now that we can decrypt DCERPC
the dissection is not complete since idl2eth can not yet handle
all the weird extensions in the idl file yet.
svn path=/trunk/; revision=13729
- Give each IE its own subtree, with a summary at the root, and
details within the tree. It allows a condensed view when IE
trees are closed.
- Display country info in multiple protocol tree items, with
each (start channel, channels, power) triplet in a separate
item.
- Put a separate item into the protocol tree for each CFP
parameter.
svn path=/trunk/; revision=13713
should be used for ATM, so just use the data dissector for now.
The X.25 dissector registers itself as "x.25", not "x25".
svn path=/trunk/; revision=13711
fix the call to "rtp_add_address()" to match the new signature;
fix a problem with the codec displayed in the "Voip Graph"
for H245 "RequestMode" messages.
svn path=/trunk/; revision=13709
routine to handle that.
Don't format the value text into a buffer; just use
"proto_item_append_text()", so we don't run the risk of overflowing the
buffer.
Use "ip_to_str()" to format an IP address - don't roll our own code to
handle that.
Don't make "is_fhss" global - that causes its value to depend on the
last packet dissected, which isn't necessarily the right value for the
packet being dissected.
svn path=/trunk/; revision=13707
(cifs: dc's talking to eachother and when longhorn comes out: anyone wanting to talk dce to a dc!)
((this is an incredibly advanced feature well worthy of mentioning in NEWS))
svn path=/trunk/; revision=13690
Use "tvb_reported_length_remaining()", not "tvb_length_remaining()", in
the loop parsing the packet contents, so we throw an exception on a
short frame (to mark that it *is* a short frame).
Use "tvb_format_text()" for text strings, so we don't have a problem
with non-printable characters.
Use "ether_to_str()" to turn MAC addresses into strings.
Clean up indentation.
svn path=/trunk/; revision=13679
- better parsing for TIM info element: it parses 'bitmap control' byte
and provides list of AID for stations having power saving traffic.
- separate names for TIM elements. It helps to higlight beacons with
some properties, for example DTIM ones (dtim_count==0).
svn path=/trunk/; revision=13678
and Kerberos decryption is enabled in preferences
and if we have the keytab file available
then attempt to decrypt Secure LDAP
svn path=/trunk/; revision=13660
make spnego able to decrypt data wrapped inside
GSSAPI/SPNEGO/KRB5 arcfour-hmac
This code will be more etherealified and evolve into being able to link with MIT as well.
svn path=/trunk/; revision=13659
Replace the use of the undefined type krb5_keyusage (at least with heimdal)
in decrypt_krb5_data with the old int. The change wasn't complete anyway
as the .h file wasn't changed and the third implemenitation of
decrypt_krb5_data was left out also.
Disclaimer: I only made sure it compiles again, I don't know whether the
change has any side effects.
svn path=/trunk/; revision=13645
recursion instead of iteration means that packets with sufficiently
large lists can cause it to overflow the stack and crash.
svn path=/trunk/; revision=13643
("Data lengths larger than 2^32-1 are not encodable using primitive
tags"), so it doesn't need to be a "guint64" - but it *can* be that big,
so we should handle the 65536-2^32-1 case.
Don't gratuitously throw away the upper 24 bits of various lengths by
casting them to guint8.
Show signed values as such.
Don't use "match_strval()" - it returns a null pointer if it doesn't
find the value in the value_string table; instead, use "val_to_str()" so
we don't blow up if the value isn't found.
svn path=/trunk/; revision=13640
will treat it as negative" problem by first calling
"tvb_ensure_bytes_exist()" - if the length is *that* large, it will run
past the end of the tvbuff, so the exception that
"tvb_ensure_bytes_exist()" will throw with a negative argument will be
the correct exception.
svn path=/trunk/; revision=13614
comment appropriately.
Make a bunch of routines static.
Don't just dissect stuff past the end of the variable portion as data -
the protocol spec doesn't appear to say there's anything after that.
Don't pass the offset to the routines to dissect the different types of
PDUs, just have them start at 0.
Use guint8 for 8-bit unsigned quantities.
Rename the routine to dissect Abort PDUs to match the other PDU
dissectors.
svn path=/trunk/; revision=13611
followed by PRIu64.
Don't use C++/C99-style comments.
