put useful info like type,mode,uid,gid on the expansion lines so we dont have to open the expansion to see these values.
allow it to push this info multiple expansion lines upward
and optionally (such as for GETATTR replies) put this info in the info column as well
svn path=/trunk/; revision=17783
Removes the use of the deprecated proto_tree_add_item_hidden() function
I was adding the 'msmms.command.unknown' field in lots of places (a
habit of mine in my own dissectors), but this probably isn't useful.
svn path=/trunk/; revision=17782
> > This patch adds a hidden 'sip.auth' field, that will be present
> > whenever one of the authenticiation/authorization headers is
> > present.
> >
> > I believe this is one place where hidden fields are justified:
> > - it is a substring of several sip.auth.* fields, so its reassuring
> > to see the field turn green as you're typing in one of the visible
> > fields
> > - it lets you quickly find all of the frames with any of these fields
> > (there are 4 different SIP headers that can contain the auth fields)
svn path=/trunk/; revision=17766
Here is a patch for gsm_map dissector that adds USSD string decoding (mainly used in processUnstructuredSS-Request, UnstructuredSS-Request, UnstructuredSS-Notify). For now, it assumes that it will be GSM 7 bits.
It re-use packet-gsm_sms.c "gsm_sms_char_7bit_unpack" and "gsm_sms_char_ascii_decode" functions, as well as packet-smpp.c "smpp_handle_dcs" function.
svn path=/trunk/; revision=17739
With a change :
#ifdef HAVE_LIBCRYPT
#define __USE_LIBGCRYPT__
#endif
>> > finally, I have updated my dissector using libgcrypt.
>> > It does not use openssl anymore.
>> > If gnutls is installed, all should work.
>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>> > encapsulations ...) :
>> >
>> > - NULL Encryption Algorithm
>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256
>> > bits.
>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>> > 32 bits will be used as nonce.
>> > - DES-CBC [RFC2405] : keylen 64 bits
>> >
>> > I also have added :
>> >
>> > - BLOWFISH-CBC : keylen 128 bits.
>> > - TWOFISH-CBC : keylen 128/256 bits.
>> >
>> > You have to indicate the Authentication algorithm even if all
>> > Algorithms since it uses 12 bytes in the Auth field should work
>> > (have a look to the README to understand why I put it
>> > ;-) ). If you consider I have to throw it away please tell me.
>> >
>> > HMAC-SHA1-96 [RFC2404]
>> > NULL
>> > AES-XCBC-MAC-96 [RFC3566]
>> > HMAC-MD5-96 [RFC2403]
svn path=/trunk/; revision=17734
a minor fix for 3GPP2 A11 Session Updat
From me:
a fix to packet-ppp.c to dissect the payload
and some changes in the gre dissector to display the 3GPP values.
svn path=/trunk/; revision=17733
for the time being since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:
guint32 nt_status
guint32 unknown
guint32 unknown
if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS
svn path=/trunk/; revision=17722
- to_str.c: add support of "AT_NONE" address type in address_to_str_buf (avoid the assert failed later on
when messages have address type of AT_NONE - which can be the case for an MTP2 capture with FISU messages)
- packet-isup.c: changed source and destination addresses from (net_src and net_dst) to (src and dst) so
that addresses taken into account in the statistics are the SS7 point codes
svn path=/trunk/; revision=17720
> I have improved the heuristics and the display tree building code in
> dissect_jxta_udp() and dissect_jxta_stream() to avoid this problem.
svn path=/trunk/; revision=17709
find attached the patch that reflects this interpretation of
> this field accordingly. It also fixes a few minor bugs associated with
> the handling of 'UNIX Secs' field and two field types
> (LAST_SWITCHED(21) and FIRST_SWITCHED(22)) in case of NetFlow V9.
svn path=/trunk/; revision=17698
Some cosmetic changes:
- when working out the application id description to show in the info
column, also consider vendor application identifiers
- make sure application ids and command codes are always shown as
decimal numbers
- a little whitespace tidyup
svn path=/trunk/; revision=17684
while this should improve performance by unmeasurably little it does have the sideeffect that once we finish the rewrite tcp analysis might actually work and work well even for tcp over tcp tunnelling.
this also means that if you include packet-tcp.h you also need to include emem.h .
svn path=/trunk/; revision=17681