Re: [Wireshark-dev] RRC Messages does not decode correctely

[Anders Broman (AL/EAB)]

Hi,
A quick fix to packet-per.c the displayed value will be wrong though.
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
(AL/EAB)
Sent: den 30 augusti 2007 15:16
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] RRC Messages does not decode correctely


Hi,
RRC is using unaligned PER I think. This is not so well tested so there
might be a problem in packet-per.c.
If you go to edit->preferences->per and tick the box about detailed per
decoding it might be possible to se if
"byte aligning" is taking place where it should not.
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 30 augusti 2007 13:09
To: Developer support list for Wireshark; Community support list for
Wireshark
Subject: [Wireshark-dev] RRC Messages does not decode correctely




Hi, 

  4a 88 02 af 20 19 75 46  6c ce 7e 62 e6 72 2a ac   
0010  10 bf 4e ff ff ff ff e7  ef f7 d2 69 ff e2 ec 04   
0020  40   

I am sending this hex dump to RRC this is a rrc connection setup
complete message. 
RRC dissector decode thsi message correctely , this is rrc connection
setup complete but does not decode whole message correctely. 

For eg in this message in Item 0 and Item 1 both are showing CS domain,
(But if same hex dump decode by another tool it decode correctely one
Item is CS domain another is PS domain). 
RRC ASN is correct. 

this type of some errors comes duringrrc decoding. 
please tell what is the problem? 

Radio Resource Control (RRC) protocol 
UL-DCCH-Message 
message: rrcConnectionSetupComplete (18) 
rrcConnectionSetupComplete 
rrc-TransactionIdentifier: 0 
startList: 2 items 
Item 0 
Item 
cn-DomainIdentity: cs-domain (0) 
start-Value: 02AF20 
Item 1 
Item 
cn-DomainIdentity: cs-domain (0) 
start-Value: 197546 
ue-RadioAccessCapability 
pdcp-Capability 
 .1.. losslessSRNS-RelocationSupport:
True 
supportForRfc2507: supported (1) 
supported: by1024 (1) 
rlc-Capability 
totalRLC-AM-BufferSize: kb500 (5) 
maximumRLC-WindowSize: mws4095 (1) 
maximumAM-EntityNumber: am4 (1) 
transportChannelCapability 
dl-TransChCapability 
maxNoBitsReceived: b20480 (9) 
maxConvCodeBitsReceived: b163840 (12) 
turboDecodingSupport: supported (1) 
supported: Unknown (15) 
maxSimultaneousTransChs: e16 (2) 
maxSimultaneousCCTrCH-Count: 4 
maxReceivedTransportBlocks: tb8 (1) 
maxNumberOfTFC: tfc512 (7) 
maxNumberOfTF: tf64 (1) 
ul-TransChCapability 
maxNoBitsTransmitted: b20480 (9) 
maxConvCodeBitsTransmitted: b163840 (12)

turboEncodingSupport: supported (1) 
supported: b1280 (1) 
maxSimultaneousTransChs: e8 (2) 
modeSpecificInfo: tdd (1) 
tdd 
maxSimultaneousCCTrCH-Count: 3 
maxTransmittedBlocks: Unknown (11) 
maxNumberOfTFC: dummy1 (0) 
maxNumberOfTF: tf128 (2) 
rf-Capability 
physicalChannelCapability 
tddPhysChCapability 
downlinkPhysChCapability 
maxTS-PerFrame: 8 
maxPhysChPerFrame: 234 
minimumSF: sf16 (1) 
 ..1. supportOfPDSCH: True 
maxPhysChPerTS: 8 
uplinkPhysChCapability 
maxTS-PerFrame: 16 
maxPhysChPerTimeslot: ts2 (1) 
minimumSF: Unknown (7) 
...1  supportOfPUSCH: True 
ue-MultiMo

Re: [Wireshark-dev] RRC Messages does not decode correctely

[Anders Broman (AL/EAB)]

Hi,
RRC is using unaligned PER I think. This is not so well tested so there
might be a problem in packet-per.c.
If you go to edit->preferences->per and tick the box about detailed per
decoding it might be possible to se if
"byte aligning" is taking place where it should not.
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 30 augusti 2007 13:09
To: Developer support list for Wireshark; Community support list for
Wireshark
Subject: [Wireshark-dev] RRC Messages does not decode correctely




Hi, 

  4a 88 02 af 20 19 75 46  6c ce 7e 62 e6 72 2a ac   
0010  10 bf 4e ff ff ff ff e7  ef f7 d2 69 ff e2 ec 04   
0020  40   

I am sending this hex dump to RRC this is a rrc connection setup
complete message. 
RRC dissector decode thsi message correctely , this is rrc connection
setup complete but does not decode whole message correctely. 

