The offset used for BGP community tag dissection is a wrong one.
Bug: 10746
Change-Id: I1d1d443568bb97a0b3b95a312762ac0a3102326a
Reviewed-on: https://code.wireshark.org/review/5562
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Create filters (expert and hf_) that have the "most bang for the buck" (ie have many instances for a single filter)
Change-Id: I61995e41c5b298df77e084e65cdf30ebe95da1e6
Reviewed-on: https://code.wireshark.org/review/4086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add also a expert info when unable determine ASN length (2 or 4 bytes)
Bug: 10399
Change-Id: I24978e29e24f38c2e01e4b953a5a51496f0cf5a6
Reviewed-on: https://code.wireshark.org/review/3831
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
What mystical new compiler upgrade is this?
Change-Id: I89b3bfb53b9a19bbfb1cc8339d38cdc4a4652c62
Reviewed-on: https://code.wireshark.org/review/3347
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ib60ca75b7da8cfa21cfe2999c9b9448a02c332df
Reviewed-on: https://code.wireshark.org/review/2560
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
an hf[] entry but defined as a 'value_string' intead of
as a 'val64_string'.
Caused 'tshark -G values' to crash
(and presumably would also cause a crash when the value-string
is referenced in a dissection):
Introduced in svn #54728
(Note: There's still another 'tshark -G values' crash to to found & fixed)
svn path=/trunk/; revision=54983
BGPTYPE_LINK_STATE_ATTR is temporarily set to 99, would need change when IANA allocate a Path Attribute value for BGP-LS
From me :
* Fix indent
* fix arg encoding (via encoding-args tools)
svn path=/trunk/; revision=54728
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
Step 4 : Convert proto_tree_add_text calls to proto_tree_add_item and use new name of RFC4271 ( Withdrawn Routes Length ...)
svn path=/trunk/; revision=51184
Enhance BGP Dissector
Step 3 :Variable consistency and renaming, adding RFC and draft as comments (Preperation for next enhance...)
From me :
Fix some typo/whitespace
Make checkhf happy...
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
svn path=/trunk/; revision=51182
Within BGP Update message for BGP VPLS (RFC 4761) some parts of Extended Community "Layer2 Info" are incorrectly decoded:
1. Encapsulation - Unknown (0x13). Per RFC 4761 encap type 0x13 is "VPLS" (clause 3.2.4);
2. Control Flags - per RFC 4761 (clause 3.2.4) two least-significant bits (6 and 7) are defined as:
"C" (bit 6, Control Word): value 1 - Control Word is required - and value 0 - Control Word is not required; decoding is correct (at least for value 0);
"S" (bit 7, Sequence delivery): value 1 - Sequence delivery is required - and value 0 - Sequence delivery is not required; decoding is incorrect, because for value 0 (sequence delivery is not required) you provide description that "Sequence delivery is required".
Also, there is description (at the same string) "F Flag (reserved) set. IETF document draft-ietf-l2vpn-vpls-multihoming (clause 3.3.1) updates RFC 4761 and defines two additional bits within Control Flags byte - D (bit 0, "Down") and F (bit 2, "Flush"). You provide description that "F Flag (reserved) set" when this flag actually is not set (value 0). Furthermore, you don't provide description about status of flag D (in attached dump in the first packet flag D is set and unset in the second packet).
svn path=/trunk/; revision=50085
epan/show_exception.c, as it's used outside
epan/dissectors/packet-frame.c. Update their callers to include
<epan/show_exception.h> to get their declaration.
Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if
there's more stuff in the packet to dissect after the dissector call
that threw the exception, doesn't mean you shouldn't go ahead and
dissect that stuff. Use it in all those cases, including ones where
BoundsError was inappropriately being caught (you want those passed up
to the top level, so that the packet is reported as having been cut
short in the capture process).
Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that
correspond to running past the end of the data for a tvbuff; use it
rather than explicitly catching those exceptions individually, and
rather than just catching all exceptions (the only place that
DissectorError should be caught, for example, is at the top level, so
dissector bugs show up in the protocol tree).
Don't catch and then immediately rethrow exceptions without doing
anything else; just let the exceptions go up to the final catcher.
Use show_exception() to report non-fatal errors, rather than doing it
yourself.
If a dissector is called from Lua, catch all non-fatal errors and use
show_exception() to report them rather than catching only
ReportedBoundsError and adding a proto_malformed item.
Don't catch exceptions when constructing a trailer tvbuff in
packet-ieee8023.c - just construct it after the payload has been
dissected, and let whatever exceptions that throws be handled at the top
level.
