and we don't want to use it in any case, as PRI[duox]64 might be
different from G_GUINT64_MODIFIER followed by [duox], and the latter is
what GLib's formatter supports, and that's the formatter we use.
svn path=/trunk/; revision=25996
Display FQDN binary encoded name as text
Ensure that get_dns_name does not cross packet sub boundry
From me:
Preserve the usage of bootp.fqdn.name as a display filter
svn path=/trunk/; revision=25981
Added TeamSpeak2 dissector
From me:
- Made all local functions static
- Renamed my_vals to conv_vals
- Call correct function to parse LOGINEND
- Fixed some obvious errors in typenames list
- Fixed some indentation
svn path=/trunk/; revision=25973
Have the IAX2 dissector include <epan/aftypes.h> and use the Linux AF_
values from it. Point to the IAX2 I-D, and add some clarifying
comments.
svn path=/trunk/; revision=25962
Desktop Pass-Through protocols use them.
Use those values in the dissectors for those protocols.
In the Desktop Pass-Through dissector, define the Winsock SOCK_ values
ourselves, and get the IP protocol values from <epan/ipproto.h>. Don't
include now-unnecessary system headers in that dissector.
svn path=/trunk/; revision=25959
(Note just checking in the new files not yet added to the build process on purpose
the changes to packet-ipmi.c is also not done yet - Anders).
Generic changes:
- IPMI session wrapper dissection has been separated from the dissection of
IPMI itself. This will allow for possible dissection of captures directly
from IPMB (as the IPMB messages lack the IPMI session wrapper).
IPMI changes:
- Implemented request-response matching for IPMI sessions. This makes easy
serves two purposes: first, it allows for easy location of response to a
certain request and vice versa. Second, it allows for dissection of
responses where response format depends on the request data.
- IPMI dissector can now dissect much broader set of commands.
- Command-specific completion codes are now handled.
- The dissector is able to parse IPMI commands embedded into other IPMI
commands (for now, only Send Message; Get Message and Forward Message
can be implemented later). Such embedded commands also matched with
responses to them.
svn path=/trunk/; revision=25948
Added a mask to drop the high order byte of a short to isolate the protocol ID.
Also lowered the length restriction to support shorter packets for PPPoEoA.
svn path=/trunk/; revision=25944
Extended the cldap desector to include all the current netlogon response data
types.
Expanded the cldap netlogon ntver option to be a bit mask of the search flags
Updated the DS flags fields to include Windows 2008 options.
svn path=/trunk/; revision=25942
when we check and ignore the two names "." and ".."
we must do so for both methods a caller can provide the name :
offset into a tvb, as well as a char* to a string.
also add ->full_name in the dissection to the replies so that fh
matches
both request and reply and not ->name
svn path=/trunk/; revision=25941
The attached patch fixes a bug in the dissection of the StatusResponse,
where device-specific error code is only 6 Bytes long instead of 8 Bytes.
Additionally, I changed the spelling (i.e. the case) of "Ethernet
POWERLINK" to the new preferred one of the EPSG.
svn path=/trunk/; revision=25929
All I've done in these is to split the 3 obviously distinct protocols (BSSMAP & RP) from the still-large (and wrongly-named) DTAP (really the whole of layer 3 - it includes RR and packet parts too).
So far I've only split in a "minimum change" manner - there is clearly some tidying and structure enhancement of how the common bits are used, removing the globals just added, and great scope for consistency of white space, improved naming etc. - but I thought it best to keep it very close to the original initially to establish the split.
With some changes to make it compile on Windows.
svn path=/trunk/; revision=25917
packet-multipart.c:179: warning: unused parameter 'name'
( restore a bit of previous code)
Move inclusion of tvbuff.h to base64.c
svn path=/trunk/; revision=25909
This patch
(1) fixes to decode IPFIX packets.
The revision 25601 warns and be not able to decodes IPFIX packets fully,
because the array "hf_register_info" does not have an entry
"hf_cflow_datarecord_length", and a length check for IPFIX packets is incorrect
in "dissect_netflow" function.
(2) is able to decode all Information Elements standardized by RFC 5102
(3) is able to decode IPFIX templates and data that contains PEN (Private
Enterprise Number) fields standardized by RFC 5101, and is able to decode
bi-directional flow standardized by RFC 5103.
svn path=/trunk/; revision=25905
A dissector returning int should return the length consumed of the tvb and be
registered with new_register_dissector();
svn path=/trunk/; revision=25896
The MEGACO dissector issues an error when a command "AuditValue" is captured
[Packet size limited during capture: MEGACO truncated], but the packet seems to
be OK. See the example attached.
svn path=/trunk/; revision=25868
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
Still seeing these errors...
packet-dcm.c: In function `dcm_uid_or_desc':
packet-dcm.c:960: warning: pointer type mismatch in conditional expression
packet-dcm.c: At top level:
packet-dcm.c:229: warning: 'dcm_desegment_headers' defined but not used
svn path=/trunk/; revision=25828
multiple PDV per PDU support
- Support multiple PDVs per PDU
- Better summary, in PDV, PDU header and in INFO Column,
e.g. show commands like C-STORE
- Fixed Association Reject (was working before my changes)
- Fixed PDV Continuation with very small packets. Reduced minimum packet
length from 10 to 2 Bytes for PDU Type 4
- Fixed PDV Continuation. Last packet was not found correctly.
