- enable the 'follow SSL stream' menu item only when a ssl packet is selected.
- when 'following' an ssl stream, show ssl decrypted data only for current conversation.
- fix a typo in ssl preference description.
svn path=/trunk/; revision=17301
- Improves ability of dissector to find conversations without seeing
whole stream.
- Fixes some issues with dissection of data which requires reassembly.
- Adds the ability to dissect jxta conversations from SCTP streams.
- Better handling of welcome message.
- Adds direct dissection of compressed SRDI data.
- Has been run through extensive fuzz testing.
- Fixes compiler warnings with previous patch 17141
svn path=/trunk/; revision=17282
the attached patch fix a couple of possible memory leak in the ssl
decryption code, add some indentation fix, more comments and add the
preference to select the debug output (missing in previous patch)
svn path=/trunk/; revision=17281
The attached patch cleanup the debug infrastructure for ssl dissector.
Debug messages are by default off and can be enabled via the ssl
dissector preference. Debug output can be directed to stderr or file.
svn path=/trunk/; revision=17253
The attached patch fix bug 732.
The problem was in the client key dissection. On ssl v3 the encrypted
data is the whole record data, on tls v1 the encrypted data is preceded
by the 2 bytes length of the encrypted data itself.
svn path=/trunk/; revision=17244
the Nettle library and specify a Pluto log file in the preferences.
The Pluto log MUST include the encryption key used in each phase.
Add filters for many fields (and get rid of a lot of
proto_tree_add_text()s in the process).
Fix up whitespace.
Sponsored by CableLabs.
svn path=/trunk/; revision=17229
attached a patch that supports filtering for
Juniper's meta information prepended
before packets (logical encapsulation, ifd index etc.)
Me:
declare juniper_ext_get_tlv_value static
svn path=/trunk/; revision=17226
This is a simple patch to the Netflow v9 dissector, that let it decode
Netflow v9 MPLS-Aware, a feature of Cisco 12000 IOS 12.0.24S and above
on Cisco 12000, 7500 and 7200 that is very useful for MPLS-VPN networks.
svn path=/trunk/; revision=17225
the attached patch clean a bit the ssl decryption related code, removing
a macro I used when the code was still for an external plugin.
svn path=/trunk/; revision=17217
if the secblob starts with 'NTLMSSP' call the ntlmssp handle directly and not the gssapi one
ntlmssp:
dont change offset when dissecting a client_time, offset will be changed properly later outside the switch.
svn path=/trunk/; revision=17215
Packet-g723.c - B0 and B1 should be treated together.
packet-tipc.c - Change desgementation code to handle more than 2 segments.
svn path=/trunk/; revision=17204
>There is still an issue into the HAVE_LIBGNUTLS macro definition. I'm
>fixing it and cleaning a bit the windows side configuration. I hope to
>post soon the fix.
The attached patch should fix the issue. I missed to modify the
config.win32 file and I misstyped a few macros name.
svn path=/trunk/; revision=17200
If the P bit is NOT set, then flag the PID field as "(not valid)"
Sicne the TID might be undefined/0 in the response to a "pending" read
we cant use that solely to determine if a read was for a named/pipe (==dcerpc)
Assume that only NamedPipe reads can be STATUS_PENDING and thus have the P bit set and assume it IS dcerpc if the P bit is set.
svn path=/trunk/; revision=17197
Set up to build on Windows if we have GNU TLS.
Define "ssl_data_set()" regardless of whether we have GNU TLS or
not, as it's used in either case.
Get rid of an extra #include of epan/gnuc_format_check.h.
svn path=/trunk/; revision=17177
I have developed an external plugin to enable ssl decryption in
ethereal.
Me
- Remove unnecessary $Id$ from acinclude.m4
- Added packet-ssl-utils.h to Makefile.common
- Fixed a few warnings
TODO
- Lots of warning fixes (see separate mail)
- Reformat function headers to read like the others do
(return value<newline>function-name...)
