Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol, take II.
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41266
Support for MPLS Packet Loss and Delay Measurement, RFC 6374
Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
Any packetformat is supported: DLM, ILM, DM, DLM+DM and ILM+DM.
From me :
* Prefer proto_tree_add_item when it is possible
* add Modelines information
svn path=/trunk/; revision=41260
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6792
This is a new dissector for the non-standard Ericsson OM2000 protocol, as it is
used for the OML on A-bis of Ericsson RBS 2xxx BTSs.
It also includes a dissector for a shim-layer protocol that Ericsson uses for
IP-based A-bis like the RBS 2409. As the protocol is not publicly documented,
I have invented the name "EHDLC" (Ericsson HLDC) for it.
svn path=/trunk/; revision=41195
Support HDCP version 1 over I2c
the attached patch adds support for HDCP version 1. This is the authentication that runs between your DVD/Bluray player and your TV when they're connected via an HDMI cable.
svn path=/trunk/; revision=41172
Dissector for Alcatel-Lucent Enterprise Universal Alcatel- and NOE protocol
families.
Meant as a replacement for existing UA-dissector in trunk because of better
feature set:
- latest protocol specifiaction
- more detailed dissection and filtering possibilities on subprotocols
- RTP stream setup
- NOE over SIP
Lars Ruoff
On behalf of Alcatel-Lucent Enterprise
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6844
svn path=/trunk/; revision=41134
- Adapted packet-gsm_sim.c and CmakeLists.txt to match current content (trivial)
- Fixed warnings about //-style comments that were found running
../../tools/checkAPIs.pl -g deprecated -g prohibited -g abort -g termoutput packet-gsm_sim.c packet-etsi_card_app_toolkit.c
Error: Found C++ style comments in packet-gsm_sim.c
- Not fixed (will lead to dissector abort if in a packet):
../../tools/checkhf.pl packet-gsm_sim.c packet-etsi_card_app_toolkit.c
ERROR: NO ARRAY: packet-gsm_sim.c, hf_tprof_b19
ERROR: NO ARRAY: packet-gsm_sim.c, hf_tprof_b18
ERROR: NO ARRAY: packet-etsi_card_app_toolkit.c, hf_ctlv_bearer_descr
Please provide the necessary element entries for the hf[] array in a
followup patch.
svn path=/trunk/; revision=40854
TThis is a new dissector for the GSM A-bis OML protocol as specified in TS
12.21,
including some Siemens and ip.access vendor-specific extensions.
The protocol is called from both classic ISDN (LAPD) based A-bis as well as the
gsm_ipa dissector.
- Fixed the encoding argument to proto_add_item()
- Removed Attribute as that does not compile on windows.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5784
svn path=/trunk/; revision=40851
the existing "mac-lte" UDP heuristic dissector. It is hoped that it will be
possible to register a DLT for use with this format.
svn path=/trunk/; revision=40580
The ANSI C12.22 protocol is a smart grid protocol for utility meters, including
gas, water and electric. The dissector implemented in the patch file includes
full support for all EPSEM (Extended Protocol Specification for Electricity
Metering) services and includes a full implementation of the C12.22 security
modes.
[...]
To decrypt the attached sample file, you need to set up the key table in the
preferences to include key 0 with a value of 6624C7E23034E4036FE5CB3A8B5DAB44.
Me: Fixes for:
[ 64%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c: In function ‘dissect_epsem’:
../../asn1/c1222/packet-c1222-template.c:860:15: error: variable ‘ft’ set but not used [-Werror=unused-but-set-variable]
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-c1222.c.o
../../asn1/c1222/packet-c1222-template.c:103:19: error: ‘c1222_flags’ defined but not used [-Werror=unused-variable]
svn path=/trunk/; revision=40500
please.
Move some generated DCERPC dissectors back to the clean list; if they
actually *do* generate warnings, move them back.
svn path=/trunk/; revision=40479
Dissector for the bzr smart server protocol
The attached patch adds basic support for dissecting the bzr smart server protocol ( http://wiki.wireshark.org/Bazaar ).
svn path=/trunk/; revision=40259
- ... and make that distinction configurable for capture files that do not have padding in small frames, but do have trailers
- Add VSS-Monitoring dissector to show by the TAP inserted time- and portstamps
svn path=/trunk/; revision=40108
dissector for ELCOM communication protocol. This protocol is
used mainly by power utilities, to exchange historical, cyclic, and event based
data between SCADA systems.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6616
svn path=/trunk/; revision=40071
kNet (KristalliNet) dissector for Wireshark
kNet is a connection-oriented network protocol for transmitting arbitrary application-specific messages between network hosts. It is designed primarily for applications that require a method for rapid space-efficient real-time communication. kNet is an application-level protocol which can be ran either over UDP, TCP or SCTP transports.