- Fixed complilation warning (build 56 on solaris)
- Fixed tree expansion (hf_dcm_xxx)
- Added expert_add_info() for Assoctiation Reject
- Added expert_add_info() for Assoctiation Abort
- Added expert_add_info() for short PDVs (i.e. last fragment,
but PDV is not completed yet)
- Clarified and grouped data structures and its related code
(dcmItem, dcmState) to have consistent _new() & _get() functions
and to be be according to coding conventions
- Added more function declaration to be more consistent
- All dissect_dcm_xx now have (almost) the same parameter order
- Removed DISSECTOR_ASSERT() for packet data errors.
Not designed to handle this.
- Handle multiple DICOM Associations in a capture correctly,
i.e. if presentation contexts are different.
svn path=/trunk/; revision=25824
(Done for consistency although not strictly required in these cases);
(Also: so no kickouts on this file when doing automated checking
for missing NULL termination elements in value-string arrays).
svn path=/trunk/; revision=25794
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
packet-gsm_a.c:4914: warning: comparison between signed and unsigned
packet-gsm_a.c:4944: warning: comparison between signed and unsigned
svn path=/trunk/; revision=25772
Tigran Mkrtchyan: decode and display fattr4_fs_layout_types.
Thijs Stuurman: Synchronize names used by wireshark with those used in
latest pnfs draft.
J. Bruce Fields: Use large default max_rpc_tcp_pdu_size setting
The linux server will do up to 1M these days, so the current default is
very likely to discard all reads and writes from such a server.
Thanks to Jim Rees for catching this.
Jeff Morriss: limit the max_rpc_tcp_pdu_size increase to 4M instead of the 16M
proposed. Memory is cheap but still not unlimited.
svn path=/trunk/; revision=25769
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
The #defines for PADG, PADC, and PADQ are incorrect and these packets are
showing up as unknown.
I would be happy to fix this bug as I would like to enhance the current support
for rfc4938 and rfc4938bis to include filtering and inband credit grant decoding.
svn path=/trunk/; revision=25766
the GLIB version instead.
Reindent some (does someone have their tabstops set to 4?).
Create and use some #defines instead of hard-coded values. For example,
replace 0x00 with ANSI_X34 in both the value_string and the case statement.
(This file could use a lot more of such changes.)
packet-bacapp.c appears to compile cleanly now so move it to
CLEAN_DISSECTOR_SOURCE.
svn path=/trunk/; revision=25758
pointer to that pointer - unlike g_array_append_vals, which takes a
pointer to an array of values and a count of the number of values in the
array.
svn path=/trunk/; revision=25753
the fact that 'data' is a pointer to a char). GLIB fixed this in their
accessor macro here:
http://svn.gnome.org/viewvc/glib?view=revision&revision=6092
The bug report confirms that the data is properly aligned:
http://bugzilla.gnome.org/show_bug.cgi?id=502927
So, add some intermediate (void *) casts to avoid "cast increases required
alignment of target type" on SPARC. (No, we can't use the accessor macro
because we want to access the whole array not just the ith element.)
Since build_dict->ett is actually an array of pointers, change it to a
GPtrArray.
Reindent some.
svn path=/trunk/; revision=25749
FIP is the FCoE Initialization Protocol. FCoE is Fibre-Channel over Ethernet.
FIP is being finalized in t11.org, and further changes are not expected.
svn path=/trunk/; revision=25748
connection-oriented transport protocol and ISO 8602/ITU-T X.234
connectionless transport protocol) out of packet-clnp.c into
packet-isotp.c.
svn path=/trunk/; revision=25746
value. They start at 1, though, so 0 *is* a special out-of-band value.
There is no guarantee that you can use a pointer as a 32-bit integral
value; the compiler warns if you do, at least on some platforms.
svn path=/trunk/; revision=25744
and "hdlc" doesn't indicate that it's a protocol type), and, instead of
a "raw" option, have a "try to guess the traffic type" option - for now,
if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise
treat it as PPP.
svn path=/trunk/; revision=25737
"aal5_type" dissector, which offers only "guess the traffic type" and
"LLC multiplexed" as options, defaulting to "guess the type".
Add a separate preference to control whether to treat single ATM cells
as raw data or as the first cell of an AAL5 PDU (and dissecting them as
short AAL5 PDUs).
Don't reach inside the tvbuff to get the data and the length; use
tvb_length() and tvb_get_ptr().
Pass the data *after* the AAL5 header to the "guess the traffic type"
routine.
svn path=/trunk/; revision=25736
warnings (such as the warning you get when you say
"prefs_register_boolean_preference" rather than
"prefs_register_bool_preference") show up as errors.
svn path=/trunk/; revision=25735
it's not the "Bridge Control Protocol", and the packets aren't "BPDU"s
in the sense of Spanning Tree Protocol packets.
svn path=/trunk/; revision=25732
the payload we hand to the next dissector.