- Test on Windows platform
- Review the patch to packet-ssl.c and new files packet-ssl-utils.[hc]
svn path=/trunk/; revision=17156
the choice dissector didnt sometimes use the correct next_tvb.
based on a bogus variable 'first_pass' that was added as a qad solution to some weird CMIP problem.
svn path=/trunk/; revision=17142
epan/dissectors/ncp2222.py - Fixes the NCP group values for all NCP's. Also fixes some additional return values and cleanup.
gtk/ncp_stat.c - Fixes the NCP group values for SRT.
gtk/service_response_time_table.c:
The SRT is broken if you hit the reload button or apply a filter. The table isn't cleared so each item in the list is duplicated and the second entries remain with initial values. This patch clears the GTK_CLIST so that the redundant entries no longer appear.
svn path=/trunk/; revision=17139
This patch shows (as extra, generated fields) what the address and port will be after XORing again with the transaction ID. I've done IPv4, but don't have any IPv6 captures to test with...
svn path=/trunk/; revision=17126
list of address families) and the list of strings in afn.c, and use them
in packet-lldp.c instead of having it define its own.
svn path=/trunk/; revision=17114
i have tested it with many captures but this used to be fragile and delicate code so there might be some regressions that will need to be addressed once identified.
svn path=/trunk/; revision=17107
This file uses SEH which AFAIK is only available for MS Visual-C.
I build using MingW/gcc, so the attached patch is needed.
svn path=/trunk/; revision=17102
Dissectors registered with register_postdissector() will be called after all other dissectors have been called.
Use it to register mate.
svn path=/trunk/; revision=17089
headers.
Fix capture_radiotap() to check for padding between the 802.11 header
and the 802.11 payload and to call different capture routines depending
on whether it's present or not, and create capture_ieee80211_datapad()
to handle the case where it's present.
Fix capture_radiotap() to convert the Radiotap header length from
little-endian, and to do some sanity checking of that length.
Fix capture_ieee80211_common() to use the offset supplied to it to fetch
the frame control field, as that offset isn't necessarily 0.
svn path=/trunk/; revision=17083
1. Fix a bug in caclulating the 802.11 header length for QoS
data frames (way bad regression from previous code).
2. Add support for packets w/ data padding between the 802.11
header and the payload (as indicated in the radiotap flags).
3. Add support for handling FCS indication in the radiotap
flags.
4. Fix display of TSF (previous code was not byte swapping).
5. Update ieee80211_mhz2ieee in radiotap.c to handle more
channels.
6. Nuke some #if 0 code I left in radiotap.c a while back.
Also, clean up the various macros that extract stuff from 802.11 header
fields or define bitfields within those header fields:
group them by the fields from which they extract and the values
they extract, or the header fields to which they belong;
get rid of some of the COOK_ in the names - COOK_ really doesn't
indicate anything useful, such as the field from which they're
extracting (we should get rid of the rest);
put in some more comments explaining what they do;
get rid of some unused macros;
get rid of some values that aren't flag values - they're values
to test whether something's a data frame with a particular byte
set in the subtype field, but they're only used on data frames,
so we only need to test the bit in question, so we define macros
to test the bit and name them to indicate that they're for use
on data frames.
Consistently use "CF-Ack" and "CF-Poll" in the strings for various data
frame type/subtype values, and get rid of "802.11" (it should be obvious
to one and all that this is 802.11...).
Comment out some variables used only in commented-out code.
Get rid of some unused variables.
Fix up one "proto_tree_add_text()" call where the format string didn't
match the arguments.
svn path=/trunk/; revision=17080
This patch for the STUN dissector fixes a bug (wrong value for DATA_INDICATION attribute) and adds the decoding of IPv6 address in attributes.
svn path=/trunk/; revision=17078
This way we (hopefully) can continue dissecting with the next packet, even if a more serious exception had occured, e.g. a memory access violation or a divide by zero exception.