From me :
* Add Modelines information and fix trailing whitespace
* Merge packet-knet.h in packet-knet.c
* Make Checkhf happy
* Fix Clang/GCC Warning about unused variable
* Add Authors info & CMakeList.txt
svn path=/trunk/; revision=40010
Enhance XMPP Dissector
XMPP is communication protocol that is based on XML.
Existing Jabber dissector has only few filtering possibilities and displays packets in inconvenient way.
This dissector is a result of cooperation with Jitsi community as Google Summer of Code project (http://www.jitsi.org/index.php/GSOC2011/XmppWireshark).
From me :
Add Mariusz Okrój in AUTHORS File
Add Modelines information
svn path=/trunk/; revision=39799
Dissector for the USB Integrated Circuit Card Interface Device Class (CCID)
I've implemented a reasonable subset of a dissector for the USB CCID specification (as described at http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf), during the course of experimenting with an ACS ACR122U ISO 14443 card reader and MiFare tokens.
It currently identifies all of the message types listed in that specification,ng.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines
* Fix Checkhf (Remove a unused entry)
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
svn path=/trunk/; revision=39750
Dissector for the NXP MiFare Protocol
I've just finished writing a dissector for the NXP-proprietary MiFare Protocol, as used alongside ISO 14443-A by a popular range of contactless (not-so-smart) cards, and various emulations, variants and clones thereof.
It currently supports all of the commands listed in http://www.nxp.com/documents/data_sheet/MF1S703x.pdf that also happen to be supported by LibNFC (http://code.google.com/p/libnfc/) - modulo the "NAK" and CRC bytes, since I haven't found examples of their usage in my USB traces, and I didn't want to hand-craft (probably incorrect) examples for testing.
From me:
* Fix Clang Warning
* Remove trailing whitespace from lines;
* Added packet-rfid-mifare to Makefile.common and CMakeLists.txt
* Add Modelines information
svn path=/trunk/; revision=39746
Dissector for HSR and PRP-1
Here is a patch that adds a dissector for HSR and for PRP-1. Both protocols are defined in IEC62439 Part 3. (High-availability Seamless Redundancy / Parallel Redundancy Protocol)
The existing PRP dissector has been refactored to support both the old PRP (now called PRP-0) and the new PRP-1.
There are three distinct dissectors:
- HSR (ethertype 892F)
- HSR/PRP supervision (ethertype 88FB)
- PRP-0 and PRP-1 (trailer dissector; disabled by default)
From me :
* Fix Clang Warning
* Add modification for CMakeLists.txt
svn path=/trunk/; revision=39692
Enhance Universal Alcatel Protocol
Several fixes and heuristic version. You can also specify the ports (as in the previous version), if the heuristic version is not working properly.
svn path=/trunk/; revision=39691
BitTorrent DHT dissector for wireshark
From me :
* Fix encoding attribut for proto_tree_add_item (with fix-encodings-args script)
svn path=/trunk/; revision=39653
dissector for HDCP (High bandwidth Digital Content Protection)
HDCP can run on top of TCP, there's no fixed port number assigned. I created a heuristic dissector that's disabled by default and can be enabled by setting a preference (similar to the hilscher dissector). The idea behind this is that some HDCP messages are hard to recognize (e.g. one byte message id + 8 random bytes). Having the dissector enabled at all times may generate false positives.
svn path=/trunk/; revision=39480
New Protocol Submission for MVRP (Multiple VLAN Registration Protocol)
New dissector submission for Multiple VLAN Registration Protocol (MVRP) defined in 802.1ak Standard, section 11. MVRP is used to to dynamically create and update Dynamic VLAN Registration Entries.
