Modbus Application Protocol Specification V1.1b includes a function 43 (0x2b)
Encapsulated Interface Transport. When Wireshark encounters this message it is
shown as a TCP message, not a Modbus message.
svn path=/trunk/; revision=26314
"tcp.stream", this will make it possible to sort packets by
tcp stream, filter tcp streams exactly, etc.
It is also the preparation for a fix for bug 1447
svn path=/trunk/; revision=26305
NFSV4 parsing of the GETATTR reply is broken. I'm not sure what is going on,
but I re-wrote the GETATTR parsing anyways and my version of the parsing does not
exibit the same problems.
svn path=/trunk/; revision=26304
The DNS dissector conflates KEY (used for TSIG) and DNSKEY records. Also, the
DNSKEY dissector doesn't parse the REVOKED flag, defined in RFC 5011.
The attached patch splits KEY and DNSKEY parsing, and adds support for REVOKED.
svn path=/trunk/; revision=26298
callback address/port with only 2 octets (high/low port) i.e. witout
specifying the ip address.
this caused wireshark to corrupt memory when trying to 0-terminate the
original string after the fourth '.' which happened to be beyond the
end of the string.
svn path=/trunk/; revision=26296
This is a dissector for ZRTP, the Zfone projects secure media protocol, developed by Phil Zimmermann.
It is updated to the latest IETF draft draft-zimmermann-avt-zrtp-08.
svn path=/trunk/; revision=26274
In case of cause pointing out ie "faults" use the correct "ie value_string".
in packet-isup.c use packet-e164.c for country code translation.
svn path=/trunk/; revision=26264
Decode SUA GT digits. This removes the (undecoded, raw BCD) FT_BYTES field
sua.global_title_signals and adds an FT_STRING field sua.global_title_digits
(like in SCCP).
svn path=/trunk/; revision=26262
The Kerberos dissector does not parse IPv6 addresses in AS-REQ messages.
Attached is a patch that adds IPv6 dissection support, and adds a new filter,
kerberos.addr_ipv6, which is analagous to the existing kerberos.addr_ip.
svn path=/trunk/; revision=26241
linux-wlan-ng source tree; just insert it verbatim into a big honking
comment, rather than trying to play Find The URL with it.
svn path=/trunk/; revision=26239
same as it would be for a LSSU of length 1 (see Q.703/11.1.2). Since the
second octet is undefined just display it was a hex FT_UINT8.
svn path=/trunk/; revision=26230
frame numbers before running the read filter], don't do the TSN
analysis. (We can't anyway because we don't have a valid frame
number...)
Without this change if you load a capture file in the
GUI while using a read filter, every SCTP TSN is marked as a
retransmission of that in frame 0.
svn path=/trunk/; revision=26226
Fix a final eth_fopen -> ws_fopen
When configuring with --without-zlib these functions need to have some parameters tagged _U_
svn path=/trunk/; revision=26212
Wrap dissect_q931_cause_ie() in a save version which clears the have_valid_q931_pi semaphore. This may remain set if a malformed q931 message causes an exception.
svn path=/trunk/; revision=26190
If we're running in TShark, there's never a GUI; clean up comments.
Merge a couple of if statements together, as the "true" branch of the
second statement is executed only if the "true" branch of the first
statement is executed.
svn path=/trunk/; revision=26158
Don't initialize a variable that's set (in the handoff registration
routine) before being used.
Now that we're GLib 2.0-only, use g_ascii_isalpha() rather than rolling
our own.
svn path=/trunk/; revision=26157
command, and use that in the parsing loop (that means we don't have to
treat 4-character commands and non-4-character commands separately).
svn path=/trunk/; revision=26155
Much as I hate white space changes, I got fed up of the huge variation of styles within these files, and tried to get to a much smaller range of variation. Also a few comment tidies, and use of _U_ for unused args rather than "arg = arg" lines.
svn path=/trunk/; revision=26140
do *not* modify the string handed to them - they g_mallocate a new
string and return it.
Create routines that *do* ASCII-only case mapping in place, and use them
instead.
Clean up indentation.
svn path=/trunk/; revision=26131
normal case, and dissectors with warnings are the exception; the
ultimate goal is to have only clean dissectors.