Obviously, not all problems solved, as SEH won't protect us from other problems, e.g. endless loops and such
svn path=/trunk/; revision=17070
mp_addr_to_str was unnecessary 'complex' - simplified it
packet-dns.c: Fix incorrect use of g_snprintf return value
packet-dcm.c: Fix incorrect use of g_snprintf return value
Someone who understands the protocol should look at the
"vr, tr might be used uninitialized..." warning.
packet-x11.c: Fix incorrect use of g_snprintf return value
packet-kerberos.c: Fix incorrect use of g_snprintf return value
Someone should take a look at the
"longjump might clobber ..." messages
packet-diameter.c: Fix incorrect use of g_snprintf return value
Get rid of unsigned < 0 check
packet-pgm.c: Fix incorrect use of g_snprintf return value
packet-nbns.c: Fix incorrect use of g_snprintf return value
packet-winsrepl.c: Collateral damage to packet-nbns.c fix
packet-netbios.c: Collateral damage to packet-nbns.c fix
packet-netbios.h: Collateral damage to packet-nbns.c fix
packet-kerberos.c: Collateral damage to packet-nbns.c fix
packet-nbipx.c: Collateral damage to packet-nbns.c fix
svn path=/trunk/; revision=17065
This fixes bug 523, but exposes more of bug 658.
The TACACS and SDP dissectors don't call inet_aton(), so don't include it.
svn path=/trunk/; revision=17056
separate buffer. Fixes the current Buildbot failure.
Don't let the sprint_realloc_* functions reallocate ep_allocated memory.
Add comments warning against this in the future.
In emem.c, make sure we don't use an extra 100k every stinkin' time
someone wants to allocate memory when debugging is enabled.
Fixup whitespace.
svn path=/trunk/; revision=17051
packet-wccp.c: Fix incorrect use of g_snprintf return
packet-cops.c: Fix incorrect use of g_snprintf return value
packet-wtp.c: Fix incorrect use of g_snprintf return value
svn path=/trunk/; revision=17046
- Beginning of incorrect g_snprintf retval ussage fixes
- Make qbss station count a byte again until we know
whether the count is a 2 byte le value instead
svn path=/trunk/; revision=17045
packet-ntp.c: Rather confused and incorrect use of g_snprintf return value
packet-pim.c: whitespace change
packet-icmpv6.c: g_snprintf takes trailing \0 into account, fix off by 1 error
packet-clnp.c: Fix incorrect use of g_snprintf return value
packet-isakmp.c: g_snprintf takes trailing \0 into account
packet-tr.c: Fix incorrect use of g_snprintf return value
packet-radius.c: Fix incorrect use of g_snprintf return value
packet-radius.h: constify a string variable
packet-ldap.c: The return value isn't needed, so don't use it incorrectly
packet-tcp.c: Fix incorrect use of g_snprintf return value
packet-windows-common.c: Remove unneeded DISSECTOR_ASSERT
packet-smb-sidsnooping.c: g_snprintf takes trailing \0 into account
packet-pvfs2.c: g_snprintf takes trailing \0 into account
packet-ptp.c: Remove #include snprintf
packet-ppp.c: Fix incorrect use of g_snprintf return value
packet-ospf.c: Fix incorrect use of g_snprintf return value
packet-mip6.c: snprintf -> g_snprintf
packet-bootp.c: Remove a commented out bad use of g_snprintf
packet-ber.c: snprintf -> g_snprintf, g_snprintf takes trailing \0 into account
2do:
52 packet-ieee80211.c: 2DO
2 packet-nfs.c: 2DO - too many side effects
33 packet-bgp.c: 2DO
18 packet-dns.c: 2DO
14 packet-dcm.c: 2DO
13 packet-x11.c: 2DO
11 packet-kerberos.c: 2DO
10 packet-diameter.c: 2DO
9 packet-snmp.c: 2DO
9 packet-pgm.c: 2DO
7 packet-nbns.c: 2DO
6 packet-fcswils.c: 2DO
5 packet-wccp.c: 2DO
5 packet-cops.c: 2DO
4 packet-wtp.c: 2DO
svn path=/trunk/; revision=17038
Find attached a couple of changes for t38:
- Use the dissector to reassemble t30 frames
- Dissect t30 protocol
- Move the "Fax t38 analysis" to the "VoIP Calls". Now when selecting
"Statistics"->"Fax t38 analysis" option, there is a message that
redirect the user to use the "Voip calls" instead. We may keep this
option for one release, and then remove it ?