From me :
* Fix error from fix-encodings-args script
* Add Modeline information
* Added packet-mrp-mvrp.c to CMakeLists.txt
svn path=/trunk/; revision=39477
Add dissector for public protocol Flight Message Transfer Protocol (FMTP)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6433
- Modified and moved col_add_fstr outside of if(tree)
- call data dissector for data
- use ENC_BIG_ENDIAN
- minor cleanups
svn path=/trunk/; revision=39403
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5929
From me:
packet-cipmotion.c:
FT_BOOLEAN fields with bitmasks need a bit-fieldwidth in the hf[] entry 'display' field;
Define attribute_size as guint32 since it has to store guint8*guint16;
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
Remove trailing whitespace from lines;
Other minor cleanup and reformatting.
packet-enip.c:
Use ENC_NA as encoding arg in proto_tree_add_item() for FT_BYTES field types;
svn path=/trunk/; revision=39396
Move sniffer meta data parsing to separate files
packet-ieee80211.c includes dissectors for three different styles
of IEEE 802.11 sniffer meta data (like signal strength). Move these
to separate files in the same style as a fourth format (radiotap)
was already handled, so that packet-ieee80211.c focuses on the
actual IEEE 802.11 frame dissecting.
This reverts
http://anonsvn.wireshark.org/viewvc?revision=23911&view=revision
Objections?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6443
svn path=/trunk/; revision=39379
- Follow closely draft-ietf-p2psip-base-18
- Added support for draft-ietf-p2psip-base-18,
draft-ietf-p2psip-sip-06,
draft-ietf-p2psip-service-discovery-03,
draft-ietf-p2psip-self-tuning-04,
draft-ietf-p2psip-diagnostics-06,
draft-zong-p2psip-drr-00,
- Handoff to the xml dissectors for
configuration data
- export the message content dissection function
in the new packet-reload.h file for use in
related protocols (draft-hautakorpi-p2psip-with-hip-01)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6317
From me:
- Fix a few C++ style comments;
- Fix:
packet-reload.c(2156) ... conversion from 'guint64' to 'guint32', possible loss of data
packet-reload.c(3528) ... conversion from 'guint64' to 'guint32', possible loss of data
Note: Additional fix yet req'd since checkhf.pl gives:
ERROR: NO ARRAY: packet-reload.c, hf_reload_dmflag_underlay_hop
Unused entry: packet-reload.c, hf_reload_storeddata_signature
Unused entry: packet-reload.c, hf_reload_storeddataspecifiers
(Compile is OK).
svn path=/trunk/; revision=39301
This is a dissector for the BRP (Bandwidth Reservation Protocol). This protocol
is used by various telecommunications vendors to establish VoD (Video
On-Demand) sessions between a STB (Set Top Box) at the customer's home and the
VoD server at the video head-end.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6428
- Changed hf blurbs to NULL
- Used dissector_add_handle() as the proposed port is registered to a different protocol.
svn path=/trunk/; revision=39254
New dissectors: (UA) Universal Alcatel Protocol and transport UAUDP
From me :
* Prefer proto_tree_add_item (when is possible)
* Use 4-space indenting
* Add Modeline information
* Fix Clang Warning
svn path=/trunk/; revision=39167
Add dissector for XMCP protocol.
From me:
- Fixed an obvious bug setting transaction_id_key[2].key = NULL,
where transaction_id_key is defined with only 2 elements.
- Only register heur_dissector once.
- Only find media_type_dissector_table once.
- Added packet-xmcp.c to CMakeLists.txt
svn path=/trunk/; revision=39131
A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.
svn path=/trunk/; revision=39066
* Update pflog dissector to the last header format (OpenBSD 4.9)
* Dissect all new field (uid, pid, saddr, daddr...)
* Replace proto_tree_add_xxx(uint/string...) by proto_tree_add_item
* Remove not needed packet-pflog.h file
svn path=/trunk/; revision=38364
Vuze, called Azureus before, is a great BT client and has a lot of users,
while its DHT implementation is different from the official one.
From me: New-style dissectors are supposed to to always return
"bytes dissected" (not just when tree != NULL);
svn path=/trunk/; revision=37755
The menu gets a new item (Statistics -> RTSP -> Packet Counter).
Like HTTP, filter can be set and then the dialog windows shows the result of the RTSP analysis.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6042
svn path=/trunk/; revision=37741
Please see the attached patch which updates the ppi-geolocation support
to v2.0 of the specification. This iteration adds a new tag (sensor) and
removes support for velocity/acceleration from the vector tag. Most of
the changes center on the Vector tag. Everything that takes place
elsewhere is cosmetic.
I ran this iteration through fuzz-test and check-APIs just like last
time.
From me:
Replace tvb_get_ephemeral_string with tvb_format_text. Move dissector
registration to the bottom of each file.
svn path=/trunk/; revision=37733
Attached is a dissector for CN/IP protocol described in EIA-852. It is mainly
used to encapsulate and send Lontalk (EIA-709.1) or EIA-600 frames over UDP (or
TCP).
