git.samba.org - obnox/wireshark/wip.git/log

Keep the list of modules with preferences sorted by the module name, in
dictionary order (case-insensitive), so that they show up in order in
the "Preferences" dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4052 f5534014-38df-0310-8fa8-9805f1628bb7

Updates from Mark Burton:

The enclosed code contains the following improvements:

1 - Compatible with 08 version of the protocol

2 - Handles both header and data digests

3 - Supports desegmentation

4 - Dissects multiple PDUs per packet

5 - Stronger heuristics to avoid dissecting non-iSCSI packets

6 - General rationalisation and de-crufting!

The old code that attempted to automatically detect the presence
of a header digest has been removed.  You now have to specify in
the iSCSI preferences whether digests are enabled and if they
are, whether they are CRC32 or not.  If not CRC32, you also need
to specify the size of the digests (in bytes).

Another new option specifies the iSCSI port number.  This is
used in the heuristics to filter out packets with silly port
numbers, set to 0 to disable the port filter.

One problem that I haven't been able to track down is that if
desegmentation is enabled and you turn digests on or off
ethereal throws a SEGV.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4051 f5534014-38df-0310-8fa8-9805f1628bb7

Add little arrows to the column titles to indicate which column we're
using to sort as well as the sort direction.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4050 f5534014-38df-0310-8fa8-9805f1628bb7

Properly handle the andX command in a LockingAndX message.

Fix up some closing braces.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4049 f5534014-38df-0310-8fa8-9805f1628bb7

If we decide that a packet to or from port 2000 isn't really a Skinny
Client Control Protocol packet, at least dissect its payload as data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4048 f5534014-38df-0310-8fa8-9805f1628bb7

FT_UINTn values must always have a base, even if they're bitfields - the
width of the item containing the bitfield is "n", so you don't have to
specify it explicitly, as you have to do with FT_BOOLEAN bitfields.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4047 f5534014-38df-0310-8fa8-9805f1628bb7

Use "val_to_str()", rather than "match_strval()", in "socket_text()".

Make the source and destination socket fields enumerated types, so we
don't have to use "proto_tree_add_uint_format()" on them, and so that
you can match on them by service name.

Use lower-case letters when formatting the hex value of sockets; that's
what's done with fields not added with "proto_tree_add_XXX_format".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4046 f5534014-38df-0310-8fa8-9805f1628bb7

From Tom Uijldert: fix to the date decoding, fix a field's name, and
protocol-name cosmetic changes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4045 f5534014-38df-0310-8fa8-9805f1628bb7

From Tom Uijldert: fix the port number for Push-traffic dissecting for
WSP/WTLS.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4044 f5534014-38df-0310-8fa8-9805f1628bb7

From Mark Burton: update to the -08 draft.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4043 f5534014-38df-0310-8fa8-9805f1628bb7

DBS Etherwatch wiretap module, from Marc Milgram.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4042 f5534014-38df-0310-8fa8-9805f1628bb7

L2TP Dissconnect Cause Information AVP support, from Motonori Shindo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4041 f5534014-38df-0310-8fa8-9805f1628bb7

From Frank Singleton: catch attempts to use recursive unions or
structures.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4040 f5534014-38df-0310-8fa8-9805f1628bb7

VMS TCPIPtrace wiretap module, from Marc Milgram.

Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4039 f5534014-38df-0310-8fa8-9805f1628bb7

Add link to local mirror.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4038 f5534014-38df-0310-8fa8-9805f1628bb7

From Georg von Zezschwitz:

Fix a bug with WSP Connect requests with headers > 256 bytes
Implement attributes of WSP Suspend/Resume

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4037 f5534014-38df-0310-8fa8-9805f1628bb7

fixed bug in packet-smb-pipe.c dissect_transact_data routine. If the
aux_count_p value was NULL the program would SIGSEGV when *aux_count_p
was initially set to 0. Added NULL pointer test.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4036 f5534014-38df-0310-8fa8-9805f1628bb7

Enable building of the coseventcomm plugin on Win32.
Some of these changs are from Frank Singleton, some are mine.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4035 f5534014-38df-0310-8fa8-9805f1628bb7