Avoid some TRY/CATCH/ENDTRY cases by using checks such as
tvb_bytes_exist() before even looking in the tvbuff.
svn path=/trunk/; revision=47924
Enhance Route Refresh Capability : Add draft-ietf-idr-bgp-enhanced-route-refresh-02
Not yet support new NOTIFICATION error code : ROUTE-REFRESH Message Error (Value To Be Defined)
From me :
* Make some Route Refresh fields filterable
svn path=/trunk/; revision=45217
BGP bad decoding for Graceful Restart Capability with only helper support
BGP Capability in OPEN message: Graceful restart capability (64).
So when the length of the capability value is smaller that 6 (6 meaning full
support of GR capa, with significants elements and at least one AFI/SAFI), the
code interprets it as erroneous.
However,as described in RFC4724: " When a sender of this capability does not
include any <AFI, SAFI> in the capability, it means that the sender is not
capable of preserving its forwarding state during BGP restart, but supports
procedures for the Receiving Speaker (as defined in Section 4.2 of this
document). In that case, the value of the Restart Time field advertised by the
sender is irrelevant".
So, length of exactly 2 is valid but has to be interpreted with a particular
meaning.
In the dissector code, a length of 2 should be a special case for this capa,
decoding as "Graceful Restart helper mode only" or something like that, and
maybe also displaying an expert message if the Restart flag is not 0 in this
case, since here it's not expected to be possible.
svn path=/trunk/; revision=45216
Also (for a few files):
- create/use some extended value strings;
- remove unneeded #include files;
- remove unneeded variable initialization;
- re-order fcns slightly so prefs_reg_handoff...() at end, etc
svn path=/trunk/; revision=44438
Merge .h files into .c files since .h files unused elsewhere;
Do whitespace, indentation & formatting cleanup.
packet-acn.c:
Fix 2 minor bugs wherein subtree not displayed in packet-details
because tree variable used in proto_tree_add_text() always NULL.
svn path=/trunk/; revision=42647
* Make field filterable (3 proto_tree_add_text less ! but there are still 147 proto_tree_add_text...)
* Remove bgp_notify struct
* Use expert info to display a unknown error type
svn path=/trunk/; revision=40987
I've updated the bgp dissector code to support the mcast-vpn nlri. These nlri's
are used to implement multicast vpn (mvpn) and are fully described in
draft-ietf-l3vpn-2547bis-mcast-bgp-08.txt (section 4).
svn path=/trunk/; revision=39549
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
* Make field filterable
* Remove bgp_open struct
* Fix a bug of offset in Optionnel Parameter TLV (Bug include by me in Revision #39098)
svn path=/trunk/; revision=39321
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
Fix a wrong offset of RD Type 2 and display AS4 in asdot+ notation (Add a pref to chose the type of display for AS4 ?)
svn path=/trunk/; revision=39097
In some BGP captures the AS_PATH attribute was decode wrong, if the asn length determines automatically
From me:
Fix some whitespace...
Fix error: ‘for’ loop initial declarations are only allowed in C99 mode
Replace unsigned by guint
svn path=/trunk/; revision=38723
Malformed Packet in decode for BGP-AD (autodiscovery) update (RFC6074)
From me:
Add support of RFC6074 (BGP-AD) in BGP dissector.
Both BGP-AD and VPLS-BGP (RFC4761) use the same AFI/SAFI, The NLRI length must be used as a demultiplexer. (See RFC6074 Section 7 : BGP-AD and VPLS-BGP Interoperability)
svn path=/trunk/; revision=38601
Wireshark doesn't decode BGP.MP_REACH_NLRI.NLRI when RD type is 2(defined in
RFC4364:4.2)
From me:
Add RD type 2 (FORMAT_AS4_LOC) (not tested... based only on RFC spec..)
svn path=/trunk/; revision=38589
Some fixes for 'set but not used' errors that GCC 4.6 emits.
From me:
#include <stdlib.h> not req'd;
Do some whitespace cleanup.
svn path=/trunk/; revision=36906
Apply rev 25869 to most of the rest of the TCP-desegmenting dissectors.
(The SSL dissector was already updated in one of two spots with bug 4535/rev
32456.)
A couple of the patches had to be manually applied.
From me: Fix the comments to match the change (including in the TCP and SSL
dissectors.)
svn path=/trunk/; revision=36332
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
This is necessary in case a subdissector had changed it but was unable to
restore it (due to the exception).
Remove check_col().
svn path=/trunk/; revision=34436