Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 8/9] add support for Root Announcement (RANN) IEs
svn path=/trunk/; revision=38280
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 7/9] update parsing of mesh control field
During development of the 80211s standard, a "mesh header" was conceived. This mesh header has been renamed the "mesh control field". Further, the conditions under which it is expected to appear have also changed. Specifically, the mesh control field appears in multihop action frames and mesh data frames. In the former case, it appears after the action category and action code, so no special header parsing is required to parse it.
The latter case is a bit more complicated. We know the mesh control field is present if the data frame was transmitted by a mesh STA, AND the new "Mesh Control Present" bit in the QoS control field is set. This second thing is easy enough to check. But the first thing is not. So we continue to rely on heuristics. Specifically, we only expect the mesh control field for valid from-ds/to-ds settings, and if the mesh control field itself is valid.
Other relevant changes in this patch include:
-- rename mesh_header to mesh_control as appropriate
-- consider the mesh control field to be part of the header when accounting for payload padding.
-- parse some of the qos fields earlier so they can be used to determine if the mesh control field is present.
-- use existing mesh control parsing code instead of duplicating it.
svn path=/trunk/; revision=38279
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 6/9] update mesh path discovery (hwmp) IEs to 802.11s v12
This includes adding the new mesh reason codes
From me
Fix checkAPI Errors (the blurb field matches the field name)
svn path=/trunk/; revision=38278
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 5/9] make pre-80211s marvell mesh use its own data structures
The pre-80211s legacy mesh networking developed by marvell has some similarities to the latest 80211s mesh networking. However, there are enough differences in naming and convention that they should have their own data. For clarity, we break up the marvell and 80211s mesh dissection.
Note that as of this patch, 80211s parsing uses the legacy data structures. That will change in subsequent patches in this set.
svn path=/trunk/; revision=38277
Update 802.11s packet dissecting to the ratified standard (v12.0)
Subject: [PATCH 4/9] eliminate obsolete non-standard 80211s peer link action frame code
The peer link action frame no longer exists. Its data now appears in the self-protected action frame and the peering management IE.
Note that this leaves a gap in the internal field codes that is addressed in a subsequent patch.
svn path=/trunk/; revision=38276
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 3/9] add support for 802.11s v12.0 mesh peering management IE
The v12.0 mesh peering management IE replaces the exiting mesh peer link management IE and has a slightly different format.
From me
Fix checkAPI Errors (the blurb field matches the field name)
Remove unused hf_ieee80211_mesh_mgt_pl_reason_code
svn path=/trunk/; revision=38275
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 2/9] add support for 802.11s v12.0 action frame fixed fields
From me
Fix checkAPI Errors (the blurb field matches the field name)
svn path=/trunk/; revision=38274
Update 802.11s packet dissecting to the ratified standard (v12.0)
[PATCH 1/9] update mesh ID and mesh config IEs to latest 80211s draft (v12)
svn path=/trunk/; revision=38273
Also:
Use -1 iso tvb_[reported_]length() as 'len' arg in proto_tree_add_...();
Use tvb_reported_length_remaining() where appropriate.
svn path=/trunk/; revision=38241
When decoding drb payload, call IPv4, IPv6 or data dissector as appropriate.
Am slightly concerned that we always dereference the first byte of the frame - is it safe to assume that the length can't be 0?
svn path=/trunk/; revision=38199
Fix :
packet-tcp.c:3337: error: ‘dissect_tcpopt_maxseg’ undeclared here (not in a function)
packet-tcp.c:2264: error: ‘dissec_tcpopt_exp’ defined but not used
svn path=/trunk/; revision=38176
In case M_Length is 0 the M_List field does not exist.
The attached patch fixes this and it also changes the names of the M_List and
M_List length field to more general names.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6149
svn path=/trunk/; revision=38158
Add support for the ca_pmt_reply apdu as defined in section 8.4.3.5 of the DVB-CI standard (EN 50221).
Also some new apdu tags and their descriptions are added for completeness.
After applying this patch, DVB-CI support is complete except for reassembly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6132
svn path=/trunk/; revision=38137
representation. Use it rather than a raw 0x10.