Move a bunch of now-cleaned-up dissectors into the "clean" category.
Fix a comment.
svn path=/trunk/; revision=26096
Create a set of warning-clean ASN.1 dissectors and build them with
-Werror, to try to prevent errors creeping back in. Put the P7
dissector there.
svn path=/trunk/; revision=26090
TS 29.060 v7.8.0 and later specify new flags in the Common Flags IE:
bit 5 - No QoS Negotiation
bit 6 - NRSN
bit 7 - Upgrade QoS Supported
The current Wireshark implementation has bits 5 and 6 reversed. Attached patch
fixes this issue.
svn path=/trunk/; revision=26084
flight on a tcp connection.
this is quite useful toghether with io-grapgs to track how much of the
tcp window that an application actually uses
svn path=/trunk/; revision=26067
1 new split file (GMM & SM in one file) and diff patches for the others. The RR, RP and BSSMAP patches are really a tidy-up: now they are split it becomes clear what was redundant code.
svn path=/trunk/; revision=26064
changes:
- fixed: display of kademlia hash (bug #2348)
- added: information on the meaning of the values of kad version, parameter of
message types KADEMLIA_REQ and KADEMLIA2_REQ, metatag sourcetype and metatag
encryption
- added: peer id, target id, recipients id, file id, keyword hash as variants
of kademlia hash (searchable as string now)
- added: xor between target id and recipients id
- fixed: ip adresses in taglist now displayed in dotted-decimal (instead of
int)
- fixed: some values in taglist were displayed in octal, it's hex now
- fixed: message type KADEMLIA2_BOOTSTRAP_REQ was wrongly marked as malformed
- added: differences in dissecting peer list 1.0 and peer list 2.0
- fixed: dissection of KADEMLIA2_SEARCH_KEY_REQ and KADEMLIA2_SEARCH_RES
- added: source-publishing and keyword-publishing in KADEMLIA_PUBLISH_REQ
- fixed: decompressed data are not displayed in a subtree anymore
svn path=/trunk/; revision=26063
suffices; have the heuristic dissector call the message dissector and
return FALSE if the message dissector returns 0 (meaning it's not a
STUN2 packet) and TRUE otherwise.
New-style dissectors don't return a Boolean, they return 0 if the packet
isn't a packet for that protocol and the number of bytes dissected
otherwise. (Yes, that's a problem if the length of the tvbuff handed to
the dissector is 0; that's why new-style dissectors aren't yet the
default.)
svn path=/trunk/; revision=26060
proto_tree * (yes, they're the same data type, but they're thought of
differently - it's a long story).
Just call the IE type in a Marvell vendor IE the "type". For IEs with
no known type, show the IE data as raw data, as is done with
Aironet/Cisco vendor IEs.
Get rid of an unused variable, and mark as unused an unused parameter.
svn path=/trunk/; revision=26050
The IEEE80211 part of "Add support for OLPC 802.11s-like mesh protocol".
With some changes to make it a bit more generic.
svn path=/trunk/; revision=26049
It takes a calculator to decode the timestamps. But no more!
Timestamps using the attached patch are displayed as follows:
Timestamp = MM:SS mmm absolute (UTM)
or
Timestamp = MM:SS mmm relative
where M is minutes, S is seconds, and m is milliseconds.
This is in accord with 'IEEE Std 1278.1-1995' section 5.2.31.
svn path=/trunk/; revision=26047
RR has been split from DTAP, with common stuff going to the common files (plus a few minor knock-on consequences).
Fix the broken tap:
I had not realised that the register_tap call in the dissector registration actually _created_ the tap entry (not the register_tap_listener), and not just associated the tap_id returned with the tap registered by the listener. The use of separate statics by the split lead to 3 taps called "gsm_a", but only the first of which was ever found in the tap_queue_packet. Added (yet another) global for now to cope.
Also attached is a patch to tap.c which simply returns the same tap_id if the register_tap is called twice with the same name - I can't see any downside to this, can you? Anyway it seemed to work with deliberately keeping multiple calls.
svn path=/trunk/; revision=26039
Add all message ids in ack to the info column.
Changed data types for sequence number and total number of pdus.
Untabify file.
svn path=/trunk/; revision=26031
bug 2791.