This dissector can only decode the common header and data frames can be decoded
by further dissectors.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5907
svn path=/trunk/; revision=37596
I made the following improvements to the Modbus/TCP dissector:
1. Implemented protocol to the latest specification (v1.1b). See
http://www.modbus.org/specs.php.
2. Upgraded to "tcp_dissect_pdus" instead of having the dissector do it
manually. This also provides TCP packet reassembly support.
3. Removed support for UDP port 502 because it's not supported by the protocol
specification. I believe "Decode As..." could be used in its place.
4. Added dissector support for the following function codes:
a) 8 - Diagnostics
b) 11 - Event Counter
c) 12 - Event Log
d) 43 - Encapsulation Transport (mostly for 43/14)
5. Removed support for function codes not in the protocol specification. None
of them were really being parsed, they just offered a "name" for the function
code.
6. Moved protocol #defines to header file for access from other dissectors. I
plan to have other dissectors use this, but one patch at a time.
7. Created "modbus" dissector that is accessible to other dissectors.
8. Renamed base "display filter name" to reflect PROTOABBREV.
I removed defines for value_strings, I think it's better to export the vaöue strings if needed.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5923
svn path=/trunk/; revision=37539
The two patches attached allow the dissection of the Homeplug AV Ethernet MAC
management frames between a controlling device and a Homeplug AV Ethernet to
PLC adapter. This protocol is pretty similar to the previous generation
Homeplug protocol (dissected by packet-homeplug.c) but a couple of noticeable
differences make it require its own dissector handler.
This dissector is based on the work done by Nicolas Thill, Xavier Carcelle and
myself in the Faifa project (https://dev.open-plc.org).
The dissector handles the standard Homeplug AV Ethernet MAC management frames
(called public) as well as the Intellon specific management frames (vendor).
From me:
Remove unnecessary global variables.
Add to COL_INFO even when !tree.
Remove gotos.
Remove unnecessary includes.
svn path=/trunk/; revision=37403
The Locator/ID Separation Protocol [1] is being standardized within the IETF,
and it is nearing RFC status (pending security review). I have been maintaining
a dissector patch for about a year, see [2]. Feedback received indicates that,
among others, it is widely used by the developers of a large router vendor,
without issues.
In January I submitted the dissector for data plane packets as bug #5602, which
was committed as r35615. The patch attached to this bug adds support for
dissection of control plane packets.
[1] http://tools.ietf.org/html/draft-ietf-lisp
[2] http://lisp.ccaba.upc.edu/wireshark/
svn path=/trunk/; revision=36845
A new dissector for uTorrent Transport Protocol
From me :
* Add link to spec BEP-0029
* Add note about type/version
* Rework extensions loop
* Use 2-space indenting
svn path=/trunk/; revision=36715
Adds BMC protocol, including adding support for MAC and RLC CTCH channels to carry it.
From me:
Removed hf blurbs = def and removed check_col added tp CMakeList.
svn path=/trunk/; revision=36662
* Number of ICMP echo requests, replies, lost replies and percent loss.
* Min, Max, Average SRT (Service Response Time), and standard deviation.
(This is my first tap, so hopefully I didn't miss something, but we'll see ...)
TODO: Add a Wireshark tap.
svn path=/trunk/; revision=36480
This patch adds the capability to create BACnet statistics trees.
Find the respective menu items under 'Statistics->BACnet'.
Packets can be sorted by different criteria:
- Src/Dst IP adresses
- Instance ID
- Object Type
- Service
From me:
- Don't use C++/C99-style comments.
- Name variables for tick_stat_node() don't need to be static.
- Change updateBacnetInfoValue() to require 'data' to be ep_ allocated. Change
the couple of calls that did not send in ep_ allocated data to do so.
- Change one or two functions to be static.
- Do not use (memory-unsafe) g_sprintf().
- Use ep_strconcat() instead of leaking memory with g_strconcat().
- Put back one if(tree) that doesn't appear to do any harm.
- Remove variable declarations and #includes from the header file.
svn path=/trunk/; revision=36468
A patch to add ATM over TCP Dissector.
The dissector dissect only the ATMTCP header (VCI, VPI, Payload Length)
The data are not yet dissect, it is necessary to add a "UAT" (As with the K12
dissector) to indicate the type (ILMI, AAL, ATM...) of data (based on VCI/VPI)
svn path=/trunk/; revision=36354
Patch, which removes both EPL and EPLv1 .h files, as well as adding a heuristic dissector hook to EPL (v1 is nearly nowhere in use anymore, therefore not needed)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5751
svn path=/trunk/; revision=36198
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Enhance RIPng
* Replace tvb_memcpy/proto_tree_add_text by proto_tree_add_item
* Remove dependency to packet-ipv6.h
* Remove packet-ripng.h (not needed)
Also update AUTHORS file
From me:
Put a check_col() back and reword (shorten) a couple of the new blurbs.
svn path=/trunk/; revision=36033
Patch to add a new dissector for Realm Specific IP (RSIP) as defined by
RFC 3102, RFC 3103, and RFC 3104.
