dissector_table once.
- Added packet-xmcp.c to CMakeLists.txt
svn path=/trunk/; revision=39131
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
The two patches attached allow the dissection of the Homeplug AV Ethernet MAC
management frames between a controlling device and a Homeplug AV Ethernet to
PLC adapter. This protocol is pretty similar to the previous generation
Homeplug protocol (dissected by packet-homeplug.c) but a couple of noticeable
differences make it require its own dissector handler.
This dissector is based on the work done by Nicolas Thill, Xavier Carcelle and
myself in the Faifa project (https://dev.open-plc.org).
The dissector handles the standard Homeplug AV Ethernet MAC management frames
(called public) as well as the Intellon specific management frames (vendor).
From me:
Remove unnecessary global variables.
Add to COL_INFO even when !tree.
Remove gotos.
Remove unnecessary includes.
svn path=/trunk/; revision=37403
The Locator/ID Separation Protocol [1] is being standardized within the IETF,
and it is nearing RFC status (pending security review). I have been maintaining
a dissector patch for about a year, see [2]. Feedback received indicates that,
among others, it is widely used by the developers of a large router vendor,
without issues.
In January I submitted the dissector for data plane packets as bug #5602, which
was committed as r35615. The patch attached to this bug adds support for
dissection of control plane packets.
[1] http://tools.ietf.org/html/draft-ietf-lisp
[2] http://lisp.ccaba.upc.edu/wireshark/
svn path=/trunk/; revision=36845
A new dissector for uTorrent Transport Protocol
From me :
* Add link to spec BEP-0029
* Add note about type/version
* Rework extensions loop
* Use 2-space indenting
svn path=/trunk/; revision=36715
Adds BMC protocol, including adding support for MAC and RLC CTCH channels to carry it.
From me:
Removed hf blurbs = def and removed check_col added tp CMakeList.
svn path=/trunk/; revision=36662
A patch to add ATM over TCP Dissector.
The dissector dissect only the ATMTCP header (VCI, VPI, Payload Length)
The data are not yet dissect, it is necessary to add a "UAT" (As with the K12
dissector) to indicate the type (ILMI, AAL, ATM...) of data (based on VCI/VPI)
svn path=/trunk/; revision=36354
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Patch to add a new dissector for Realm Specific IP (RSIP) as defined by
RFC 3102, RFC 3103, and RFC 3104.
This is a very basic dissector. It could be extended to do addtional RSIP
protocol violation testing. The dissector is written such that it should be
easy to add later.
svn path=/trunk/; revision=35653
The patch I am attaching here is for dissecting LISP data packets.
From me:
Minor cleanups.
Showing the reserved field.
Adding to all makefiles and release notes.
svn path=/trunk/; revision=35615
FCoIB – Fibre Channel over InfiniBand. The protocol enables transmission of
Fibre Channel frames over InfiniBand networks. It is based on encapsulation of
Fibre Channel frames over InfiniBand UD transport. The discovery protocol is
based on the FIP protocol (not supported by this patch).
This patch adds an FCoIB dissector to Wireshark. It is based in large part on
the existing FCoE dissection code.
This code is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=35475
Anders Broman