For eg in this message in Item 0 and Item 1 both are showing CS domain,
(But if same hex dump decode by another tool it decode correctely one
Item is CS domain another is PS domain). 
RRC ASN is correct. 

this type of some errors comes duringrrc decoding. 
please tell what is the problem? 

Radio Resource Control (RRC) protocol 
UL-DCCH-Message 
message: rrcConnectionSetupComplete (18) 
rrcConnectionSetupComplete 
rrc-TransactionIdentifier: 0 
startList: 2 items 
Item 0 
Item 
cn-DomainIdentity: cs-domain (0) 
start-Value: 02AF20 
Item 1 
Item 
cn-DomainIdentity: cs-domain (0) 
start-Value: 197546 
ue-RadioAccessCapability 
pdcp-Capability 
 .1.. losslessSRNS-RelocationSupport:
True 
supportForRfc2507: supported (1) 
supported: by1024 (1) 
rlc-Capability 
totalRLC-AM-BufferSize: kb500 (5) 
maximumRLC-WindowSize: mws4095 (1) 
maximumAM-EntityNumber: am4 (1) 
transportChannelCapability 
dl-TransChCapability 
maxNoBitsReceived: b20480 (9) 
maxConvCodeBitsReceived: b163840 (12) 
turboDecodingSupport: supported (1) 
supported: Unknown (15) 
maxSimultaneousTransChs: e16 (2) 
maxSimultaneousCCTrCH-Count: 4 
maxReceivedTransportBlocks: tb8 (1) 
maxNumberOfTFC: tfc512 (7) 
maxNumberOfTF: tf64 (1) 
ul-TransChCapability 
maxNoBitsTransmitted: b20480 (9) 
maxConvCodeBitsTransmitted: b163840 (12)

turboEncodingSupport: supported (1) 
supported: b1280 (1) 
maxSimultaneousTransChs: e8 (2) 
modeSpecificInfo: tdd (1) 
tdd 
maxSimultaneousCCTrCH-Count: 3 
maxTransmittedBlocks: Unknown (11) 
maxNumberOfTFC: dummy1 (0) 
maxNumberOfTF: tf128 (2) 
rf-Capability 
physicalChannelCapability 
tddPhysChCapability 
downlinkPhysChCapability 
maxTS-PerFrame: 8 
maxPhysChPerFrame: 234 
minimumSF: sf16 (1) 
 ..1. supportOfPDSCH: True 
maxPhysChPerTS: 8 
uplinkPhysChCapability 
maxTS-PerFrame: 16 
maxPhysChPerTimeslot: ts2 (1) 
minimumSF: Unknown (7) 
...1  supportOfPUSCH: True 
ue-MultiModeRAT-Capability 
multiRAT-CapabilityList 
 1... supportOfGSM: True 
 .1.. supportOfMulticarrier: True 
multiModeCapability: Unknown (3) 
securityCapability 
cipheringAlgorithmCap:  
   

[Wireshark-dev] Build bot failing.

[Anders Broman (AL/EAB)]

Hi,
Currently the build bot is failing with:
packet-pana.c(677) : error C2220: warning treated as error - no object
file generated packet-pana.c(677) : warning C4244: '=' : conversion from
'unsigned short ' to 'unsigned char ', possible loss of 

The fix might be
Change line 633
To 
   guint16 pana_res;
/Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] RE : Wireshark launching problem

[Anders Broman (AL/EAB)]

Hi,
When running Wireshark in the build environment the simplest way is to do:
wireshark-gtk2/wireshark from the prompt as the build process will copy all 
needed files to ../wireshark-gtk2
 
Regards
Anders



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of aziz asniba
Sent: den 17 augusti 2007 14:33
To: Developer support list for Wireshark
Subject: [Wireshark-dev] RE : Wireshark launching problem


Hi Vaibhav,

I had the same issue then I put the libgtk-0.dll in the folder where the .exe 
file is situated.You can found it under ..\wireshark-win32-libs\gtk+\lib\.

Hope it will help.
best Regards.
Aziz

[EMAIL PROTECTED] a écrit : 





Hi,
I made new new wireshark.exe. If I run that exe it gives error "This
Application has failed to start because libgtk-0.dll was not found.
Re-installing the application may fix this problem".
But the original exe those comes with setup it works fine.

please tell what is the problem.



Thanks & Regards,
Vaibhav

*** Aricent-Unclassified ***

"DISCLAIMER: This message is proprietary to Aricent and is intended 
solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. 
If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by 
this
email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev





Ne gardez plus qu'une seule adresse mail ! Copiez vos mails 
  vers Yahoo! Mail 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Wiki problem

[Anders Broman (AL/EAB)]

Hi,
On Ethereal Wiki page corresponding to
http://wiki.wireshark.org/Asn2wrs?highlight=%28asn2wrs%29 there are some
links explaning the
Use of some directives like #.END these pages exists on wiresharks Wiki
http://wiki.wireshark.org/FindPage?action=fullsearch&context=180&value=%
23.&titlesearch=Str%C3%A1nky but making alink like ["#.END"] does not
work.
Does any one know how to fix this?