- Added in the "Voip calls" the ability to detect a t38 call if there
are not signaling associated with it. For example, when using "Decode
as.." to dissect t38 packets, it is possible to use the "Voip calls" to analyze that call.
- Display "SDP (t38)" in the "Voip calls graph" for SDP t38 sessions.
Regards
Alejandro Vaquero
svn path=/trunk/; revision=17033
- Change proto_tree_add_uint ( ...., tvb_get_guint8(...)) to
proto_tree_add_item ( ....) for all qbss dissection code
- Change all qbss occurrences scount to be 16 bits (I may have
gotten endianess wrong! Testers / sample captures needed)
- Change wlan_mgt.tag.aironet... filter to wlan_mgt.aironet...
svn path=/trunk/; revision=17028
Attached is a patch that fixes several decoding problem is the gsm_a
dissector. The bugs are also submitted to bugzilla id #684 and #687.
svn path=/trunk/; revision=17027
-rework the GGSN dissector to proper parse meta extensions -more graceful magic-number detection - for better (JUNOS 6.4)
downwards compatability
-correct calculate the offset to ATM cookies when there
are meta-extensions present
svn path=/trunk/; revision=17016
instead of clobbering a canary. This replicates its pre-canarification
behavior (which may not be correct).
Fixup whitespace.
svn path=/trunk/; revision=17001
Here is a patch that:
- Replaces the arrow labels by the beginning of the COLINFO column if available (usually containing message names/types).
- Change the comment area to be "protocol: colinfo_content"
From Anders
Added ID tag
Camel
Use col_set_str to remove TCAP info in col_info
svn path=/trunk/; revision=16975
I fixed fBACnetPropertyValue in the BACnet packet-bacapp.c dissector
where an optional decoding for Priority wasn't being optional. A valid
packet with a confirmedEventNotification that did not have the optional
priority made this bug evident by indicating Malformed Packet.
Me:
Fixed some signedness warnings, #if 0'ed out unused functions.
svn path=/trunk/; revision=16957
>From the Debian bug database this bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342588
The rates information element with zero tag length leads to uninitialised
memory access, presenting bogus data for the element. The attached patch
takes care of that.
Me:
One space in the map listing is enough.
svn path=/trunk/; revision=16947
Ethereal does not take into account the protocol field of the IP header
when reassembling fragmented packets as specified in RFC791. This can
lead to incorrect reassembly of packets with an identical src address,
dst address, and identification number, but with differing protocols.
The attached patch includes the protocol in the generation of the id
used to index into the reassembly table.
svn path=/trunk/; revision=16937
I keep finding finding traces that show new problems with this code. This patch fixes 2 problems:
- I've seen RTCP frames containing a SR and RR with identical source info and the lsr matching the current MSW/LSW timestamp of the SR. Don't want to do calculation without real roundtrip info
- calculating the gap between the 2 frames was still wrong (sigh)
svn path=/trunk/; revision=16934
Over the last year or so there have been several developments in the 3GPP2 specifications. One of the areas that saw significant changes was A11 interface between PDSN and PCF. With the introduction of QoS support on this interface, the specification includes a lot of new information elements in this protocol
svn path=/trunk/; revision=16933
- Keep track of terminations (link wildcarded ones to real ones)
- Keep termination info and link aal2 terminations to alcap legs
svn path=/trunk/; revision=16914
create a new dissector table where MAC algorithms for dns/tsig can be registered.
register gssapi for the algorithm "gss.microsoft.com" since this is what w2k uses when performing dns updates.
svn path=/trunk/; revision=16895
also change one (of several:-( ) arrays to be accessed through accessor functions so proper bounds checking is done.
there are many other inbstances of arrays in this dissector that are accessed with no proper bounds checking and the same thing should be done for them
svn path=/trunk/; revision=16891
Hi list,
On the Ethereal Wiki is a CDP capture of a Broadcom BCM1100 VoIP chipset.