The Quake3 dissector wasn't in the previous release, only users running
CVS versions would've had "quake3.udp.port" in the preferences file;
therefore, we can remove the code to map them to "quake3.udp.arena_port"
and "quake3.udp.master_port".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4034 f5534014-38df-0310-8fa8-9805f1628bb7

Update from Scott Renfro: a simple patch that adds support for FIPS
Cipher Suite identifiers.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4033 f5534014-38df-0310-8fa8-9805f1628bb7

Don't create a Wiretap dump file unless we're at least sure we support
the specified encapsulation with the specified capture file type, and
that we can allocate a "wtap_dumper *".

If we could do all that, and could create the dump file, but the
file-type-specific create routine fails (e.g., because there's not
enough disk space to write out the header), remove the dump file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4032 f5534014-38df-0310-8fa8-9805f1628bb7

Fix conversation_new description. Add descriptions for
conversation_add_proto_data, conversation_get_proto_data, and
conversation_delete_proto_data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4031 f5534014-38df-0310-8fa8-9805f1628bb7

Fixes from Steffen Weinreich:

fix the processing of the month and year fields in the SCTC
Timestamp (the month is 1-origin, so subtract 1 from it before
putting it in "tm_mon", which is 0-origin; the year is a 2-digit
field that is, at least, Y2K-safe (but Y2.1K-unsafe), so if it's
less than 90, assume it's in the 21st century);

UCP OT 50-57 messages have a fixed number of fields and a
special handling of the MT is not necessary, so get rid of that.

Also, fix a typo in a comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4030 f5534014-38df-0310-8fa8-9805f1628bb7

Fixes to take the Vendor-Specific attribute into consideration when
dissecting L2TP, from Motonori Shindo.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4029 f5534014-38df-0310-8fa8-9805f1628bb7

Make NEWS current to today (October 13).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4027 f5534014-38df-0310-8fa8-9805f1628bb7

A small patch from Moronori Shindo to fix compiles under MSVC etc ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4026 f5534014-38df-0310-8fa8-9805f1628bb7

Put the scrollbar for the scrolled window containing the CList in the
preferences dialog where the user specified, and register that scrolled
window so that if the preference is changed the scrollbar moves.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4025 f5534014-38df-0310-8fa8-9805f1628bb7

Set the data for E_{PRINT,COLUMN,STREAM,GUI}_PAGE_KEY to the notebook
page for the preferences item rather than to the frame for the
preferences item, as that's what the code in "gtk/gui_prefs.c" expects
(otherwise you get errors).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4024 f5534014-38df-0310-8fa8-9805f1628bb7

The Quake III dissector called both the arena server port preference and
the master server port preference "quake3.udp.port"; rename them to
"quake3.udp.arena_port" and "quake3.udp.master_port".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4023 f5534014-38df-0310-8fa8-9805f1628bb7

Make current up to August 31.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4022 f5534014-38df-0310-8fa8-9805f1628bb7

Get NEWS current up to July 31, update version to 0.8.20.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4021 f5534014-38df-0310-8fa8-9805f1628bb7

From Frank Singleton:

Added some functionality to idl2eth to allow C code generation
and display of CORBA IDL Enum's as symbolic values, along side
the numerical value currently being displayed.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4020 f5534014-38df-0310-8fa8-9805f1628bb7

Sigh. A MacOS X 10.1 appeared to have put out a malformed NetBIOS
session request with a length greater than 128 bytes; crank the length
limitation up to 256. (Perhaps I've misread the DNS spec or the
NetBIOS-over-TCP spec, but the request sure *looked* as if it had a
bogus second-level-encoding in the calling machine name.)

