For a GRE protocol type of 0x008E, check the "sequence number present"
bit in the GRE header, if it's available, to see if the packet has an
ERSPAN header or not, rather than checking the entire header to see if
it's zero. (If the GRE header isn't available, assume no ERSPAN
header.)
For a GRE protocol type of 0x22EB, always treat the packet as having an
ERSPAN header.
That matches more closely what the most recent I-D for ERSPAN said.
Bug: 16089
Change-Id: I21119411e8485854fca85fa701b994bfa4e73941
Reviewed-on: https://code.wireshark.org/review/34664
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use a correct right value_string table.
Change-Id: I75ca54dc040b123a460d67fc1b6d49d9e062a49e
Reviewed-on: https://code.wireshark.org/review/34651
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Show the value symbolically, and don't dissect the payload as an
Ethernet packet if the value isn't 0, meaning "Ethernet".
This gets rid of the mis-dissection of the payload in the capture
atttached to bug 16089, although it doesn't dissect it any further, as
we don't know how to dissect it.
Change-Id: I97fce0f7a4f4336339bc90271aa7b19c97831abe
Ping-Bug: 16089
Reviewed-on: https://code.wireshark.org/review/34649
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sadly, "cooked" means the GRE header isn't available; the extra data
pointer is null, so we can't dereference it.
Bug: 14548
Change-Id: I51ae67dcc144b7f5ab3c82dd9adf09b342b29ced
Reviewed-on: https://code.wireshark.org/review/26595
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass Type I vs. II/III via dissector data instead of pinfo
Append type to protocol name
Put vlan number into pinfo when appropriate
Put version 1 and version 2 dissection into separate blocks
Rename priority into cos (as per draft-rfc)
Add new subheader from draft-3
Change-Id: I6eb7fe7073a6cc92e2028b0491de5e0f3f036b4e
Reviewed-on: https://code.wireshark.org/review/26512
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
The patch adds support for parsing the 4 types of ERSPAN III platform
specific sub-header, if presented.
Change-Id: I1719fceb71ed40918e6b16f25a6355d78840f6c6
Signed-off-by: William Tu <u9012063@gmail.com>
Reviewed-on: https://code.wireshark.org/review/16702
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add link to ERSPAN protocol spec, remove obsolete comments, and
remove unnecessary 'if(tree)' check.
Change-Id: I1b4950777c84d62301c322afdfc876949db0d4ed
Signed-off-by: William Tu <u9012063@gmail.com>
Reviewed-on: https://code.wireshark.org/review/16675
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For ERSPAN type II (version == 1), the offset is shifted by 4 at the
end. As a result, the 'offset+=2' at the end of ERSPAN type III should
be in its own 'else' scope.
Change-Id: I64a55d5722e3f4f5672ca2a4228583b3b51559e1
Reviewed-on: https://code.wireshark.org/review/16568
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current ERSPAN II dissector does not support parsing EN field and Index.
The patch follows the field description in draft:
https://tools.ietf.org/html/draft-foschiano-erspan-01
Change-Id: I92ce56264be0fb2560c4d1a5da35738cf45a8c96
Reviewed-on: https://code.wireshark.org/review/16400
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a CF_FUNC macro to match VALS, TFS, etc. This should help us to avoid
the following warning:
warning: ISO C forbids initialization between function pointer and 'void *' [-Wpedantic]
We could start adding DIAG_OFF+DIAG_ON everywhere but this seems to be
more consistent with the other macros in proto.h. Update each instance
of BASE_CUSTOM to use CF_FUNC.
Adjust a dummy variable name generated by asn2wrs.py that was triggering
an invalid error in checkhf.pl.
Fix an encoding arguement in packet-elasticsearch.c found by
fix-encoding-args.pl.
Change-Id: Id0e75076c2d71736639d486f47b87bab84e07d22
Reviewed-on: https://code.wireshark.org/review/7150
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I5de4c34e2acafbe47a8ca3f07040a774e72d0d3e
Reviewed-on: https://code.wireshark.org/review/6787
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wireshark unable to parse ERSPAN from HP Comware platforms
Huawei GRE ERSPAN is not decoded properly
Add a pref to FORCE to decode directly Ethernet frame in GRE (with no ERSPAN Header)
svn path=/trunk/; revision=39687
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
indicate that the last 4 bytes of both types are similar.
So the extra bytes in type III are inserted before those
last bytes.
svn path=/trunk/; revision=34238
- Add decoding of direction bit for version 2 (type III) erspan.
Me:
- Decode the original direction bit as unknown in case of version 2.
- The original unknown3 value seems to indicate whether the packet
was too long to fit into a single mtu (trunkated).
- "Timestamp(s)" -> "Timestamp"
svn path=/trunk/; revision=34221
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
1. Priority field decode.
The 802.1q tag field of a frame is separated from its frame body in
a ERSPAN packet.
Current packet-cisco-erspan.c decodes only the vlan id field of the
802.1q tag.
This patch can also decode the priority field of the 802.1q tag.
2. Direction of a captured frame decode.
A ERSPAN packet includes the additional information of the direction
a captured frame as below.
If a caputred frame comes from outside to a switch port, this means an
'Incoming' frame. If a caputred frame goes out of a switch port,
this is an 'Outgoing' frame.
Added an extra unknown value for the bit between direction and spanid.
svn path=/trunk/; revision=22649
Guy Harris