- Don't use 'l' as a variable name;
- Use 'tvb_strsize();proto_tree_add_item();' iso 'tvb_get_ephemeral_stringz(); proto_tree_add_string();'
- Use ENC_NA/ENC_BIG_ENDIAN iso FALSE as appropriate for proto_tree_add_item().
svn path=/trunk/; revision=39047
proto_tree_add_item() calls.
For strings, add ENC_UTF_8. (Yes, the byte order is irrelevant for
those - but they should arguably be FT_UINT_STRING, as they're counted
strings, and the byte order *is* relevant for FT_UINT_STRING.)
svn path=/trunk/; revision=39041
"The PostgreSQL dissector do not fully support the frontend StartupMessage (see
"StartupMessage" in
http://developer.postgresql.org/pgdocs/postgres/protocol-message-formats.html).
The couples parameter name/parameter value in this kind of message are reported
as a block of text ("name: value") by the dissector whereas reporting them as
parameter name/parameter value would be more appropriate.
I've fixed it, so now the username and the database sent by the frontend can be
handled in, for instance, the CSV output of TShark.
I've also added a "val_count" field to contain the number of values (row
descriptions or row data) included in RowDescription/DataRow messages. This
information is useful when analyzing the CSV of TShark since in a CSV row, many
row descriptions or row data may be packed together."
Patch changes from me:
- No need to fetch ephemeral string anymore so just use tvb_strsize()
to get string length;
- Change field-filtername from pgsql.val.count to pgsql.field.count
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6343
svn path=/trunk/; revision=39030
If the GAS Query Request/Response Length field is incorrect, the
dissector function may return a value that is larger than the remaining
packet buffer. This results in a Tagged parameters item being added with
-1 byte length since tvb_reported_length_remaining() reports -1 once the
offset goes beyond the end of the packet. Clicking on that item results
in Wireshark dying on Gtk-ERROR. Note: this does not show up in tshark
and as such, cannot apparently be triggered with fuzz-test.sh.
Fix this by refusing to dissect GAS frames that have too large length
field value. In addition, verify that tvb_reported_length_remaining() is
returning a value larger than 0 instead of non-zero (which could be -1)
to make the IEEE 802.11 dissector more robust against this type of
issues.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6345
svn path=/trunk/; revision=39024
- Dissect ANQP Network Authentication Type
- Dissect ANQP Domain Name List
- Dissect Interworking element
- Dissect Roaming Consortium element
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39023
ieee80211: Support multiple ANQP info elements in response
ANQP Query Response may include multiple ANQP info elements. Parse each
one of these separately. In addition, clean up three ANQP subtrees to
avoid the unnecessary subtree at higher layer and instead, use a
separate subtree for each ANQP info elements.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39008
ieee80211: Show ANQP adv proto on subtree title line
This makes it easier to get the most significant information from the
Advertisement Protocol element in GAS messages without having to expand
subtrees.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39007
ieee80211: Do not add duplicate tag number/len for adv proto
dissect_advertisement_protocol() is used both for ANQP and for parsing
IEs. The tag number/length fields need to be added only for ANQP to
avoid adding duplicate entries in the proto tree.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39006