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4019 f5534014-38df-0310-8fa8-9805f1628bb7

For the SCCP message ID field, use the formerly commented-out version
with the value_string table, as per mail from Joerg.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4018 f5534014-38df-0310-8fa8-9805f1628bb7

Get rid of C++ comment.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4017 f5534014-38df-0310-8fa8-9805f1628bb7

Initial Skinny Client Control Protocol support, from Joerg Mayer.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4016 f5534014-38df-0310-8fa8-9805f1628bb7

Reduce the CinemaScope-like proportions of the preferences dialog by
getting rid of the notebook tabs and using a CTree to select pages.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4015 f5534014-38df-0310-8fa8-9805f1628bb7

Instead of saying the "manuf" file is in "/usr/local/etc/manuf", say
it's in the "etc" subdirectory of the installation directory on UNIX and
in the installation directory on Windows, and give the typical pathnames
of both of those directories.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4014 f5534014-38df-0310-8fa8-9805f1628bb7

Install the "manuf" file.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4013 f5534014-38df-0310-8fa8-9805f1628bb7

add a couple of socket numbers that seem to be consistently allocated for these services

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4012 f5534014-38df-0310-8fa8-9805f1628bb7

As UCP is atop TCP, its dissector isn't called unless there's at least
one byte in the tvbuff being handed to it, so the check I added for the
existence of that byte is unnecessary.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4011 f5534014-38df-0310-8fa8-9805f1628bb7

Remove the check I added to see whether the length of the packet, based
on the location of the UCB_ETX, is greater than the length of the tvbuff
- that can never happen, as the UCB_ETX is, as it was found, definitely
inside the tvbuff.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4010 f5534014-38df-0310-8fa8-9805f1628bb7

UCP support, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4009 f5534014-38df-0310-8fa8-9805f1628bb7

more packet types and fix some incorrect offsets and sizes in other packets

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4008 f5534014-38df-0310-8fa8-9805f1628bb7

From Joerg Mayer: explain in the "LWP isn't installed" message where you
can get LWP.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4007 f5534014-38df-0310-8fa8-9805f1628bb7

From Joerg Mayer: a patch to add 00:40:96 as an OUI for Aironet wireless
devices (which are now Cisco wireless devices, as Cisco bought Aironet).

This overrides the out-of-date assignment of 00:40:96 to Telesystems SLW
in the cavebear.com file (Telesystems SLW were bought by Telxon, who
then apparently spun off their RF division, plus Telesystems, as
Aironet).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4006 f5534014-38df-0310-8fa8-9805f1628bb7

Fix to show FN_PROFILE_WARNING14, rather than FN_PROFILE_WARNING, as
"Profile-Warning (encoding 1.4)".

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4005 f5534014-38df-0310-8fa8-9805f1628bb7

From Georg von Zezschwitz:

  - A bug related to "WSP header pages" is fixed, that
    resulted into "malformed WSP frame" alerts
  - "Concatenated PDUs" (Multiple PDUs within one UDP
    packet) are now supported (used e.g. by Nokia 8310)
  - The URL of WSP GET/POST requests is display in the
    info column, same like HTTP GET requests

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4004 f5534014-38df-0310-8fa8-9805f1628bb7

correct subtrees for redirect/refuse, alter how data packets are processed, bitfield'ize the data flag

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4003 f5534014-38df-0310-8fa8-9805f1628bb7

Use separate items for accept/etc data fields
Add support for redirect and refuse packets (however, I don't have
examples of content for these.)
Change some variable names to match the routines they are in.
Make sure to insert boolean for each packet type.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4002 f5534014-38df-0310-8fa8-9805f1628bb7

break out fields of accept packet, only print connect data if it is actually present

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4001 f5534014-38df-0310-8fa8-9805f1628bb7

expand out all fields in connect packet

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4000 f5534014-38df-0310-8fa8-9805f1628bb7

more packet types - starting work on more complete dissection of tns

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3999 f5534014-38df-0310-8fa8-9805f1628bb7

Update from Todd Sabin to the data representation decoding:

Fixes a typo in the offset used for the floating point byte
(offset should be offset+1), changes cn_drep* to just drep*
(since it's the same for connection oriented and connectionless
packets), and adds the corresponding code to the connectionless
side of things.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3998 f5534014-38df-0310-8fa8-9805f1628bb7

Decode the mailslot payload as data in some additional cases where we
didn't dissect it as some other protocol.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3997 f5534014-38df-0310-8fa8-9805f1628bb7

If the body of a mailslot message isn't decoded as anything we know
about, dump it as data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3996 f5534014-38df-0310-8fa8-9805f1628bb7

From Motonori Shindo: have CVS ignore some files generated by Win32
builds.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3995 f5534014-38df-0310-8fa8-9805f1628bb7

From Motonori Shindo:

Use hex notation in strings for ISO 8859-1 characters as keysym
names.