Add a DREP_ENC_INTEGER() macro that takes a pointer to the data
representation and returns either ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN;
use it for the encoding argument to proto_tree_add_item(), rather than
just the AND of drep[0] and DREP_LITTLE_ENDIAN, as it's not a boolean
any more, and for string values we'll be supporting character encodings
as well and thus won't be able to trust that the 0x10 bit will mean
"little endian".
Use ENC_NA for some other encoding values, i.e. for FT_BYTES and the
like.
Fix a couple of places in the DCOM dissector where we were passing the
byte-order bit rather than the field value to
proto_tree_add_uint_format().
Clean up white space.
svn path=/trunk/; revision=38128
(Yes, that means that all but one call uses ENC_LITTLE_ENDIAN, and one
uses ENC_BIG_ENDIAN. I guess that's how the protocol works....)
svn path=/trunk/; revision=38106
* Change field title to not confuse people when the clocks of the pinging system and the capturing system are not in sync.
svn path=/trunk/; revision=38041
RFC3281 erroneously defined the Clearance attribute to be different to that defined in X.509. This has been recognised and corrected in RFC5755.
The RFC3281 syntax is retained and registered as the "RFC3281Clearance" syntax, which can be used to override the correct syntax in the BER oidtables if necessary.
svn path=/trunk/; revision=38014
in README.devloper. Remove g_gnuc.h since it's no longer needed. Remove
tvbuff_init(), tvbuff_cleanup(), reassemble_init(), and
reassemble_cleanup() since they were only used for older GLib versions
which didn't support GSlices. Assume we always support the "matches"
operator.
svn path=/trunk/; revision=37978
when dissect the capwap control header,the sequence's value is decoded
improperly,it tooks the wrong offset value,so the control messages' sequence is
showed improperly.
Changed to uset proto_add_item and encoding type changed from FALSE to ENC_BIG_ENDIAN.
svn path=/trunk/; revision=37962
Added filters for BOOTP options of "basic" types (modeled after packet-wssap.c)
"bootp.option.length" only used when specific option filter can't be found.
"bootp.option.value" expanded to support multiple types
Converted "custom options string" to UAT
replacing many proto_tree_add_text() calls with
proto_tree_add_item(), so the BOOTP dissector is considerably more filterable
svn path=/trunk/; revision=37958
dissector (unless you consider the calculation not being done in 64 bits
as a bug). For now, toss a ReportedBoundsError.
svn path=/trunk/; revision=37946
is NULL or not. With this change, GRE-encapsulated packets (such as IP)
should now appear in then endpoint and conversation lists. This was
essentially the request made at Sharkfest '11. The actual request was for a
"GRE" tab to be added, but that doesn't really make much sense to me. I
believe this change should fulfill that request.
svn path=/trunk/; revision=37945
increment the curr_offset by the correct number of bytes; otherwise we can run
into an infinite loop condition such as was the case for bug 6044.
Reference: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044
svn path=/trunk/; revision=37930
802.11 Association Response Packet's "Status Code" field is imprecisely decoded/described.
From me :
* Display Reason code in decimal (not Hexa)
* Check list from last standard (802.11-2007, 802.11r-2008, 802.11n-2009, 802.11w-2009 & 802.11z-2011)
* Add link to 802.11z-2010 documentation
svn path=/trunk/; revision=37927
Introduced a new tcp state variable: maxseqtobeacked, this is the
maximum seq number that can be acked by the rev party in normal case.
This new state variable only serves the proper detection of
tcp.analysis.ack_lost_segment indicator, and decouples it from the detection of
tcp.analysis.lost_segment indicator.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6081
svn path=/trunk/; revision=37922
a specification.)
Put V1 support back, in case there are captures out there with V1
packets and somebody wants to read them.
We don't need two identical tests against the minimum length.
For an unknown version, just put in a text item for the data, don't
append a note to the length field (which is the wrong field to append to
in any case).
Make routines not used outside this file static.
svn path=/trunk/; revision=37912
make FT_STRING and FT_UINT_STRING handle string encodings.