Use "tvb_reported_length()" to get packet lengths - don't use
"tvb_length()", and especially don't directly refer to the "length"
field of the tvbuff.
svn path=/trunk/; revision=13609
decrypt and behold the new password in plaintext in all its glory
(given you have the keytab with the old one of course)
svn path=/trunk/; revision=13586
don't do it if we don't have the entire packet, including the
CRC value;
fetch the CRC value from the packet with tvb_get_letoh24(),
and compare that against the computed CRC, rather than comparing
the computed CRC (presumably in host byte order) with the
little-endian CRC in the packet (that doesn't work if host byte
order is big-endian).
svn path=/trunk/; revision=13571
the iscsi layer will not hold the LUN value (it is reserved)
so we need to remember if from the initial Command PDU.
make the LUN reporting work for errorrecoverylevel==0 targets
svn path=/trunk/; revision=13563
- stat_infos are mantained in a GPtrArray to avoid leaking and overwriting them
- added http_host and request_uri to http_info_value_t
svn path=/trunk/; revision=13555
1) added _U_ tags in RMT dissectors to suppress "unused parameter" warnings.
2) added a dissector_add_handle("ip.udp", ip_handle) to IP dissector, to
allow the following chain of protocols: IP over UDP over IP. It seems
uncommon, but it's used by implementations of experimental protocols
(e.g. TCP-XM) that run a userspace IP stack (e.g. lwIP) over UDP. The
dissector of IP over UDP must be enabled explicitly using the "decode
as..." window.
svn path=/trunk/; revision=13540
"decode_boolean_bitfield()" returns a "const char *" - don't cast it to
a "gchar *" and modify what it points to. Instead, just use
"other_decode_bitfield_value()".
svn path=/trunk/; revision=13494
on scsi.lun and prettify the summary line a bit.
ndmp still needs some work to track luns between commands
and fcp needs verification it works for volumesetaddressing.
svn path=/trunk/; revision=13420
make it possible to prettify SIDs and control how and where their string representation should be shown in the summary line and the tree
similar to how counted_strings prettification can be controlled
svn path=/trunk/; revision=13413
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
BSSGP:
- Does not dissect the LLC-PDU twice
LLC:
- Add CRC calculation to differ between ciphered and non-ciphered packets without taking care about the encryption bit.
This solves crashes when the option "ignore ciphere bit" was activated
GMM/SM:
- Dissect detach_type now correctly ( fixed by Miklos Szurdi )
- Dissect timer correctly ( fixed by Miklos Szurdi )
- Update SM causes for Release 6 ( Miklos Szurdi )
- Update service_type for Release 6 ( Miklos Szurdi )
- Rearange pco code like Guy Harris has suggested ( Guy Harris )
- reimplement dissection of IPv4 and IPv6 addresses
- Fix offset in pdp_addr
- Fix offset in Traffic Flow Template (tft)
svn path=/trunk/; revision=13386
BSSGP:
- Does not dissect the LLC-PDU twice
LLC:
- Add CRC calculation to differ between ciphered and non-ciphered packets without taking care about the encryption bit.
This solves crashes when the option "ignore ciphere bit" was activated
GMM/SM:
- Dissect detach_type now correctly ( fixed by Miklos Szurdi )
- Dissect timer correctly ( fixed by Miklos Szurdi )
- Update SM causes for Release 6 ( Miklos Szurdi )
- Update service_type for Release 6 ( Miklos Szurdi )
- Rearange pco code like Guy Harris has suggested ( Guy Harris )
- reimplement dissection of IPv4 and IPv6 addresses
- Fix offset in pdp_addr
- Fix offset in Traffic Flow Template (tft)
svn path=/trunk/; revision=13385
of 0 to be dissected as STUN packets, to support dissecting of
application that follow the ICE methodology described in
draft-ietf-mmusic-ice-03.
Remove some extra spaces at the end of tags for preferences.
svn path=/trunk/; revision=13356
Find attached a patch for "Voip analysis" to get the LRQ/LCF/LRJ messages included in the H323 calls for Gatekeeper to Gatekeeper configurations
svn path=/trunk/; revision=13337
Update conversation_new and find_conversation in plugin_api_list.c and
associated files.
Add packet-dcerpc-butc.h to the distribution.
svn path=/trunk/; revision=13288
and the prototype idl compiler.
this is not ready for wide use yet but is useful with a svn area where we can sync our changes to the compiler.
svn path=/trunk/; revision=13280
Attached please find a small performance optimization to packet-ip.c,
which removes multiple redundant calls to tvb_get_ptr().
Changed srt_addr and dst_addr from char to guchar
svn path=/trunk/; revision=13272
Please find attached a small patch for CoSine L2 debug dissector. The
code used to incorrectly select the first 4 octets in the tvbuff. This
patch fixes this problem.
svn path=/trunk/; revision=13271
Do not add target address if the packet is a Request. According to the RFC,
target addresses in requests have no meaning
svn path=/trunk/; revision=13269
Patch for graphing ISUP calls. It shows the type of message,
in the first one the calling and called numbers, and in the second the SPs
and CIC; in releases it shows the cause value.
svn path=/trunk/; revision=13263
1) Added a setup_frame parameter to conversation_t
2) Used the conversation_t next to maintain a list of conversations with the
same src/dest tuple but different setup_frame number.