Fix one error in the table of keysym names.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3994 f5534014-38df-0310-8fa8-9805f1628bb7

Use longs as file offsets, so that on platforms with 64-bit "long" we
can handle capture files bigger than 2GB.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3993 f5534014-38df-0310-8fa8-9805f1628bb7

Avoid using non-ASCII characters in labels in the protocol tree - some
compilers may not interpret them as the ISO 8859/1 characters they're
intended to be, and the GUI toolkit or other software through which the
text passes might not interpret them as such, either.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3992 f5534014-38df-0310-8fa8-9805f1628bb7

Attribute the packet-x11-keysym.h fixes properly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3991 f5534014-38df-0310-8fa8-9805f1628bb7

Apply Monotori Shindo's fixes for X11 double byte chars ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3990 f5534014-38df-0310-8fa8-9805f1628bb7

Fix Monotori Shindo's attributions. I screwed up before ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3989 f5534014-38df-0310-8fa8-9805f1628bb7

Merge the two AUTHORS entries for Motonori Shindo.

Fix a typo in the AUTHORS entry for Pasi Eronen, and add him to the list
of authors in the man page.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3988 f5534014-38df-0310-8fa8-9805f1628bb7

Damn the torpedos[1], commit it anyway.

Who said that? I think I know ... F...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3987 f5534014-38df-0310-8fa8-9805f1628bb7

Have a flag in the "packet_info" structure, which indicates whether the
stuff currently being dissected is part of a packet included in an error
packet (e.g., an ICMP Unreachable packet). Have the TCP dissector not
bother doing reassembly if the TCP segment is part of an error packet,
rather than an actual TCP transmission; other dissectors might want to
treat those packets specially as well.

Add to the "tcpinfo" structure a flag indicating whether the URG flag
was set, rather than having the zero or non-zero value of the urgent
pointer indicate that. (Yes, at least as I read RFC 793, a zero urgent
pointer value isn't useful, as it means "the stuff before this segment
is urgent", but it's certainly possible to put onto the wire a TCP
segment with URG set and a zero urgent pointer.)

Don't dissect the TCP header by grabbing the entire header with
"tvb_memcpy()" and then pulling stuff out of it - extract stuff with
individual tvbuff calls, and put stuff into the protocol tree and the
Info column as we extract it, so that we can dissect a partial header.
This lets us, for example, get the source and destination ports from the
TCP header of the part of a TCP segment included in a minimum-length
ICMPv4 error packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3986 f5534014-38df-0310-8fa8-9805f1628bb7

Make several of the fields in the SMB header filterable.

Get rid of the "unknown-0xXX" entries in the "value_string" table for
SMB command codes - they make it much more painful to select one of them
in the filter-editing dialog box.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3985 f5534014-38df-0310-8fa8-9805f1628bb7

The length of an NBSS message can be bigger than 64K, so make the
variable that holds it an "int" rather than a "guint16".

Further strengthen the heuristics the NBSS dissector uses to distinguish
NBSS messages from continuations of NBSS messages.

If an frame contains an NBSS continuation, put the protocol tree item
for the continuation data under an NBSS protocol tree item.

Have the TCP dissector supply information to subdissectors via a "struct
tcpinfo" pointed to by "pinfo->private"; move the urgent pointer value
from a global variable into that structure, and add a Boolean flag that
indicates whether the data it's handing to a subdissector is reassembled
data or not.

Make the NBSS dissector check for continuations only in non-reassembled
data.

Fix the computation, in the TCP dissector, of the offset into the tvbuff
handed to the subdissector of the first byte of stuff that needs further
reassembly, and fix the computation of the sequence number corresponding
to that byte.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3984 f5534014-38df-0310-8fa8-9805f1628bb7

"packet-ipv6.c" doesn't need anything from "packet-tcp.h" or
"packet-udp.h", so it shouldn't #include them.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3983 f5534014-38df-0310-8fa8-9805f1628bb7

For requests and responses for unknown interfaces, put an entry into the
DCE RPC protocol tree for the stub data.

