New "Fax T38 Analysis" added to the "Statistics" menu to:
- Reassemble the HDLC t30 frames and dissect the header.
- Analyze the UPDTLPacket seq num for packet lost
- Stats of V.x Data:
- Count the Data bytes
- Duration
- Wrong seq num
- Max Burst of packet lost
svn path=/trunk/; revision=16073
X420 - incorrect ExtendedBodyPart handling
ACSE - support for implicitly tagged EXTERNALs and dissection based upon direct-reference RTSE - same change for RTSE EXTERNAL handling as above CMS - support for ContentType, MessageDigest, SigningTime and CounterSignature attributes ESS - support for ESSSecurityLabel and EquivalentLabels attributes
svn path=/trunk/; revision=16072
allows the dissection of ContentInfo based upon it's OID - something that is used for a secure X.400 messages (Protecting Content Type (PCT)).
svn path=/trunk/; revision=16069
00-iax.diff
Modifications to the IAX2 dissector so that it offers desegmentation to
subdissectors using the same API as TCP offers (pinfo->desegment_len etc)
01-amr.diff
Modifications to the AMR dissector to allow AMR IF2 data to be dissected via
call_dissector() from packet-h223.c. This patch also causes the AMR dissector
to append the frame type string to the info column, so that the info column
shows what protocols an H.223 frame contains.
02-h263-data.diff
Modifications to packet-h263.c to separate the dissection of h.263 RTP
encpasulation from the dissection of the actual h.263 data. The data
dissection functions are added as a second dissector. This data-only
dissector is used to dissect the video channel in our h.223 streams. As with
the AMR modification, this makes the H.263 dissector append to the info
column.
svn path=/trunk/; revision=16068
uses proto_item_append_string(). The visibility hack must be present, otherwise
a dissector assert is generated within the MMSE dissector.
svn path=/trunk/; revision=16060
A patch to allow the JXTA dissector to pass fuzz testing. It
also removes a couple of unused things and optimizes handling of the raw
data dissector.
svn path=/trunk/; revision=16051
the lines of what's done for RADIUS. That keeps them together (and
separate from other files), and makes the layout of the top-level source
directory closer to the layout of the installation directory, so that if
you run Ethereal or Tethereal from the top-level directory on Windows
it'll pick up the Diameter dictionary files (if it supports loading
them), and can do so on UN*X if we support a mechanism to let it find
its control files in the directory in which the binary resides.
Use the diameter_DATA, dtds_DATA, and radius_DATA macros in the
EXTRA_DIST macro, so you only have to change the lists of Diameter, DTD,
and RADIUS files in one place if you add or remove a file.
svn path=/trunk/; revision=16050
I've changed all settings I could find to TRUE. It might be reasonable to change some protocol settings back to FALSE, if reassembling fails very often.
svn path=/trunk/; revision=16048
- add a tvbparse_handle() (for recursion)
- change tvbparse_until() to allow more control when parsing
- make the wanted control an union so that different types of data can be used
packet-xml.c:
- change the parser definition to match changes to tvbparse_until()
svn path=/trunk/; revision=16045
and not free the string to which it points. Pass to
REPORT_DISSECTOR_BUG() strings allocated with ep_strdup_printf(), so
that they're freed automatically.
svn path=/trunk/; revision=16039
set it to a value that should indicate that the opcode is unknown, and
also indicates what the value is. (Especially don't do it without
calling check_col() to check whether we *should* change the info column,
as we'll dereference a null pointer if we shouldn't; this change should
fix bug 489.)
svn path=/trunk/; revision=16038
- tvbparse_some now handles 0 items.
- added accessors for a tt's offset and remaining length.
in packet-xml:
- min_len=0 for tvbparse_chars() is soon going to mean zero instead of 1 change the 0s to 1s.
- attribute names can have ':' even if it's namespaces isn't managed yet.
- split the xml grammar in more elements so It can be actually read by a human being.
svn path=/trunk/; revision=16031
ito make it easier to read use doublespace to separate the items on the expansion line instead of ',' since so many of the strings contain spaces.
cleanup fc slightly and remove a redundant parameter
svn path=/trunk/; revision=16019
shorter than 2 bytes, and make the item for an AVP with a length < 2 a
generated item.
Put the top-level item for an AVP into the tree the same way regardless
of whether it's Vendor-Specific or not, and skip past the type and
length right after that, before we check for Vendor-Specific. (This
means we no longer treat "vendor ID = 0" as an indication that this
isn't Vendor-Specific - nothing prevents a packet from getting onto the
wire with a vendor ID of 0; this fixes bug 485.)
Don't require a Vendor-Specific AVP to be at least 6 bytes long; it
might not be particularly useful to have one that has a vendor ID and
nothing else, but we might as well dissect the vendor ID portion.
Do some other cleanups.
svn path=/trunk/; revision=16015
- The incorrect number of octets were highlighted (bearer type and port number
were disregarded).
- In SIR version 1 content, correct the parsing (full WSP address length was
not added to the offset for parsing the non-WSP contact points).
svn path=/trunk/; revision=16012
rewrite the functions to do proto_item_append_text() instead of building a string and then printing it.
The new function is functionally equivalent to the previous function except it does not print the values of the multi-bit fields to the expansion
(the expansion line is already a km wide as it is)
there are now only 202 strcpy() left in epan/dissectors down from 300+ instances some weeks ago.
svn path=/trunk/; revision=16009
numbers. (Currently, we don't have any dictionary entries with that
type, although we have an attribute with special code to handle it that
uses that type.)
