done.
Use the wtap_dump_file_ routines to write out capture files, and check
for errors.
Use the phton macros, when available, to translate to big-endian byte
order. Add a new phton24() macro.
Clean up indentation.
svn path=/trunk/; revision=33114
everybody use it; the places using the old wtap_dump_file_write() were
using it in the same way the old wtap_dump_file_write_all() did.
That also lets us get rid of wtap_dump_file_ferror().
Also, have the new wtap_dump_file_write() check for errors from
gzwrite() and fwrite() differently - the former returns 0 on error, the
latter can return a short write on error.
svn path=/trunk/; revision=33113
Remove unneeded "gtk_tree_path_free(path);" from case
"GDK_Return:" in tree_view_key_pressed_cb() that was reverted in r32957 to restore X11 functionality lost in refactored code from r32323.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4847
svn path=/trunk/; revision=33112
ones; it appears that at least one user's -ligemacintegration has both
(see bug 4823), and we should choose the new ones in that case.
Also, always set have_ige_mac if we have the functions.
Fix tpyoes while we're at it.
svn path=/trunk/; revision=33106
When specifying SA keys for AES-CTR, Wireshark expects a key length of 160, 224
or 288 bits, (i.e. 128, 192 or 256 bits, followed by the 32 bit nonce value),
but gcry_cipher_setkey() in packet_ipsec.c fails, as it expects 128, 192 or 256
bits.
Omitting the nonce won't work -- even if Wireshark liked those key lengths,
gcrypt wouldn't be able to decrypt without it.
svn path=/trunk/; revision=33105
Add the data read/write length to the NFS tree so it is filterable.
From me: don't bother incrementing the offset just to decrement it again.
Change the hf info a bit.
(Ideally the RPC dissector would add the length to the tree not as a text
item; that is left for future work.)
svn path=/trunk/; revision=33101
for example, that, if it's a TShark tap, TShark can never be run with
"-w -", as it means that TShark will always have to dissect the packets.
svn path=/trunk/; revision=33098
called GTs (if RI=GT) put in the (pinfo) source and destination (and thus into
the source and destination columns).
This may help (if the PCs change but the GT does not) or hurt (if the GT or RI
change but the PCs do not) TCAP's ability to identify which messages belong to
which TCAP "session."
svn path=/trunk/; revision=33097
destination address PC or GT (depending on the RI) put in the (pinfo) source and
destination (and thus into the source and destination columns).
This may help (if the IP addresses change but the PC or GT do not) or hurt (if
the PC, GT, or RI change but the IP addresses do not) TCAP's ability to identify
which messages belong to which TCAP "session."
svn path=/trunk/; revision=33094
New dissector (plugin) to support decode of the EPCglobal Low-Level Reader
protocol (see llrp.org for more information). This dissector has passed fuzz
testing.
svn path=/trunk/; revision=33088
Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
"The method used in packet-nfs.c to calculate a 32-bit hash representing the
32-byte filehandle is faulty in that the hash often matches multiple
filehandles."
"This patch uses CRC-32 to calculate the hash.
We (EMC GNS) have tested this patch for the past two years and we have not
found a single case where the hash matched more than one filehandle."
See Bug #4839: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4839
svn path=/trunk/; revision=33079
Avoid triggering a malformed packet error when decoding a simple UE terminated Detach Request when the EMM cause IE is not present:
svn path=/trunk/; revision=33071
Add field 'nfs.ops.count' in the detail pane of NFSv4 calls and replies that
displays the number of operations in NFSv4 COMPOUND requests/replies.
From me: change the blurb wording a bit.
svn path=/trunk/; revision=33069
Display the fsid (filesystem ID) in decimal as well as hex in the "attributes"
section of the header in NFSv3/v4 replies.
svn path=/trunk/; revision=33068
Mesa moved its API description file again.
Also, while I'm here, I noticed that they stopped using signed tags, so add
--tags to "git describe" for a better description of the mesa version used to
build the X11 dissector.
svn path=/trunk/; revision=33067
"v10 of the packet format was added recently and could be added
to the wireshark dissector"
See: Bug #4833: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4833
From me:
- Fix a compile error: ...version=tvb_get_ntohs...
- Fix a missing = NULL.
svn path=/trunk/; revision=33066
Note that the number of UDVM cycles MUST NOT be increased if a
request for additional compressed data fails.
so we *shouldn't* increase the cycle count further when
SIGCOMP_INSTR_INPUT_BYTES fails. That does *NOT* of course, mean that
we shouldn't increase the cycle count by 1 for a failed INPUT-BYTES
instruction - that would leave UDVM vulnerable to infinite loops (as per
bug 4826), and I *really* doubt that was their intent; presumably, it
means it should not be increased *by the number of cycles for the
additional data*:
Additionally, if the UDVM successfully requests n bits of
compressed data using one of the INPUT instructions then the
number of available UDVM cycles is increased by n *
cycles_per_bit once the instruction has been executed.
if the attempt to get that additional data fails.
svn path=/trunk/; revision=33065
From reading the rawshark(1) manpage my assumption was that rawshark
could be used like
$ /usr/bml/bin/rawshark -s -r test.pcap -d encap:EN10MB ...
However rawshark either expects the -r argument to be -
(read from stdin) or a pipe which results in the following error
message:
rawshark: ".../test.pcap" is neither an interface nor a pipe
The proposed rawshark.pod patch updates the -r description to
the implemented rawshark functionality.
The patch also applies to the current SVN version.
svn path=/trunk/; revision=33063
"Different people made changes to enhance the batman-adv dissector. It seems
that the batman dissector wasn't touched and misses those changes. Following
patchset should improve the dissector the same way Gerald Combs, Guy Harris and
Bill Meier improved batman-adv."
See Bug #4384: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4834
From me: Add back a few 'if (check_col()) ...';
I probably went just a bit too far in changes I made in packet-batadv.c
svn path=/trunk/; revision=33062