3) Changed the signature of find_conversation() and conversation_new() to pass
in the frame number.
4) Adjusted packet-sdp to select RTP conversation if both m=audio and m=image
are present, and T.38 conversation if only m=image is present. I expect that
RTP/T.38 dissecting to be better, but I don't have a way to generate T.38
packets.
svn path=/trunk/; revision=13243
h323 taps support up to 5 messages per packet now.
VoIP call analysis:
- Collect ISUP, SIP and H323 calls from a capture and show them in window with the following info:
- Start and Stop time of the call
- Init
svn path=/trunk/; revision=13225
it as such.
Clear the Info column when dissecting cells for an AAL we handle before
dissecting the cell, and set the Info column for OAM cells.
svn path=/trunk/; revision=13222
packet-redback.c(63) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
packet-redback.c(64) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
packet-redback.c(65) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
packet-rmt-fec.c(108) : warning C4244: '=' : conversion from 'unsigned short ' to 'unsigned char ', possible loss of data
svn path=/trunk/; revision=13221
- remove duplicate fields from VSAs (every defined field in VSAs was set twice)
- dissect radius packet with avplen == 0 (did not decode authenticator when no AVPs were present)
svn path=/trunk/; revision=13216
the really really old one which is never used
and there is the DCE/RPC one that is used by all windows/cifs implementations.
We used to reserve the protocol name NETLOGON for the old obsolete protocol
and since we can not have two protocols with the same name, called
the current protocol RPC_NETLOGON instead.
that does not exactly make sense.
This renames the old obsolete protocol to SMB_NETLOGON to make way and allow
the real netlogon protocol take the name NETLOGON
svn path=/trunk/; revision=13215
Don't check, in the dissectors for particular Gnutella packets, whether
the packet goes past the end of the tvbuff - let that throw an exception
so unreassembled packets are shown as such.
Clean up indentation.
Boost GNUTELLA_MAX_SNAP_SIZE to 4096 (one Gnutella spec suggests that
packets should be < 4K), and use it to
1) clamp the length of packets (so we don't do huge reassembly
or have problems when the total packet length, including the
header, overflows 32 bits)
and
2) check the length of packets before using tcp_dissect_pdus(),
to distinguish between packets to be reassembled and a
transfer stream.
Pass the correct value to tcp_dissect_pdus() as the header length.
svn path=/trunk/; revision=13211
change its signature to match the autogenerated signatures.
add a small wrapper function so tha tthe handwritten lsa can still call the
function through dissect_ndr_pointer()
no changes in functionality, essentially just a rename of a function and signature change
svn path=/trunk/; revision=13207
Do more, and more careful, AVP length checks.
Use tvb_format_text() to display strings.
Just use "col_add_fstr()" to set the Info column - there's no need to
format into a buffer and then set the column to that buffer.
Make the L2TP dissector a "new-style" dissector and have it reject
packets with an unknown version number - the dissection effect is the
same if no other dissector claims the packet (it just gets displayed as
data), but this allows other dissectors to claim it.
Don't use the length field if the length bit isn't set.
svn path=/trunk/; revision=13201
If the information that we used to guess the payload type is part of the
payload, don't make it correspond to the "Payload Type" protocol tree
item - it's covered by the dissected payload.
If we don't succeed in guessing the protocol type, just dissect the
payload as data.
svn path=/trunk/; revision=13200
this construct is aligned on 4 byte boundaries in ndr and NOT
8 bytes as a real uint64 (== hyper) would be.
rename the existing dissect_ndr_uint64 ro dissect_ndr_duint32 (double uint32) to make it reflect better the alignment of the type.
svn path=/trunk/; revision=13184
otherwise, we're using it in a tvbuff and shouldn't free it (even if the
next level of reassembly isn't complete, so that al_tvb is ultimately
null).
svn path=/trunk/; revision=13134
Use "guint16" instead of "u_int16_t", "guint8" instead of "u_int8_t",
and "guint" instead of "u_int", to handle platforms lacking the latter
types. Make "ppp_heuristic_guess()" reeturn a Boolean, as it just
returns a "yes or no" answer.
svn path=/trunk/; revision=13132
in the frame. The filter "frame.protocols contains ip:icmp:ip" could
be used to find any ICMP packets containing IP headers.
Clean up whitespace.
svn path=/trunk/; revision=13118
to the end of the tvbuff.
Don't return a value from "dissect_h4501()" - the value isn't used, and
"dissect_h4501()" is registered with "register_dissector()", so it's not
supposed to return a value.
svn path=/trunk/; revision=13104