This is a very basic dissector. It could be extended to do addtional RSIP
protocol violation testing. The dissector is written such that it should be
easy to add later.
svn path=/trunk/; revision=35653
The patch I am attaching here is for dissecting LISP data packets.
From me:
Minor cleanups.
Showing the reserved field.
Adding to all makefiles and release notes.
svn path=/trunk/; revision=35615
FCoIB – Fibre Channel over InfiniBand. The protocol enables transmission of
Fibre Channel frames over InfiniBand networks. It is based on encapsulation of
Fibre Channel frames over InfiniBand UD transport. The discovery protocol is
based on the FIP protocol (not supported by this patch).
This patch adds an FCoIB dissector to Wireshark. It is based in large part on
the existing FCoE dissection code.
This code is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=35475
Bluetooth profiles and protocols above RFCOMM and L2CAP can not be dissected correctly because the required information (server channel and dynamic PSM value mappings to services/profiles) about the type of data carried in the payload is not available. RFCOMM is currently hardcoded to handoff all payload data to the obex dissector though it may carry e.g. handsfree, dial-up networking or serial port profile related data.
The patch consists of modifcations to the following dissectors:
btsdp: Extraction of RFCOMM server channel and L2CAP dynamic PSM with service mapping is provided to RFCOMM and L2CAP through a tap interface. In addition, the packet list info is beautyfied and extended with more details for better
overview.
btl2cap: Adds a new dissector table with services and dynamic PSM mapping which is filled by a tap listner catching the info from btsdp. More info added to packet list.
btrfcomm: Adds a new dissector table with services and server channel mapping which is filled by a tap listner catching the info from btsdp. Dissectors for handsfree, dial-up netorking and serial port profiles (all based on RFCOMM) are also added.
btobex: Registers several obex based profiles (e.g. obex push, file transfer, basic printing etc.) in both RFCOMM and L2CAP. Some cleanup.
svn path=/trunk/; revision=35323
1) Add links to RFC 4627 and the json.org web site.
2) Comment out hf_json_member_key to keep tools/checkhf.pl happy.
3) Avoid duplicate (application/json) from being displayed in Info column.
svn path=/trunk/; revision=35317
This is a dissector for reload framed message:
ReLOAD packets can be inserted in frame message, as described in
draft-ietf-p2psip-base-10
From me: remove some unnecessary includes.
svn path=/trunk/; revision=35005
This patch adds to Wireshark the ability to dissect Infiniband SDP (Socket
Direct Protocol) and CM MADs traffic.
It also contains various other bug-fixes and enhancements. SDP traffic can be
identified automatically (analyzing SDP CM MADs) or manually.
SDP, or Sockets Direct Protocol, is a protocol developed by the Infiniband
Trade Association which enables existing socket-based applications to
transparently utilize the Infiniband capabilities.
This patch is submitted on behalf of Mellanox Technologies Ltd.
svn path=/trunk/; revision=34918
The company I work for uses two proprietary protocols, for which I initially
developed wireshark plugins. Now we would like to integrate them into the
public wireshark repository.
I followed the READMEs and converted the plugins into a static dissectors. I
cleaned up the code until checkAPI.pl was silent, translated all terms to
english and ran randpkt and fuzz-testing for a long time. All that I found was
a bug in a different dissector.
From me:
- Fold the header files into the dissectors
- Clean up some memory leaks
- Strengthen the heuristics of adwin-config (the TCP heuristics are still pretty
weak)
- Make packet-adwin.c a "new style" dissector
- Use find_or_create_conversation()
- Remove most of the check_col()'s
svn path=/trunk/; revision=34640
Add dissector for Tektronix Teklink Protocol, used by their Logic Analyzers.
May be useful for reverse engineering their Protocol.
svn path=/trunk/; revision=34609
Add dissector for PAPI (Aruba AP Control Protocol), used by Aruba WLAN
Controller).
There is no documentation on this protocol, the dissector is based on my
analysis ...
There is also an experimental "debug dissector" (not enable by default) for
dissecting the rest of data.
