Add the fragment to the defragmentation sequence if the SMTP dissector
encouters a packet that contains both a DATA fragment and the terminating
\r\n.\r\n sequence.
svn path=/trunk/; revision=26419
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
The decoded value of Size Packet shown as "From the calling DTE" is the value
of "From the called DTE".
When the size packet to negotiate has any of 512, 1024, 2048 or 4096 bytes, the
value shown decoded is erroneus.
The patch attached also includes new decoded facilities:
- Extended CUG selection.
- Extended access outgoing CUG selection.
- Extended RPOA selection.
- NUI selection.
- Charging info selection.
- Call dureation.
- Segment Count.
- Monetary Unit.
svn path=/trunk/; revision=24932
This plugin implements a dissector for Infiniband. It is released
under the GPL v2.
Rather than using say libpcap to capture raw (unframed) IP packets
from near the top of an IPoIB stack, this plugin dissects link level
Infiniband frames.
Infiniband trace files can be read from Endace ERF format trace
files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND
records. There is currently no native DLT_INFINIBAND in libpcap.
Each record contains a hardware timestamp, capture metadata such as
port Id, and a complete link level Infiniband frame starting from
the Local Route Header.
svn path=/trunk/; revision=24628
This patch adds some new ENCAP and FILE types for wiretap. It also adds new
entries to pcap_to_wtap_map[] to provide a mapping of the new types to some
pcap DLTs.
svn path=/trunk/; revision=24622
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
This is a new dissector plugin for Hilscher analyzer frames.
These frames are generated by Hilscher analyzer products and are identified via
their unique source MAC address (this is a reserved MAC from Hilscher-range and
will never be used by another network device). Most likely these frames are
only generated on a virtual network interface or the generating device is
attached directly via patch cable to a real network interface, but not routed
through a network. The Ethernet-header (destination MAC, source MAC and
Length/Type) is not displayed in the protocol tree for these frames as this is
overhead-information which has no practical use in this case.
Note:
This is a heuristic Ethernet dissector which means it gets called for every
Ethernet frame. So as to not cause a performance hit for most Wireshark users
it has a preference which, by default, disables the dissector.
svn path=/trunk/; revision=24495
a list of fields, prints the field values found in each packet.
Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http".
svn path=/trunk/; revision=24339
Add a dissector for the Scripting Service Protocol provided as part of the
RSPLIB package. RSPLIB is an Open Source implementation of the upcoming
Reliable Server Pooling standard. The scripting service is an application
for load distribution, based on Reliable Server Pooling.
From me:
Shorten the protocol name to SSP.
svn path=/trunk/; revision=24276
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
Fix the bug related to Option template:
- System scope (check that options scope size is == 4, not <= 4)
- Interface scope (same)
Same fix for fields BytesExported PacketsExported FlowsExported.
Also fix some tabulations in a previous patch related to IPv6 Addresses.
svn path=/trunk/; revision=24138
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
Error message when capturing too short WTAP_ENCAP_USB_LINUX type packets
contains a copy-paste typo.
From me:
Fix some addresses in AUTHORS.
svn path=/trunk/; revision=23882
Patch to do the following:
1) Dissect CIE Lists in NHRP Extensions
2) Dissect original NHRP packet in Error Indication
3) Support for Cisco NAT extensions
4) Support for Cisco NHRP Traffic Indication packet
svn path=/trunk/; revision=23587
quit. Temporary coloring filters can be set by:
- pressing <ctrl>-<digit> will create a conversation coloring filter based on the
addresses of the currently selected packet (order TCP/UDP/IP/Ethernet)
This can also be achieved from the "View|Colorize Conversation" menu.
- Rightclicking on a packet in the packet-list will give the option to
"Colorize Conversation" just as "Conversation Filter" does.
- Rightclicking on an item in the packet-detail-list will give the option to
"Colorize with filter" which works similar to "Apply as filter"
Temporary filters can be cleared from the same menus or by pressing <ctrl>-<space>.
This patch also adds an item to the above mentioned menu's to add a permanent color filter
in the same way.
The colors for the temporary coloring rules are now hardcoded as I do not know
how to change the color of menu-items and therefore I chose to use icons to
show the actual color of each of the ten temporary coloring rules. Is it at all
possible to have different menu items in different colors?
One other way of solving this is to recreate the icons on the fly after changing
the colors. I will have a look into that once it is clear whether I can use
different colors within the menu structure.
svn path=/trunk/; revision=23560
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