Regards
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Dissectors for SMS over GPRS-LLC

[Anders Broman (AL/EAB)]

Hi,
I think you are right and a start could be to separate out the SMS parts
then. I'm busy on other stuff right now so I'm not able to take it on 
.
An Idea might be to discuss the interfaces and decide how we'd want it
to look and what names to use ,there is a lot of interconection between
the GSM/UMTS dissectors at the moment and probably duplicated code.
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Neil Piercy
Sent: den 16 augusti 2007 17:57
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissectors for SMS over GPRS-LLC


IMHO the gsm_a is really about four protocol dissectors which are too
inter-mixed in the one huge file, and should really all be in separate
files and with "proper" wireshark linkage between them. The clue is in
the name: it contais the set of protocols carried over the A interface,
not one protocol.
 
I'd support (and might be able to help with) such a separation.
 
Neil




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
(AL/EAB)
Sent: 16 August 2007 16:03
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissectors for SMS over GPRS-LLC


Hi,
>some SMS Control Protocol (SMS CP) fields are included in GSM A
DTAP dissector, but not the whole protocol.
Should all SMS-CP dissection be done by the new dissector or
perhaps the code moved into packet-gsm_a.c ?
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Cyrille Colin
Sent: den 16 augusti 2007 16:10
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Dissectors for SMS over GPRS-LLC



Hi 

SMS msg can be carried over packet switched GPRS, and I am
trying to have Wireshark decode SMS carried on GPRS LLC protocol (SAPI
7). 

The stack is the following: 

  --- 
 | sms msg |
  --- 
 | sms T-PDU  | --> dissector exists (gsm_sms) in
packet-gsm_sms.c 
  --- 
 | sms RP   |   --> dissector exists (gsm_a_rp)
in packet-gsm_a.c 
  --- 
 | sms CP   |   
  --- 
 | GPRS LLC   | --> dissector exists  (gprs-llc) in
packet-gprs-llc.c 
  --- 

some SMS Control Protocol (SMS CP) fields are included in GSM A
DTAP dissector, but not the whole protocol. 

So I basically wrote a small plugin for SMS CP -following the
dev guidelines-, and linked to GPRS-LLC and SMS-RP and it works fine. 


The questions are: 
- is there any interest in having this submitted back to the
Wireshark source ? 
- if it is the case, what is the best practice (plugin, native)
and recommendations for the dissector calls - restrain the calls to be
within the new protocol code, or rather use call_dissector() etc in
other dissectors, which implies a small diff on other dissectors too.


Thks, and btw I found the developper doc extremely useful -many
thks to the author(s). 

Cyrille 
  

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Dissectors for SMS over GPRS-LLC

[Anders Broman (AL/EAB)]

Hi,
>some SMS Control Protocol (SMS CP) fields are included in GSM A DTAP
dissector, but not the whole protocol.
Should all SMS-CP dissection be done by the new dissector or perhaps the
code moved into packet-gsm_a.c ?
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Cyrille Colin
Sent: den 16 augusti 2007 16:10
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Dissectors for SMS over GPRS-LLC



Hi 

SMS msg can be carried over packet switched GPRS, and I am trying to
have Wireshark decode SMS carried on GPRS LLC protocol (SAPI 7). 

The stack is the following: 

  --- 
 | sms msg |
  --- 
 | sms T-PDU  | --> dissector exists (gsm_sms) in
packet-gsm_sms.c 
  --- 
 | sms RP   |   --> dissector exists (gsm_a_rp) in
packet-gsm_a.c 
  --- 
 | sms CP   |   
  --- 
 | GPRS LLC   | --> dissector exists  (gprs-llc) in
packet-gprs-llc.c 
  --- 

some SMS Control Protocol (SMS CP) fields are included in GSM A DTAP
dissector, but not the whole protocol. 

So I basically wrote a small plugin for SMS CP -following the dev
guidelines-, and linked to GPRS-LLC and SMS-RP and it works fine. 


The questions are: 
- is there any interest in having this submitted back to the Wireshark
source ? 
- if it is the case, what is the best practice (plugin, native) and
recommendations for the dissector calls - restrain the calls to be
within the new protocol code, or rather use call_dissector() etc in
other dissectors, which implies a small diff on other dissectors too.


Thks, and btw I found the developper doc extremely useful -many thks to
the author(s). 