Changes by me:
- make it a new-style dissector
- change the name of the "debug" preference
- other minor changes
svn path=/trunk/; revision=34587
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5095
From me: Fix a bug in add_symbol which caused occasional Wireshark crashes;
Add additional checking during parse of symbol hash file;
Improve "directory not found" error message;
Do misc code cleanup and simplification.
svn path=/trunk/; revision=34558
radiotap: new parser
The current parser has a number of bugs, most
importantly not being able to parse radiotap
files with multiple presence bitmaps. It is
also rather hard extend. Use a generic library
for parsing radiotap that can be extended very
easily.
From me:
Dumb down some initializers and add some casts to make Visual C++ happy.
svn path=/trunk/; revision=34515
- packet-cfm.h not used elsewhere: incorporate into packet-cfm.c;
- Move proto_register and proto_reg_handoff to the end of the file;
- Localize some variables;
- Remove some unneeded initializers;
- Cleanu some whitesace.
svn path=/trunk/; revision=34334
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5067
From me: - Fix one bug;
- Add a comment about some code which doesn't display info
in COL_INFO as intended due to what seems to be a Wireshark bug in
tcp_dissect_pdus() when there are multiple records in a
TCP frame.
svn path=/trunk/; revision=33824
dissectors/Makefile.common:
The following dissectors were missing from CM:
dissectors/packet-dcerpc-budb.c
dissectors/packet-dcerpc-butc.c
dissectors/packet-dcerpc-drsuapi.c
dissectors/packet-gsmtap.c
Both: Whitespace fixes and reordering.
svn path=/trunk/; revision=33462
From me: A few minor changes:
- col-clear() not req'd;
- Use 'gint32 length' rather than 'guint8 length';
- Use ENC_NA instead of FALSE/TRUE in two cases;
- Move global tdmoe_handle to be local to proto_reg_handoff...
svn path=/trunk/; revision=33307
Add support for Gigamon headers (timestamp, source port, length, etc)
that are inserted by Gigamon network equipments.
From me:
Various cleanup:
- Register to "eth.trailer" heuristics for trailer.
- Use standard dumping of timestamp.
- Rewrote gmhdr_plfm_str handling.
- Dump srcport details in a subtree.
- Removed packte-gmhdr.h.
- Ensure the while-loop will end.
svn path=/trunk/; revision=33256
IDMP provides a mapping of request-response service elements directly onto the Internet TCP/IP protocol, bypassing the ACSE, Presentation, Session and Transport layers of the OSI model. It also supports the use of TLS services.
The DAP dissector has been updated to use the IDMP protocol.
svn path=/trunk/; revision=33177
Add a new dissector for the NexusWare C7 MTP over UDP/TCP protocol. One of
NexusWare's example applications provide a way to forward MTP Level 3 messages
via UDP/TCP. This is a dissector for this protocol (which is lacking an IANA
assigned port).
svn path=/trunk/; revision=33082
"Different people made changes to enhance the batman-adv dissector. It seems
that the batman dissector wasn't touched and misses those changes. Following
patchset should improve the dissector the same way Gerald Combs, Guy Harris and
Bill Meier improved batman-adv."
See Bug #4384: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4834
From me: Add back a few 'if (check_col()) ...';
I probably went just a bit too far in changes I made in packet-batadv.c
svn path=/trunk/; revision=33062
The wireless meshing protocol B.A.T.M.A.N. Advanced changed their packet format
in such a way that now versions can be identified and so correct dissection of
the packets can be supported by wireshark.
Since it is a ever moving target it is very possible that the packet format is
changing slightly. The dissector was written in such a way that new version can
be supported relative easy.
I hope that it sufficient for the inclusion in wireshark.
I tried to fuzzing it some hours and no error was reported.
From me:
Initialize our dissector handles.
Merge packet-batadv.h into packet-batadv.c. It isn't included anywhere else.
Fuzz 500 passes using attached capture files.
svn path=/trunk/; revision=33052
I've created a ASN.1 dissector for the IEC 61850 Sampled Values protocol. It
dissects ethernet frames of the IEC 61850-9-2LE specification form the UCA
International User Group.
There is also a new TAP for tshark (-R sv) which extracts the important
information of the frame and allows to create plots (with external tools) of
the sampled values.
I've developed under Linux (Ubuntu 8.10) but everything should be in place for
successful compilation under Windows.
It would be great if this dissector could be included in wireshark. I'm looking
forward for your comments.
svn path=/trunk/; revision=33039
Add support for the IBM TN5250 data stream protocol.
http://wiki.wireshark.org/TN5250
From me:
Move most of the contents of the header file to the .c file.