It has a power consumption TLV, which was not yet dissected. The attached
patch does that.
svn path=/trunk/; revision=16890
make the dissection of the ACL check the type for each individual ACE and only dissect as access mask and sid those ACEs we know how to handle.
this prevents ethereal from dumping on w32 if we encounter any of these "special" ACE entries, such as the ones used for storing location data for offline files.
svn path=/trunk/; revision=16881
- Better nameing of tfs_ arrays
- Name and dissect "version" field (previously unknown)
- Name and dissect "add tag scheme" (previously unknown)
- Add lots of comments about meanings in the port data
- The first byte in the set command is probably some salt value
svn path=/trunk/; revision=16871
Taking a random dissector from the list on the Wiki I picked packet-enip.c. Nothing wrong with this one, I still ememified it.
From Bart Braem:
packet-mip.c does not have support for all registration denials by the foreign agent, code 77 was left out. The attached patch fixes that.
svn path=/trunk/; revision=16868
Fix a memory leak found by valgrind:
Although dir isn't a directory it may still use memory
packet-xml.c:
Reformat the relevant function in packet-xml.c to be readable on systems
where a tab is 8 spaces.
svn path=/trunk/; revision=16865
Three patches here:
eth-ed-2.diff
-------------
1) The handling of HashSet Answer messages was wrong
2) Add dissection of some more eMule extension packets to do with
error recovery
eth-bt-1.diff
-------------
New versions of the Azureus BitTorrent client implement a new extension to the protocol, which is effectively a text based encapsulation of the binary BitTorrent protocol, embedded within the BitTorrent protocol. Who knows why they thought that was a good idea, but this patch can pick apart their new headers.
eth-bt-2.diff
-------------
By registering a normal dissector as well as the heuristic one, BitTorrent shows up on the Decode As... list so you can manually override its mistake.
svn path=/trunk/; revision=16856
- New Dissector Novell Cluster Services
1. Changes Dir Handle Type from Boolean to val string
2. Changes Search Mode from Boolean to val string
3. Adds a number of additional attribute definitions
4. Adds file migration state values
5. Adds missing return values
6. Adds NCP 90,150 "File Migration Request"
svn path=/trunk/; revision=16844
This idl file is required by wkssvc.idl since wkssvc references Platform_id
There are still some minor changes required for pidl to prettify the output for both wkssvc and srvsvc before these two dissectors should be used.
note that this idl is significantly different from the samba4 idl since it contains all the additional functions and structures the handwritten dissector has that is lacking from s4 idl.
it is expected that s4 will take up the authorative version of this idl soon so there will only be one master copy of this idl.
svn path=/trunk/; revision=16831
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
svn path=/trunk/; revision=16828
"preferences/mtp3 must be changed accordingly (it is explicitly indicated that the "network address format" is ..."
Change the text and som names.
svn path=/trunk/; revision=16827
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.
-packet-ieee80211.c
Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.
-From Kan Sasaki
A patch for packet-ospf.c is attached:
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
- lldp Bugfix Bug 596 LLDP TIA Network Policy Decode is not correct
- Camel make it possible to dissect based on OID.
svn path=/trunk/; revision=16822
This patch adds support for draft-nguyen-ospf-lls-05.txt, draft-nguyen-ospf-oob-resync-05.txt and draft-nguyen-ospf-restart-05.txt. These are an alternative way to do OSPF graceful restart.
These drafts are implemented by cisco and several other vendors that want to interoperate with cisco. My patch adds a dissectors for LLS TLVs.
I had to modify the existing ospf dissector as it assumed that all the data after IP header is OSPF packet. This is not true anymore and probably was not true before as well.
Also please find attached an example of OSPF packets with LLS data blocks.
--
svn path=/trunk/; revision=16818
* DOP - This has now been successfully tested and so is now enabled by default and workaround code removed.
Also now uses the correct EXPORTs from the other modules/dissectors.