Cyrille 
  

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] ANSI TCAP

[Anders Broman (AL/EAB)]

Hi,
As I'm rewriting the ANSI TCAP dissector I'm wondering if we have any
other subdissector to ANSI TCAP than ANSI MAP currently?
If not then the "sub dissector lookup" function could be left out until
needed. Or at least be a bit more crudly done.
Regards
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Query regrading RRC decoder

[Anders Broman (AL/EAB)]

Hi,
The RRC dissector is kind of standalone now and only called for some RRC
messages tunneled in GSM MAP
(I think it was) but can be called by name from any other dissector.

I don't have any deeper knowledge of the GSM/UMTS protocol stack on the
Iu(?) interfaces.
From your previous posts I guess that you want to decode those messages
sent over UDP
Are those messages generated by a trace tool or some Nokia proprietary
solution or specified by
3GPP in some spec (which?).

Again from previous post it sounded like those messages are
UDP/FP/MAC/RRC?

Wireshark can't decode these messages without code changes.

If you would want to atempt those code changes  from Martin's post I
infer that the
FP part could be dissected by the UMTS FP dissector(I forgot the name of
the file) providing
Some additional information was given to the dissector by preferences or
a intermediate
Dissector for the UDP trace or transport format used by your
application.

I don't think we have a MAC (3GPP spec ref?) dissector so one have to be
written.
Some one mentioned that this layer may be Encrypted. Is that the case
for your trace?
If so you might have to add decryption to get to RRC.

It would be easier to anser your questions given some more background.
Reagrds
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 16 augusti 2007 11:52
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Query regrading RRC decoder






Hi,

wireshark 0.99.6 have a RRC decoder but I want to know RRC decoder how
to work.
Means, RRC seating over which protocol.
If I wants to RRC over FP it is possible or not.


Thanks & Regards,
Vaibhav

***  Aricent-Unclassified   ***

"DISCLAIMER: This message is proprietary to Aricent  and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [PATCH] Adding RTSE reassembly

[Anders Broman (AL/EAB)]

Hi,
Note that TPKT is used for other things as well Q.931/H323...
Best regards
Anders



Från: [EMAIL PROTECTED] genom Graeme Lunt
Skickat: må 2007-06-25 14:53
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] [PATCH] Adding RTSE reassembly



Stig,

On 25/06/07, Stig Bjørlykke <[EMAIL PROTECTED]> wrote:
> 2007/6/24, Graeme Lunt <[EMAIL PROTECTED]>:
> > I made a slight change so that the RTSE preferences are grouped under OSI.
>
> What happened with the plans moving all OSI dissector preferences to this 
> group?

I still plan to do it.
In the first instance it would be to move TPKT, COTP, CLNP directly under OSI.
Any others?

Graeme
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Fwd: [PATCH] FTBP: ContentsTypeParameterandRelationship are OPTIONAL

[Anders Broman (AL/EAB)]

Hi,
As you may have noted Tomas Kukosa and I are trying to improve ans2wrs to make 
it possible to
process asn1 files unchanged to make it esaier to maintain and update asn1 
based dissectorsa and
Of course to create new ones.

The BER dissectors will also be changed to use the "field based"(?),method (-X 
option) to produce less code.
Tomas has also tried to solve the problem with tagged types (-T option). It 
should also be easier
to produce a single dissector from multiple asn1 files (see GSM MAP).

I guess the only reason to change existing stuff is if it produces less code, 
make future updates less
difficult or makes the relation ships easier to understand. For the TELCO stuff 
at least there is
relativly frequent updates to the protocols which makes that atractive(MAP 
CAMEL INAP etc).

The only argument I have regarding FTBP is that "FTBP" doesn't say much of what 
it does or belongs,
where as if it was part of X.420 that would be clearer.

Unfortunatly I think that the dissector does not yet compile with unchanged 
asn1 code but that may change.

But the question extends to X.509x is there a good reason to have them splitted 
or should it
All be in one X.509 dissector? I tested X.509 unchanged as well but there is 
still problems with asn2wrs
To sort out.

If you could try to recompile them (unchanged) with -X and -T option and report 
anny problems that'd
help things along.
Help with the OSI stuff would also be apriciated.
Regards
Anders


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graeme Lunt
Sent: den 21 juni 2007 16:20
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Fwd: [PATCH] FTBP: 
ContentsTypeParameterandRelationship are OPTIONAL

Hi,

On 21/06/07, Stig Bjørlykke <[EMAIL PROTECTED]> wrote:
> 2007/6/14, Anders Broman <[EMAIL PROTECTED]>:
> > I there a reason why this is a separate dissector and not included 
> > in X.420 as it seems to belong in the same set of asn1 files?
>
> I don't know.  This dissectors where made by Graeme Lunt, maybe he had a 
> reason?

Yes. It was me. Guilty as charged.

I made it a separate dissector following the example of the x509* dissectors.
However, if it is beneficial to move it to x420 (which is very
straight-forward) I will happily do so. Let me know.