Replace blurbs that match the hf name with NULL.
Replace empty-string blurbs with NULL.
Fix some abbreviations (hf_tn5220_xxx -> tn5220.xxx).
Make some functions static.
Cast some offset increments to unsigned to make sure we don't go backwards
(which could create a loop). This includes making most of the subdissection
functions return an unsigned number.
Use find_or_create_conversation().
svn path=/trunk/; revision=32838
This is mostly to recognize the packets and a start to reverse engineer
the currently undocumented protocol. It's very far from complete/correct!
svn path=/trunk/; revision=32542
see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4590
From me: A few minor changes:
- Make ancp_info a local variable rather than a static global variable;
- Use Stats ! ANCP rather than Stats ! ANCP ! Packet Types.
svn path=/trunk/; revision=32353
There were 2 dissectors for GPRS-NS (GSM 48.016) protocol, packet-gprs-ns.c and
packet-gprs-ns.c. packet-nsip.c seemed to be the more complete, and has a
cleaner output.
I have polished up nsip.c and changed it so that it identifies itself as the
dissector for gprs-ns.
packet-gprs-ns.c can be deleted.
(Removed from the makefile for now).
svn path=/trunk/; revision=32295
See: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4584
From me:
- Change dissect_sasp_pdu() to return void: tcp_dissect_pdus() ignores
any return value when it calls a dissector and thus trying to register/use
the dissector as a 'new-style' dissector doesn't work as intended;.
- Add some 'expert' messages for invalid SASP Header Type and unknown Message Type.
- Use consistent indentation & cleanup whitespace;
- (A few other minor changes).
svn path=/trunk/; revision=32266
I have written a crude dissector of GigE-vision Control Protocol packets.
The dissector was written as part of the opengigevision project:
http://gitorious.org/opengigevision
svn path=/trunk/; revision=32198
Add ETSI ts101671 dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4543
I added dissection of
UmtsQos,
IMSevent,
LDIevent,
TARGETACTIVITYMONITOR-1
TARGETACTIVITYMONITORind,
TARGETCOMMSMONITORind,
TTRAFFICind,
CTTRAFFICind
And used the original HI2Operations ASN1 file.l
svn path=/trunk/; revision=32053
cranks up the warnings, with the side-effect of turning off -Werror, and
none of the other GCC buildbots complains about them.
svn path=/trunk/; revision=31958
Aruba Wireless Controller support a Remote Monitoring of Access Point
The code is based en HP ERM/Cisco ERSPAN dissectors
svn path=/trunk/; revision=31645
From me: Remove changes related to the ARP protocol because it doesn't
appear to be necessary for SocketCAN. Will add later if Felix says it is
needed.
svn path=/trunk/; revision=31196
Added support for Solaris IPNET layer
From me:
Some code cleanup in packet-ipnet.c
Added packet-ipnet.c to CMakeFiles.txt
Added WTAP_ENCAP_IPNET to encap_table_base[]
svn path=/trunk/; revision=31159
This patch adds protocol dissection support for the Assa Abloy R3 protocol.
R3 is an electronic lock management protocol for configuring operational
parameters, adding/removing/altering users, dumping log files, etc.
svn path=/trunk/; revision=31105
This is a patch for a new dissector that decodes Nokia Siemens Networks'
proprietary Flow Layer Internal Protocol (Ethertype 0x8901).
svn path=/trunk/; revision=31069
- packet-bacapp.h eliminated and included in packet-bacapp.c
- dissection of recipient-list and client-cov-increment added
svn path=/trunk/; revision=30955
NetPerfMeter is an Open Source TCP/UDP/SCTP/DCCP network performance metering
application for Linux, FreeBSD and MacOS X. It can be downloaded here:
http://www.exp-math.uni-essen.de/~dreibh/netperfmeter/ . The protocol used by
this application for the transport of control and data is called NetPerfMeter
protocol. The attached patch is a dissector to decode its packets.
svn path=/trunk/; revision=30943
This patch adds support for PacketBB (RFC 5444) to Wireshark.
PacketBB is a generic message format for mesh networks.
Both OLSR version 2 and DYMO will use packetbb.
svn path=/trunk/; revision=30942
I have built and tested a new Wireshark dissector which decodes a mirrored
packet that has an additional prepended UDP header attached to it. The packet
format was designed by Juniper Networks.
svn path=/trunk/; revision=30777
The attached patch adds a dissector for IPv6 over IEEE 802.15.4 (aka 6LoWPAN).