Check whether the length field in an 802.3 header doesn't go past the
(presumed) end of the payload.
svn path=/trunk/; revision=25731
Attached is a patch for:
- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448
svn path=/trunk/; revision=25730
to the "no FCS" dissector if the "FCS present" flag isn't set. Strip
off padding. Don't hand non-Ethernet packets to the Ethernet dissector.
Update the RFC number for the PPP Multilink protocol. Add a preference
for short sequence numbers. Check only the "first fragment" and "last
fragment" flags when constructing the summary description for the flags
field. Use the global "tfs_yes_no" true_false_string structure rather
than defining our own "Yes"/"No" true_false_string structure.
svn path=/trunk/; revision=25729
The attached patches bring the wireshark code up to date with the latest
NFSv4.1 protocol drafts (in ietf last call now, so hopefully not too much more
of this will be required).
They also cover more of the protocol, and do some minor cleanup (e.g. remove
some operations which were really only used by one prototype implementation,
and never part of the protocol.)
A few ops and attributes are still missing.
svn path=/trunk/; revision=25727
indicates; replace the "erf.eth" preference with an "erf.ethfcs"
preference, specifying whether the FCS is present in Ethernet frames,
and offer the options "present", "not present", and "maybe present" -
for "maybe present", call the regular Ethernet dissector, which tries to
figure out whether there's an FCS at the end of the packet or not.
svn path=/trunk/; revision=25719
Currently, sFlow dissector only recongnizes "Header" as the packet data type.
This patch enhances it to support "IPv4" and "IPv6" packet data type.
This patch seems to work well against sFlow packets exported from AlaxalA switch.
svn path=/trunk/; revision=25688
I'm pretty sure that it won't be used uninitialised, and that the code could be more clearly arranged to make this obvious to the compiler too.
svn path=/trunk/; revision=25685
- the StringInfo allocator may fail when a 0 data length is requested
- many wrong values into the cipher_suites table
- duplicated code for ssl session state checking before each
ssl_generate_keyring_material() call
- missing initialization of 'server_data_for_iv.data_len' and
'client_data_for_iv.data_len' in ssl_session_init()
From Jaap Keuter:
- Some code rationalisation
- Gammatical/factual corrections in output and comments
- Whitespace cleanup
svn path=/trunk/; revision=25684
Info column and protocol tree to indicate that.
If we find an invalid version number in the *second* switch statement,
don't bother spewing out a warning - that's a "cannot happen", so just
throw a dissector assertion.
svn path=/trunk/; revision=25621
and "deprecated" groups the default. Add an "abort" group for code that
shouldn't exit the program. Update the makefiles to call "checkAPIs.pl
-g abort" for dissectors. Remove a dependency on "cat" in checkAPIs.pl.
svn path=/trunk/; revision=25614
The syslog dissector could crash if the "packlog" MSU is truncated such that
the hex string ends in with a nibble.
From me: Check if that will happen and chop off the nibble before giving it to
convert_string_to_hex() so we'll dissect as much of the MSU as possible.
svn path=/trunk/; revision=25612
link-layer types static.
If the preference is set to "raw data" for any of those types, display
the raw data with an indication that the preference in question has been
set to "raw data", so people don't just wonder why ERF files aren't
working right any more. (See bug 2641; I had the same surprise when I
tried it on some ERF captures I have.)
Pull the dissect_erf_header() code into dissect_erf() - it's dissecting
the *payload*, not the *header*.
Fill in the Info column with the record type.
When using tvb_new_subset() to chop a header off of a tvbuff, just
specify lengths of -1, so we go all the way to the end.
Clean up the Infiniband dissector call.
svn path=/trunk/; revision=25608
epan/dissectors/packet-ncp2222.inc is a bit hard to fix, so we're not
ready to enable that warning by default yet.
Throw in some casts to handle GLib routines that take arbitrary
non-const pointers (they can later return the pointers, and some
callers might want to modify or free up those pointers in cases where
they're known to be writable or allocated).
Use ep_tvb_memdup() rather than a combination of ep_alloc() and
tvb_memcpy().
Clean up some indentation.
svn path=/trunk/; revision=25601
Make build_expert_data() take the size of "buffer" as an argument, and
use that when doing g_snprintf() into the buffer, to ensure we don't
overflow the buffer. Also, don't just assign to "buffer", as that
doesn't put anything *in* the buffer.
svn path=/trunk/; revision=25600
members to be const pointers when that's possible, and throw in some
casts when the GLib API fails to have properly consted arguments.
Use ep_strdup_printf() in some cases.
svn path=/trunk/; revision=25596
From Dustin Johnson: Add support for TurboCap.
- packet-ppi.c: Add aggregation and 802.3 extended information.
- capture-wpcap.c: Add support for pcap_list_datalinks and pcap_set_datalink.
Make pcap_list_datalinks and pcap_set_datalink mandatory on Windows.
svn path=/trunk/; revision=25593
incorrectly, which could lead to information disclosure or worse. Use
tvb_format_text instead. This lets us get rid of a character array and
avoids feeding raw packet data to the GUI.
svn path=/trunk/; revision=25584