Graeme
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] linking error for rval_to_str function

[Anders Broman (AL/EAB)]

Hi,
Is rval_to_str defined in libwireshark.def?
/Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stratemeier,
Frank
Sent: den 21 juni 2007 15:19
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] linking error for rval_to_str function


Hi Community,
 
when I try to use the rval_to_str function in my plugin (build for
wireshark version 0.99.5 with MSVC 2005) nmake returns the following
message:
packet-jetip.obj : error LNK2019: unresolved external symbol
_rval_to_str referenced in function _dissect_reply

Nevertheless, calls to val_to_str are working without any problems and
those two functions are defined in the same file! :o
Any ideas about this?
 
Regards,
Frank
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] gsmmap asn1 directory

[Anders Broman (AL/EAB)]

 
Florent Drouin Wrote:
>-Original Message-
>From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Florent Drouin
>Sent: den 19 juni 2007 14:29
>To: Developer support list for Wireshark
>Subject: Re: [Wireshark-dev] gsmmap asn1 directory
>
>Hi,
>
>Thank's again for the correction.
>I do not see the warning anymore, but the display of the Facility is
not bellow the facility itself, but at the end of >the tree.
>It's not a problem, but it looks strange..

I'll change it back to the  way it was...

>I found an other problem with a recent correction of the "Forward SM" 
>message.
>The message for MAP v2, has not the same name as for MAP v3 (a bug was
opened for this).
>With the new ASN1 file, we should not use the old definition
"gsm_old_GSMMAPOperationLocalvalue_vals", but the new one, >else the
correction is lost, and we see mo-forwardSM instead of forwardSM  as
message name.
>
><<
>const gchar* gsm_map_opr_code(guint32 val) {
>  switch (val) {
>  case 44: /*mt-forwardSM*/
>  case 46: /*mo-forwardSM*/
>if (application_context_version == 3) {
>  return val_to_str(val, gsm_map_V3_opr_code_strings, "Unknown
GSM-MAP (%u)");
>}
>/* Else use the default map operation translation */
>  default:
>return val_to_str(val, *gsm_map_opr_code_strings*, "Unknown GSM-MAP
opcode (%u)");
>break;
>  }
>}
> >>
The "problem" is that gsm_map_opr_code_strings does not contain all the
opcode values
"gsm_old_GSMMAPOperationLocalvalue_vals" is created from dummy asn1 code
which holds all opcodes
Perhaps the code can be reversed to show "old" values in case of Version
<3 I'd also like to get rid
Of gsm_map_opr_code_strings as it's a subset of
"gsm_old_GSMMAPOperationLocalvalue_vals".
Hopfully we'll be able to auto generate the value_string from asn2wrs
soon.

>In the attached sample of forwardSM, you can see the Forward-SM, and
two additional problems of decoding for  "SMS 
>Deliver Report". These problems of decoding for sm-RP-UI are not new,
because there are related to the packet-gsm_sms.c >module.
>What is new, with the new ASN1 file, is that the sm-RP-UI is not
decoded for the mo/mt-forwardSM.
>I think the gsmmap.cnf should be updated to call the sms dissector, as
it is done for ForwardSM.

I'll look into it.

>And at least :-), could you update the Unix Makefile to use gsmmap.cnf
and not gsm_map.cnf.
Will do, something whent astray when moving over to the new asn1
files...
Regards
Anders

Anders Broman wrote:
> Hi,
> I Believe I fixed all exept:
>   
>> - and one with a Facility with Forward CUG info. For this problem, 
>> this is only a display problem, as the information is correctly 
>> decoded, but a Warning is displayed at the end of the decoding.
>> 
> I see no warning :(
>
> Regards
> Anders
>
>   
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Error: wireshark.exe is not a valied Win32application

[Anders Broman (AL/EAB)]

Hi,
What version of Wireshark are you trying to build?
From SVN, tarball, 0.99.5 sources?
There was some discussions previously about "manifest" files missing
from the installer.
Which may be fixed now.
Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Lindberg
Sent: den 14 juni 2007 17:24
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Error: wireshark.exe is not a valied
Win32application

I am using MS C++ 2005 Express Edition with the platform SDK (Version
3790.2075).

All compiles and packages fine with no errors.

After packaging and installing on a W2k machine, it responds as above.

I am using the the updated C++ 2005 vcredist.  Using the newest fixw the
same prolblem on a WXP system.

What is going on?  I have tried the solution of creating a directory
Microsoft.VC80.CRT as suggested in another email, but that was not
successfull.

There is on the W2K system the winsxs directory with all of the
necessary subdirectories with DLLs in them.

Any suggestions would be great.