Specially handle Framed-IP-Address, Login-IP-Host, and
Framed-IPX-Network, so that the special values are displayed specially.
Clean up indentation.
Don't specify a number base for IPv4 or IPv6 addresses; the number base
is ignored.
svn path=/trunk/; revision=16008
stun - add support for 3 extra Message Attributes as described in draft-ietf-behave-rfc3489bis-00
ymsg
- avoid looking beyond the tvb while looking for content item delimiters (causing most frames to be shown as malformed packet)
- makes content items (and their keys and values) filterable (includes fix to bug 415)
svn path=/trunk/; revision=16005
end of the data in the tvbuff should stop when the offset is >= the
total amount of data in the tvbuff, not when it's > the total amount in
the tvbuff following the starting offset.
In "unpack_digits()", return a null string, not a null pointer, if
there's nothing left in the tvbuff starting at the starting offset, so
that the caller doesn't have to check for a null pointer, and return an
ep_alloc()ed buffer, so the caller doesn't have to worry about freeing
the result.
If we see a filler digit, don't advance the offset in the string buffer;
we want to put the terminating '\0' right after the character we just
put into the string.
Fuzzed against some GSM captures.
svn path=/trunk/; revision=16002
"dissect_dcerpc_cn_bs_body()", it's because it recognized the packet as
a DCE RPC packet, but it ran out of data dissecting it as such;
increment the count of DCE RPC PDUs, so "dissect_dcerpc_cn_bs_body()"
returns TRUE, and its caller doesn't think nothing was dissected.
Fuzzed with some DCE RPC captures.
svn path=/trunk/; revision=16000
and get rid of the silly strcpy() stuff.
there is a HUGE number of these kinds of very ugly bitmap dissection in all the fibre channel related dissectors and all need to be converted to proer dissection.
svn path=/trunk/; revision=15994
Hi, I fixed some bugs to decoding IKEv2 payloads. the following things
have been checked at the IPsec bake off in Toronto this week.
- fixed decoding IP address in TS payload
- fixed decoding IPv6 address in ID payload
- fixed decoding IKEv2 Delete payload
- SPI printing
svn path=/trunk/; revision=15987
some Siemens SIMATIC protocols also use COTP, and shouldn't be
misinterpreted as SES.
the starter in this case is fixed to 0x32 (SES_MINOR_SYNC_ACK for SES),
so if the following parameter type is unknown, it's probably SIMATIC and not SES
svn path=/trunk/; revision=15966
putative octet string isn't one; always check before using it to
dissect, and don't call the dissector if the tvbuff is null. This
should fix bug 472.
svn path=/trunk/; revision=15946
at the same time change ntp_fmt_ts to return a pointer to ian ep-allocated buffer.
remove the redundant buffer parameter in the signature and change all callers.
svn path=/trunk/; revision=15939
we use to determine how to interpret the token; don't bother fetching
the OID attached to the frame or conversation, as we're not using it.
Indent code in the .cnf file to match the code generated by asn2eth.
The mechListMIC in a NegTokenInit is sometimes a sequence containing a
string; check the header of the mechListMIC and dissect it as such a
sequence or as a regular item depending on whether it's a sequence or
not.
If we see a supportedMech in a NegTokenTarg, save next_level_value for
that OID with the conversation.
Dissect a responseToken in a NegTokenTarg, and a mechListMIC in a
NegTokenTarg, appropriately.
Get rid of "gssapi_dissector_handle()", and just use
next_level_value->handle - it was never being called if next_level_value
was null.
When we're dissecting a KRB5 blob, just use get_ber_identifier() to get
the header, so we don't report an ASN.1 error if there isn't a BER
identifier there; dissect the identifier and length only if we know we
have them.
svn path=/trunk/; revision=15937
almost none of the data - fill in only variables for what we need, and
use proto_tree_add_item() in most cases.
Move what's left of the packet-winsrepl.h header into packet-winsrepl.c,
and get rid of the header.
Dissect the name flags field in detail, as per the Samba code.
We don't do any checks for whether the packet is a valid WINS
replication packet, so don't make the dissector a new-style dissector.
svn path=/trunk/; revision=15936
almost none of the data - fill in only variables for what we need, and
use proto_tree_add_item() in most cases.
Move what's left of the packet-winsrepl.h header into packet-winsrepl.c,
and get rid of the header.
Dissect the name flags field in detail, as per the Samba code.
We don't do any checks for whether the packet is a valid WINS
replication packet, so don't make the dissector a new-style dissector.
svn path=/trunk/; revision=15935
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
- #.FN_BODY accepts parameters too
- single line variant of #.FN_PAR is possible
- new parameter FN_VARIANT for OBJECT IDENTIFIER
packet-per.c
- dissect_per_object_identifier() returns value as tvb
- new dissect_per_object_identifier_str() function
PER dissectors adapted and regenerated
svn path=/trunk/; revision=15894
m3ua and not the binary one.
make the binary dissector check if it is really the text based one to be used and if so
call that dissector instead.
svn path=/trunk/; revision=15862
show the value of 1 1111 as "Continued" in the bitfield and the actual
tag value in the following bytes.
Show the BER identifier data before an OID if we're showing internal BER
fields.
svn path=/trunk/; revision=15856
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
into the protocol tree once.
Fix the offsets and lengths used to put the variable binding values into
the protocol tree.
svn path=/trunk/; revision=15837
This makes Ethereal build again - there's no real reason that
ethereal fails to build for such a long time on so many platforms.
svn path=/trunk/; revision=15835