Get rid of FT_EBCDIC in favor of FT_STRING with ENC_EBCDIC.
Add some URLs for DRDA.
Clean up some stuff in TN3270 and TN5250, including using ENC_ values
for proto_tree_add_item().
svn path=/trunk/; revision=37909
items didn't get put into the protocol tree. See, for example, the
4548-Bug4668.pcap capture in the Wireshark menagerie (and attached to
bug 4668).
Instead, replace the #if 0'ed out code with code that does what the
non-commented-out line of code did, but doesn't assign to the unused and
now non-existent pi variable.
Make the "hf_id != -1" case the first one, as that should be the
"normal" case.
svn path=/trunk/; revision=37908
From doc/README.tapping:
IF the tap is going to return private data using the last parameter to
tap_queue_packet() and IF the protocol can appear multiple times inside the
same packet, you will have to make sure that each instance of
tap_queue_packet() is using its own instance of private struct variable
so they don't overwrite each other.
This was the case here, so I changed the static allocation of tap_rec to be
ep_alloc'd. I also tried to clean up the Info column a bit. With this patch
applied, the graph now shows the APM and ANM correctly instead of 2 ANM's.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5966
svn path=/trunk/; revision=37893
Removed "key prefix" need within GUI so it's a little more intuitive (because
that's what this bug is complaining about). Slight backwards compatibility
issue with UAT (because key prefix was in previous keys), but all development
(including fix for BUG 1123 that created UAT) has just been on SVN and not
released.
Also adjusted AirPCap (airpcap_loader.c) to account for the lack of "key
prefix".
Addressed some memory leaks/excess string creation.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5985
svn path=/trunk/; revision=37888
tvb_get_ephemeral_string() but takes an ENC_ value for the character
encoding. Use it in the MQ dissector to fetch strings to put, for
example, into the Info column, so we properly handle EBCDIC strings
there.
svn path=/trunk/; revision=37876
The way heuristic dissection was handled by the openSAFETY plugin, could lead
to out-of-memory problems with large files (>50.000 packets). The new version
does not use ep_alloc anymore, but a static boolean instead.
Also, the code registering for the SercosIII dissector got simplified, as the
SercosIII dissector is no longer a plugin.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6061
svn path=/trunk/; revision=37874
values, and use them in the MQ dissector, so EBCDIC strings are
displayed as such.
Fix up some other final arguments to proto_tree_add_item().
svn path=/trunk/; revision=37872
the nonce bit, we should display 3 nibbles on the Flags summary line in order
to represent all flag bits. While arguably we need not worry about reserved
bits, the nonce bit is not currently represented, so that bit alone pushes us
into the next nibble.
svn path=/trunk/; revision=37856
Also did some whitespace cleanup, converting tabs to spaces since most of the file was spaced, not tabbed, and swapped the order that the lg and ig bits get added to the tree because I think it looks better reading bits left-to-right.
TODO: I'm not entirely sure what to do in capture_eth() if that invalid range is encountered, so for now I just added some #if 0'd code as a placeholder.
Ref: http://www.wireshark.org/lists/wireshark-users/201106/msg00127.html
svn path=/trunk/; revision=37832
The length fields in a pcap_pkthdr are unsigned, so presumably the
equivalent fields in the rpcap protocol are also unsigned.
Make sure the captured data length isn't bigger than the remaining data
in the packet before attempting to construct a tvbuff for the packet
data. If it is, report that as an error, and don't even try to
construct the tvbuff; that'll fail. This fixes bug 6073.
svn path=/trunk/; revision=37826
This patch adds support for the two-way Sythetic Loss Measurement
opcodes (SLM & SLR) defined in the latest ITU-T Y.1731.
svn path=/trunk/; revision=37781
The IEEE 802.15.4 GTS descriptor count is a 3-bit field (see page 144
of attached spec).
The mask for this field is incorrectly defined as a 2-bit field in
epan/dissectors/packet-ieee802154.h line 74:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6055
svn path=/trunk/; revision=37771