Alex Lindberg
alindberyahoo.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] gsmmap asn1 directory

[Anders Broman (AL/EAB)]

Hi,
Will try to fix it this evening.
Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Florent Drouin
Sent: den 15 juni 2007 10:34
To: Developer support list for Wireshark
Subject: [Wireshark-dev] gsmmap asn1 directory

Hello,

I wanted to make a change in the gsmmap template files, for the
SendAuthentication InfoArgOld.
But I can not generate the files again from the ASN1 directory.
I did update the Unix Makefile to have the same inputs as the windows
one, but it doesn't work.
I think the gsmmap.cnf is not up to date, and it seems not to be used by
the Makefile.

Could you check if the MAP asn1 directory is up to date ?

Thanks in advance
Regards
Florent

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] FW: [Wireshark-commits] rev 22100: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-catapult-dct2000.c

[Anders Broman (AL/EAB)]

 Hi,
Still no go :(
packet-catapult-dct2000.c
packet-catapult-dct2000.c(384) : error C2220: warning treated as error -
no obje
ct file generated
packet-catapult-dct2000.c(384) : warning C4244: '=' : conversion from
'unsigned
short ' to 'unsigned char ', possible loss of data
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual
Studio\VC98\Bin\N
MAKE.EXE"' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual
Studio\VC98\Bin\N
MAKE.EXE"' : return code '0x2'
Stop.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 14 juni 2007 14:43
To: [EMAIL PROTECTED]
Subject: [Wireshark-commits] rev 22100: /trunk/epan/dissectors/
/trunk/epan/dissectors/: packet-catapult-dct2000.c

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=22100

User: martinm
Date: 2007/06/14 12:43 PM

Log:
 Try again!

Directory: /trunk/epan/dissectors/
  ChangesPath Action
  +34 -30packet-catapult-dct2000.cModified

___
Wireshark-commits mailing list
[EMAIL PROTECTED]
http://www.wireshark.org/mailman/listinfo/wireshark-commits
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Fwd: [PATCH] FTBP: ContentsTypeParameter andRelationship are OPTIONAL

[Anders Broman (AL/EAB)]

Hi,
Could you test to regenerate the dissector with the -X and -T options set?
../../tools/asn2wrs.py" -b -X -T -e -p 
Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stig Bjørlykke
Sent: den 14 juni 2007 09:44
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Fwd: [PATCH] FTBP: ContentsTypeParameter 
andRelationship are OPTIONAL

Hi.

Resending this patch as nobody had a look at it before.


-- Forwarded message --
From: Stig Bjørlykke <[EMAIL PROTECTED]>
Date: 16.mai.2007 10:10
Subject: [PATCH] FTBP: ContentsTypeParameter and Relationship are OPTIONAL
To: wireshark-dev@wireshark.org


Hi.

ContentsTypeParameter and Relationship are OPTIONAL as they are defined with a 
DEFAULT.


--
Stig Bjørlykke
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Info column prints

[Anders Broman (AL/EAB)]

Hi,
See README.developer 1.5.8 The col_set_fence...
Regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Amit Khullar
Sent: den 11 juni 2007 15:07
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Info column prints



Hi, 

 

I have a proprietary dissector for a proprietary protocol which encloses
a Q931 packet.

When I dissect the packet and place some information in the INFO column,
and then pass the packet to the standard Q931 dissector, it clears of
the INFO column and updates its own results.

I want to preserve my information and then allow Q931 to append to it.
Can this be done ? 

Q931 is a built-in dissector hence I donot want to modify it. 

I was thinking more on the lines to retrieve the complete string in the
INFO column, after Q931 dissection and then re-format it such that I
append Q931 INFO string to my information and then print it in the INFO
column. Is this a possibility ?

 

Would appreciate any help/pointers in this regard.

 

Cheers

Amit

 

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] how to make tcap subdissector in plugin

[Anders Broman (AL/EAB)]

Hi,
If you send a diff -u of the required changes to libwireshark.def as a patch it 
will be considered for
inclusion I think.
Regards
Anders



Från: [EMAIL PROTECTED] genom yin sun
Skickat: to 2007-06-07 16:16
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] how to make tcap subdissector in plugin



This is what I ended up doing. Copy paste TCAP and GSMMAP code into
plugin and add my private opcode handling. Why do I need private
opcode. Probably I don't understand how  can I utilize this extension
container as mentioned below. In my case what I need is switch to a
new opcode such as 0xff, then dissect a bunch of private parameters.
Are then defined in 3GPP maybe or maybe not. I think the problem I had
is generic.

Someone wants to have something new for wireshark, and the new thing
is easier to deploy under plugin. But it needs to inherit
implementation from build-in dissector.