Use the counts of context items and transfer syntax items when
dissecting a bind or alter context PDU.

In bind and alter context PDUs, create the conversation, attach the
context ID and interface to it, and put the interface information into
the Info column as soon as the first context item is dissected, so that
if we get an exception after that, we've still processed the context ID
and interface information.

Use the count of results when dissecting a bind ack PDU.

In bind ack PDUs, dissect the transfer syntax and syntax version fields,
and put the opnum and context ID information into the Info column as
soon as it's dissected.

When dissecting a connection-oriented request or response, don't make
the tvbuff the full fragment length if we don't have that much data in
the frame being dissected. (We should do TCP reassembly there,
eventually.)

In connection-oriented response PDUs, put the opnum and context ID
information into the Info column as soon as it's dissected.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3982 f5534014-38df-0310-8fa8-9805f1628bb7

Pasi Eronen's attribution ...

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3981 f5534014-38df-0310-8fa8-9805f1628bb7

Committing Pasi Eronen's patches to dcerpc.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3980 f5534014-38df-0310-8fa8-9805f1628bb7

Committing Montonori Shindo's patched to ppp for chap support.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3979 f5534014-38df-0310-8fa8-9805f1628bb7

Commit Montori Shindo's small patch.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3978 f5534014-38df-0310-8fa8-9805f1628bb7

Make the item for NetBIOS only as long as the NetBIOS header, so that it
doesn't cover the payload.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3977 f5534014-38df-0310-8fa8-9805f1628bb7

The Wiretapped.net mirror is OK again (it was a problem with the
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3976 f5534014-38df-0310-8fa8-9805f1628bb7

The Wiretapped.net mirror is OK again (it was a problem with the
mirroring procedure, due to the Politecnico di Torino site's IIS not
being configured to allow the relevant "virtual directories" to be
listed, thus keeping Wiretapped.net from figuring out what files were
there and whether they've changed), so put back the references to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3975 f5534014-38df-0310-8fa8-9805f1628bb7

Use tvbuff routines to extract data from the SMB header.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3974 f5534014-38df-0310-8fa8-9805f1628bb7

Start the process of tvbuffifying the SMB dissector - give it a
tvbuffified heuristic-dissector interface, but have it immediately turn
its arguments into an old-style buffer pointer and offset.

Register the SMB dissector as a heuristic NetBIOS dissector, and have
"dissect_netbios_payload()" just try the heuristics, as it no longer has
to call the SMB dissector explicitly.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3973 f5534014-38df-0310-8fa8-9805f1628bb7

Have "dissect_netbios_payload()" take as an argument a tvbuff containing
only the NetBIOS payload, and have the NBSS dissector construct tvbuffs
of that sort (i.e., stop at the end of the NBSS session message, not at
the end of the data handed to the NBSS dissector).

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3972 f5534014-38df-0310-8fa8-9805f1628bb7

Re-strengthen the check for NBSS continuations, to avoid, for example,
session messages with a zero byte count.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3971 f5534014-38df-0310-8fa8-9805f1628bb7

Fix indentation.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3970 f5534014-38df-0310-8fa8-9805f1628bb7

From Todd Sabin: dissect the auth info in connection oriented dcerpc
packets.

Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors. Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead. Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.

From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3969 f5534014-38df-0310-8fa8-9805f1628bb7

Push-traffic dissecting for WSP/WTLS, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3968 f5534014-38df-0310-8fa8-9805f1628bb7

Additional Ascend codes, and IETF codes, for Radius, from Graeme Hewson.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3967 f5534014-38df-0310-8fa8-9805f1628bb7

WordCount is unsigned, so test for "WordCount != 0" rather than
"WordCount > 0".

Always put the byte count field into the protocol tree, regardless of
whether WordCount is 0 - it's not one of the word parameters counted by
WordCount, so it's present even if WordCount is 0.

