This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
With the exception of docsis's packet-tlv.c file, these are all simple problems
with the prefix not exactly set to PROTOABBREV. For example, for
packet-bpkmattr.c, the field names are prefixed with "docsis.bpkmattr." instead
of "docsis_bpkmattr.".
packet-tlv.c had one mis-named field, namely "docsis.cos.sid". It has been
changed to "docsis_tlv.cos.sid" in the patch to be attached, which includes
patches for 29 files in the plugins/docsis/ directory ...
svn path=/trunk/; revision=23088
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1888
There are new versions of CMP (v2) in RFC4210 and CRMF (v2) in RFC4211. The
right to exist of CRMF is bound to CMP so I don't split that into two bug
reports.
I'll upload the new (slightly handmassaged) ASN.1 files for both protocols,
along with patches for the respective cnf files, where I also added new
#.REGISTER statements.
Additionally I had to export some definitions from pkix1explicit (Attribute,
Time, UniqueIdentifier and Version) and from pkix1implicit (KeyIdentifier).
I'll also upload a patch for that.
I uploaded a CMPv2 sample (with errors in the protocol!) to the wiki.
svn path=/trunk/; revision=23082
LocalIdentifier when problems with the GlobalDomainIdentifier.
- Initialize global pointers to avoid potential crashes.
svn path=/trunk/; revision=23080
- Added generated entry for total missing sequence numbers
- Added expert info on invalid ack info length
- Added count of ack in info column
svn path=/trunk/; revision=23079
This patch adds support for IMPS 1.3 protocol dissection and also
updates IMPS 1.2 protocol to approved release version.
From me:
- Updated vals_wbxml_public_ids table.
- Reindented file.
svn path=/trunk/; revision=23078
1) IPFIX port (4739) should be configurable without recompiling
2) It should be possible to specify more than one port to be dissected as
Netflow and/or IPFIX
3) Netflow should recognize UDP ports 2055 and 9996 (Both are common)
Also (from me):
- make Netflow a "new style" dissector: return 0 if it doesn't appear to be a
valid netflow packet
- register the old preference (cflow.udp.port) as obsolete so users don't see
warnings about it not being valid
svn path=/trunk/; revision=23075
- COL_REL_CONV_TIME which is used to display the time relative to the first frame that was seen in the conversation
- COL_DELTA_CONV_TIME which is used to display the delta time from the previous frame of the conversation
It also adds the function "col_set_time()" to "epan/column-utils.[ch]" which can be called from within a dissector to set either of these two columns to the appropiate time.
Last but not least, it lets the tcp-dissector make use of these two columns.
svn path=/trunk/; revision=23058