The protocol is specified in RFC 4944. This dissector also processes the
6LoWPAN draft header compression scheme in draft-ietf-6lowpan-hc-05.
svn path=/trunk/; revision=30268
This patch adds support to Wireshark for dissecting UDP packets used by
collectd's network plugin in order to transmit data from ones host to another
host (e.g. centralized storage of statistics while data is collectd on
individual systems)
The current dissector understands the part types supported by collectd-4.5
series and gracefully processes future part types (flagging them as unknown).
In regard to protocol errors or bad packets checks are based on the various
length fields used, parts are marked with warning when length is unexpected;
marked with error when length breaks minimal rules.
svn path=/trunk/; revision=29887
but (since the patch no longer applied cleanly) essentially manually
re-implemented by me:
Rename "stun" to "classic stun" and "stun2" to "stun", to follow the usage
defined in draft-ietf-behave-rfc3489bis-18 section 2.
svn path=/trunk/; revision=29884
Add a target ("x11-dissector") to build the X11 dissector.
Put the X11-related files (back) in the source distribution.
svn path=/trunk/; revision=29871
This patch adds extension support to the X11 dissector.
I've removed the perl script from the make file, since the new one depends on
perl 5.10, xcbproto (at least git as of today), and mesa (at least the
mesa/src/mesa/glapi directory). It seemed easier to just add the generated
header files to svn directly.
svn path=/trunk/; revision=29854
Add new protocol for 3GPP 29.414 (Nb interface RTP Mux).
- Don't use C++-style comments (comments beginning with "//")
- Don't declare variables in the middle of executable code; not all C
compilers support that.
- Dont register preferences when none present.
- Removed CHECK_COL
svn path=/trunk/; revision=29602
In that process, include the contents of packet-fmp_notify.h directly
in packet-fmp_notify.c - it wasn't used anywhere else.
svn path=/trunk/; revision=29512
Here is a patch against SVN that implements preliminary support for USB HID
devices. At the moment it only dissects the initial set up packets (which you
will see if you hotplug a keyboard or mouse.)
The patch also fixes a minor bug in the USB dissector code which reported
certain packets as malformed due to miscounting bytes, and it reports control
packet data and padding data in a more user-friendly manner.
svn path=/trunk/; revision=29256
Part 1:
Rename packet-gsm_abis_ip.c to packet-gsm_ipa.c.
Part 2:
Rename to the content to match the filename.
Part 3:
Add GSM A/SCCP support to the packet-gsm_ipa.c dissector
Adjusted patch to take laforge's comment into account. Use guint16 for the
length and use the ntohs routine to convert the length.
svn path=/trunk/; revision=29254
v5.2-User Adaptation Layer and V5.2 Interface.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3732
Me:
Removed check_col(), hf blurbs, removed global vars and regestering
SCTP port in packet-v52.c.
svn path=/trunk/; revision=29096
Within the attached diff file are two source files, packet-dtn.h and
packet-dtn.c. Their function is to decode Bundle Protocol PDUs sent using the
UDP or TCP Convergence Layers. These protocols have been released by the
Internet Research Task Force and are described in RFC 4838 and RFC 5050.
Detailed information on DTN can be obtained at www.dtnrg.org.
svn path=/trunk/; revision=29010
This patch protects against malformed Unique ID lengths (>= 252 bytes) and
defer all tvb_xxx related calls to when we actually need them. This allows us
to dissects as much as possible before bailing out (in case of a malformed
length).
From me:
Add a link to the protocol specification. Remove packet-miop.h along
with some struct definitions. (Don't tvb_memcpy over structs!) Remove
some more tvbuffs. Don't call proto_item_add_subtree if we're not going
to use the trees. Call proto_tree_add_item instead of
proto_tree_add_text Remove a bunch of unused ett_ variables. Add an
expert item for the protocol version. Register the field array with the
correct length.
svn path=/trunk/; revision=28963
The Bluetooth AMP Manager protocol was recently adopted by the Bluetooth SIG.
This protocol sits on top of L2CAP and requires a few changes in order to
accommodate the new move/create channel request.
This patch includes:
* a new Bluetooth AMP Manager Protocol dissector
* changes to L2CAP to handle the new move/create channel signals
* introduce a dissector table for fixed channel, allowing btamp dissector to
handle the BT AMP Manager Protocol channel
* Preliminary changes in L2CAP to support the new enhanced L2CAP modes
(enhanced retransmission/streaming mode)
svn path=/trunk/; revision=28819
Jeff Morriss