Fix a "val_to_str()" call.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3966 f5534014-38df-0310-8fa8-9805f1628bb7

Base decisions on whether to dump the word parameters on the word count
value being non-zero, not on whether the error code is zero. Don't
bother passing the error code to dissectors for particular SMBs, as they
don't need to use it.

In "get_unicode_or_ascii_string()", when aligning to an even boundary,
align to an even boundary in the SMB message, not in the packet as a
whole - there's no guarantee that there are an even number of bytes in
the frame before the SMB message.

In the Info column, mark the packet as a request or response based on
the request/response bit in the Flags field, not on the matched port -
for NBIPX, the source and destination ports (IPX sockets) may be the
same, so you may not be able to determine whether it's a request or a
response based on that.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3965 f5534014-38df-0310-8fa8-9805f1628bb7

Sigh. The wiretapped.net site appears to have an old version of
WinPcap's installer (it dates back to May, meaning it may be a beta of
2.2 or may even be 2.1), so don't suggest that people go there.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3964 f5534014-38df-0310-8fa8-9805f1628bb7

We have our own internal versions of "gzgets()" and "gzgetc()", so we
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3963 f5534014-38df-0310-8fa8-9805f1628bb7

Add support for NT error codes.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3962 f5534014-38df-0310-8fa8-9805f1628bb7

Handle interim Transact2 responses correctly.

Mark interim responses as such in the Info column.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3961 f5534014-38df-0310-8fa8-9805f1628bb7

When dissecting an ICMP datagram that contains part of an IP datagram,
hand the (possibly-partial) IP datagram to the IP dissector, as we do
for IPv6 datagrams inside ICMPv6 and CLNP datagrams inside CLNP ER PDUs.

When dissecting IPv6 datagrams inside ICMPv6 and CLNP datagrams inside
CLNP ER PDUs, catch the ReportedLengthError exception and ignore it, as
they don't guarantee that all of the original PDU is present.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3960 f5534014-38df-0310-8fa8-9805f1628bb7

If the amount of available data in a UDP packet is less than the length,
as reported in the header, don't checksum the packet.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3959 f5534014-38df-0310-8fa8-9805f1628bb7

Use the right #define for the length of the CC.NEW TCP option.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3958 f5534014-38df-0310-8fa8-9805f1628bb7

Show Boolean flags as Booleans.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3957 f5534014-38df-0310-8fa8-9805f1628bb7

2.1 isn't the current version of WinPcap; don't say what the current
version is, as that's subject to change - just speak of the "latest
non-beta version".

Mention the mirrors for WinPcap and WinDump.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3956 f5534014-38df-0310-8fa8-9805f1628bb7

Make the message popped up if you try to do a capture on a Win32 machine
when wpcap.dll couldn't be loaded more detailed, in the hopes that it'll
reduce the chances that somebody will see that message and not know what
to do. Also, mention the Wiretapped.net mirror of the WinPcap site, as
the WinPcap site is all-too-often down due to networking glitches.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3955 f5534014-38df-0310-8fa8-9805f1628bb7

MMSE support, from Tom Uijldert.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3954 f5534014-38df-0310-8fa8-9805f1628bb7

If "snprintf()" can't print all the data because there's not enough
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.

It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does

n += snprintf (buf + n, BUF_LENGTH - n, ...);

may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.

The "capabilitiesStart" variable in "add_capabilities()" in the WSP
dissector is an offset into the PDU data; there's no guarantee that said
offet is < 256, and, even if there were, there's no point in making it
an 8-bit variable.

Add some additional buffer overflow checks to the WSP dissector.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3953 f5534014-38df-0310-8fa8-9805f1628bb7

If "snprintf()" can't print all the data because there's not enough
room, it might return -1 in some versions of glibc; check for that, and
quit if that happens.

It might also return the number of characters that would've been printed
had there been enough room; this means that a loop that does

n += snprintf (buf + n, BUF_LENGTH - n, ...);

may end up making "n" bigger than BUF_LENGTH, and "snprintf()" might not
sanely handle being passed a negative length, so if "n" isn't less than
the total length of the string buffer, don't add stuff to it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@3952 f5534014-38df-0310-8fa8-9805f1628bb7