Thanks,
/Yin


On 6/6/07, Anders Broman <[EMAIL PROTECTED]> wrote:
> Hi,
> I suppose this means you have to rebuild the complete MAP
> Dissector as a plugin adding your opcode(s) if the opcode isn't
> clashing with the existing ones perhaps it can be added to the existing MAP
> dissector.
>
> Why do you feel the you need to add private opcodes to MAP
> instead of using the existing ones adding extension containers for any
> private data needed or work with 3GPP to get the new opcodes you need
> added to MAP.
> Regards
> Anders
>
> -Ursprungligt meddelande-
> Från: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] För yin sun
> Skickat: den 5 juni 2007 21:13
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] how to make tcap subdissector in plugin
>
> It is a private opcode to MAP.
>
> /Yin
>
> On 6/5/07, Anders Broman <[EMAIL PROTECTED]> wrote:
> > Hi,
> > Is it a private opcode to MAP or something missing from MAP?
> > Regards
> > Anders
> >
> > -Ursprungligt meddelande-
> > Från: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] För yin sun
> > Skickat: den 5 juni 2007 20:59
> > Till: Developer support list for Wireshark
> > Ämne: [Wireshark-dev] how to make tcap subdissector in plugin
> >
> > Hello developer,
> >
> > I have made the FooPage example working for plugin. Now I want to have
> > a plugin similar to GSM-MAP but as a plugin. Basically this plugin
> > will provide decoder for new opcode. The problem is, to register under
> > tcap I have to call add_itu_tcap_subdissector as I read from gsmmap
> > code. And this function is defined in dissectors.lib, which is not
> > visible to plugin. So the question is
> > 1. Can we in general make all the functions in dissectors accessible to
> > plugin.
> > 2. where should we draw a line between dissector and plugin.
> >
> > Thanks,
> > /Yin
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] problems building in win32 environment

[Anders Broman \(AL/EAB\)]

Hi,
That was a fault in a recent checkin of sctp_graph_dlg.c i think (resloved 
later) try a SVN update
and rebuild.
Regards
Anders



Från: [EMAIL PROTECTED] genom Brian Vandenberg
Skickat: on 2007-05-23 01:32
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] problems building in win32 environment



  I've ran into two problems building in win32.  One machine using
vs2005, the other vs6.

  The 2005 machine threw an error when trying to do the xcopy operation
on line 475 of makefile.nmake, saying invalid # of parameters.  I was
able to fix this by changing ZLIB_DIR to use \s instead of /s, but I'm
guessing the /s were intentional for some reason so a better(?) fix may
be best.

  The other error is when building sctp_graph_dlg.c, on line 366, it says:

sctp_graph_dlg.c(366) : error C2220: warning treated as error - no
object file generated
...
Generating code...
NMAKE : Fatal error U1077: 'cl' : return code '0x2'
(yada yada)

   I'm unsure of the cause for this.  I already have HHC_DIR commented
out in config.nmake ... haven't found a way to resolve this yet.

-Brian
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] How to get my dissector called?

[Anders Broman \(AL/EAB\)]

Hi,
What Ethernet type does your protocol use? You should register your dissector 
for that type.
Regards
Anders



Från: [EMAIL PROTECTED] genom Kevin Jones
Skickat: må 2007-05-21 15:37
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] How to get my dissector called?


Hi,
 
What about a dissector gets it called when Wireshark is looking to disect a 
packet. I'm writing a dissector for a protocol on top of the ethernet layer. 
Right now I'm using the example in the developers guide just to see if I can 
get the program to call the example... but it doesn't seem to even when all of 
the other protocols (except Ethernet) are disabled. It is a pretty simple 
protocal that runs at layer 3 over ethernet II, so I think it'd be pretty easy 
to implement... Let me know if more info is needed or if you guys have any 
suggestions. 
 
Thanks in advance!
Kevin
<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] questions about conversations

[Anders Broman \(AL/EAB\)]

Hi,
If there is stuff that should only be done once you can use:
if((!pinfo->fd->flags.visited)
See packet-uma.c

Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Noinski
Sent: den 16 maj 2007 11:57
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] questions about conversations

Hi,


I'm writing my own dissector and I've been quite successful, but lately
I wanted to add some dynamic analysis (based on info from other packets)
and I stumbled into some problems.

All I know about conversations is from README.developer.
My dissector works well if it's called once for each frame, in correct
order. The problems start when I click on a frame in Wireshark window -
then my dissector is called for this frame again, _twice_.

I guess it's the correct behaviour that the dissector is called several
times, so my main question is:
What is the suggested way to make sure the  dissection result is the
same in the first dissector call and the later ones (when I click)?


Also:

Is the conversation data somehow saved for each frame when it changes or
is there always exactly one such data structure for one conversation in
the program?

Is there an easy way to tell my dissector is being run the first time
for a specific frame (i.e. just after capture, not after filtering or
after clicking on a packet)?