Don't use "-o" in the PortAudio compilation flags. If we're running Visual
C++ 2008, don't use "/Zd" when compiling packet-rrc.c. Fixes bug 2795.
svn path=/trunk/; revision=26023
Support WAVE Short Message Protocol IEEE P1609.3(WSMP).
Slightly modified to display the message as Data as from the supplied trace it looks not to be text.
The packet-ieee80211.c patch is not included as the trace in question shows malformed packets.
svn path=/trunk/; revision=26022
This proposed patch adds decoding and filtering support for:
*draft-ietf-ospf-manet-or-00
*draft-ietf-ospf-af-alt-06
to packet-ospf.c
Some code cleanup added
svn path=/trunk/; revision=26011
rfc4938 defines two credit granting mechanisms, out-of-band and inband. The
current decoding mechanism in packet-pppoe.c only decodes out-of-band credit
grants. This patches addresses decoding of inband credit as well. In
addition, I added filters for these tags in the pppoes packets. Previously,
the common pppoe filters were under the pppoed filter registration, but now
since there are pppoed and pppoes filters, I moved them out on their own.
svn path=/trunk/; revision=26009
and we don't want to use it in any case, as PRI[duox]64 might be
different from G_GUINT64_MODIFIER followed by [duox], and the latter is
what GLib's formatter supports, and that's the formatter we use.
svn path=/trunk/; revision=25996
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
Have the IAX2 dissector include <epan/aftypes.h> and use the Linux AF_
values from it. Point to the IAX2 I-D, and add some clarifying
comments.
svn path=/trunk/; revision=25962
Desktop Pass-Through protocols use them.
Use those values in the dissectors for those protocols.
In the Desktop Pass-Through dissector, define the Winsock SOCK_ values
ourselves, and get the IP protocol values from <epan/ipproto.h>. Don't
include now-unnecessary system headers in that dissector.
svn path=/trunk/; revision=25959
(Note just checking in the new files not yet added to the build process on purpose
the changes to packet-ipmi.c is also not done yet - Anders).
Generic changes:
- IPMI session wrapper dissection has been separated from the dissection of
IPMI itself. This will allow for possible dissection of captures directly
from IPMB (as the IPMB messages lack the IPMI session wrapper).
IPMI changes:
- Implemented request-response matching for IPMI sessions. This makes easy
serves two purposes: first, it allows for easy location of response to a
certain request and vice versa. Second, it allows for dissection of
responses where response format depends on the request data.
- IPMI dissector can now dissect much broader set of commands.
- Command-specific completion codes are now handled.
- The dissector is able to parse IPMI commands embedded into other IPMI
commands (for now, only Send Message; Get Message and Forward Message
can be implemented later). Such embedded commands also matched with
responses to them.
svn path=/trunk/; revision=25948
Added a mask to drop the high order byte of a short to isolate the protocol ID.
Also lowered the length restriction to support shorter packets for PPPoEoA.
svn path=/trunk/; revision=25944
Extended the cldap desector to include all the current netlogon response data
types.
Expanded the cldap netlogon ntver option to be a bit mask of the search flags
Updated the DS flags fields to include Windows 2008 options.
svn path=/trunk/; revision=25942
when we check and ignore the two names "." and ".."
we must do so for both methods a caller can provide the name :
offset into a tvb, as well as a char* to a string.
also add ->full_name in the dissection to the replies so that fh
matches
both request and reply and not ->name
svn path=/trunk/; revision=25941
The attached patch fixes a bug in the dissection of the StatusResponse,
where device-specific error code is only 6 Bytes long instead of 8 Bytes.
Additionally, I changed the spelling (i.e. the case) of "Ethernet
POWERLINK" to the new preferred one of the EPSG.
svn path=/trunk/; revision=25929
All I've done in these is to split the 3 obviously distinct protocols (BSSMAP & RP) from the still-large (and wrongly-named) DTAP (really the whole of layer 3 - it includes RR and packet parts too).
So far I've only split in a "minimum change" manner - there is clearly some tidying and structure enhancement of how the common bits are used, removing the globals just added, and great scope for consistency of white space, improved naming etc. - but I thought it best to keep it very close to the original initially to establish the split.
With some changes to make it compile on Windows.
svn path=/trunk/; revision=25917