* X509SAT - Most of the selected attributes are now supported in addition to the DirectoryString syntax attributes. This includes restoring the correct DirectoryString syntax and also providing the basic syntaxes (e.g. OBJECT IDENTIFIER, PrintableString). The latter requires a sed line in the Makefile which I assume should be OK? Not all the SAT can be defined in x509sat - so some have been included in x509if and x509af - though x509sat.cnf contains the master list and references the other dissectors where appropriate.
(I still prefer a syntax registration approach but I don't think that is going to be agreed in the short term.)
* X509IF - a mechanism to register some formating, based upon the hf_index, that is used in the cnf file.
* A couple of fixes identified by Stig.
svn path=/trunk/; revision=16814
Patch for COTP reassembly.
There does not seem to be any reasonable or cleaner way to fix COTP
reassembly than adding the frame.[ch] patch.
svn path=/trunk/; revision=16813
Make the dissector new-style and add simple (better than nothing) heuristics so that it can reject some packets that are obviously not modbus.
change the constants to upper case
the horrors:
replace two instances where tvb_memcpy() were used to read straight into a structure to instead read the structure field by field using tvb_get_...()
This may allow the modbus dissector to actually work.
svn path=/trunk/; revision=16811
dissect (so that we report a packet cut short by the snapshot length).
Get rid of an unused variable..
As we restore "pinfo->fragmented" from "save_fragmented" regardless of
whether we're defragmenting or not, we have to save its previous value
in "save_fragmented" regardless of whether we're defragmenting or not.
svn path=/trunk/; revision=16808
> Two patch files are attached adding UDP-Lite dissection to the UDP
> dissector. Wiki page is available at the normal location, including
> sample captures courtesy of Gerrit Renker of the University of
> Aberdeen Electronics Research Group. The patch has been tested with
> both the sample captures and Fuzz test.
And add Marc Petit-Huguenin to AUTHORS
svn path=/trunk/; revision=16801
This is a patch that add support for the latest drafts[1] in the STUN dissectors. I choose to add TURN directly in the STUN dissector instead of creating a new dissector because of the decision at the latest IETF meeting[2] to redefine TURN as an use case of STUN.
[1] ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-behave-rfc3489bis-02.txt
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-rosenberg-midcom-turn-08.txt
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-camarillo-midcom-turn-ipv6-00.txt
[2] http://www3.ietf.org/proceedings/05nov/minutes/behave.txt
svn path=/trunk/; revision=16797
same, and have only one bit set, "(a & b) == c", which is what is
intended, is the same as "a & b".
In addition, we don't want to do desegmentation if "isup_apm_desegment"
isn't set, so that test should be ANDed with the other two tests.
svn path=/trunk/; revision=16792
means "a & (b != c)", not "(a & b) != c".
Put in a comment noting a potential problem with defragmentation,
pointed out by a compiler warning that apm_Segmentation_local_ref might
not be set before it's used.
svn path=/trunk/; revision=16779
Catch a TypeError that gets thrown if we don't use any conversion
specifiers during string formatting.
H.248:
Don't dereference a null pointer. Fixes bug 626.
svn path=/trunk/; revision=16773
-add codepoint to name resolution for Juniper IFMT, IFLE extension TLVs
-bugfix: DLT_JUNIPER_PPP, correct the calculate offset for PPP payload
-bugfix: DLT_JUNIPER_CHDLC, add CHDLC handler
-bugfix: add a more flexible TLV value extraction function which
does not bail if the assumed TLV length does not match
svn path=/trunk/; revision=16764
(http://yersinia.sourceforge.net/index.html)
by Alfredo Andres and David Barroso. There's more information to be put
into Ethereal but it's a start.
svn path=/trunk/; revision=16756
fields as BASE_DEC; bitmaps are typically displayed in hex in Ethereal,
so it should generate BASE_HEX instead. (Submitted to
bugzilla.samba.org as bug 3313.)
A couple of the IDL files use "unistr"; define it as "[string] uint16",
so that the resulting dissectors work correctly.
Regenerate dissectors.
svn path=/trunk/; revision=16754