Why is the dissector called twice with every click on a frame in the
Wireshark window - is this the desired behaviour?


Thanks in advance,

Noix
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits]rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.cpacket-ber.c

[Anders Broman \(AL/EAB\)]

Hi,
Thanks, I'll check if I have any traces and send them privatly.
Regards
Anders



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 7 maj 2007 13:19
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] 
[Wireshark-commits]rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.cpacket-ber.cpacket-ber.hpacket-camel.c
 ...


Hi,
 
the T.38 is PER dissector, i.e. it is not involved in changes in BER.
BTW T.38 has been automatically generated since last week.
 
I will make changes into asn2wrs activable with commandline option -X.
 
@Anders, dou you have available any RNSAP traces?
 
 
Regards,
  Tomas



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman 
(AL/EAB)
Sent: Monday, May 07, 2007 10:21 AM
To: Developer support list for Wireshark
Subject: SV: [Wireshark-dev] [Wireshark-commits] 
rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.c
 packet-ber.cpacket-ber.hpacket-camel.c ...


Hi,
Could you do the asn2wrs changes and send me the file then I could do some 
experiments and
see how much work is involved? At least you have taken care of T38 then there 
is Kerberos
and some gsm stuff so it might not be to difficult.
Regards
Anders



Från: [EMAIL PROTECTED] genom Kukosa, Tomas
Skickat: må 2007-05-07 09:42
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] [Wireshark-commits] 
rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.c
 packet-ber.cpacket-ber.hpacket-camel.c ...



Hi,

BTW when you are making such large changes do not you think about
changing of packet-ber from "field oriented" to "type oriented"?

I.e. replacing

 field_function() {
   type_function(hf_field);
 }
 sequence_structure[] = {
  {..., field_function},
 }

with code

 sequence_structure[] = {
  {&hf_field, ..., type_function},
 }

I did the same for PER last year and generated code is much shorter.

Unfortunately it will be probaly very hard for BER as there are much BER
code written by hands which can not be regenerated but has to be
changed.

regards,
  Tomas


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
(AL/EAB)
Sent: Monday, May 07, 2007 8:57 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev
21705:/trunk//trunk/plugins/asn1/:
asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacke
t-acp133.c packet-acse.cpacket-ansi_map.c packet-ber.cpacket-ber.h
packet-camel.c ...

Hi,
I thought as much but there is still a lot of work to get the actx into
all the BER dissecors. I'm taking it a step
At the time.
Regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 7 maj 2007 07:58
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 21705:
/trunk//trunk/plugins/asn1/: asn1.h
packet-asn1.c/trunk/epan/dissectors/:
packet-MAP_DialoguePDU.cpacket-acp133.c packet-acse.c packet-ansi_map.c
packet-ber.cpacket-ber.h packet-camel.c ...

Hello Anders,

I had not checked X.690 (BER) specification before I defined PER
external structures in asn1_ctx_t.
I expected BER uses encoding based on X.680 definition.

I think we could merge most of PER and BER items in external structure.

I will move PER items one layer upper and you can reuse them later in
BER too.

Regards,
  Tomas


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, May 07, 2007 12:34 AM
To: [EMAIL PROTECTED]
Subject: [Wireshark-commits] rev 21705: /trunk/ /trunk/plugins/asn1/:
asn1.h packet-asn1.c /trunk/epan/dissectors/: packet-MAP_DialoguePDU.c
packet-acp133.c packet-acse.c packet-ansi_map.c packet-ber.c
packet-ber.h packet-camel.c ...

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=21705

User: etxrab
Date: 2007/05/06 10:34 PM

Log:
 Start introducing actx to ber functions.

Directory: /trunk/plugins/asn1/
  ChangesPath Action
  +45 -0 asn1.h   Modified
  +0 -1  packet-asn1.cModified

Directory: /trunk/epan/dissectors/
  ChangesPath Action
  +20 -20packet-MAP_DialoguePDU.c Modified
  +56 -56packet-acp133.c  Modified
  +103 -103  packet-acse.cModified
  +501 -501  packet-ansi_map.cModified
  +13 -10packet-ber.c Modified
  +2 -1  packet-ber.h Modified
  +434 -434  packet-

Re: [Wireshark-dev] [Wireshark-commits]rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.cpacket-ber.c

[Anders Broman \(AL/EAB\)]

Hi,
You are probably right. As with other stuff where "hand" made BER/PER code is 
used
I have made dummy files to let asn2wrs create the code to cut-and-paste to 
where needed
Should we check that type of code in some where and if so where?
/asn1/helpers/
/ros
/kerberos
/...

Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ronnie sahlberg
Sent: den 7 maj 2007 11:20
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] 
[Wireshark-commits]rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.cpacket-ber.cpacket-ber.hpacket-camel.c
 ...

Is it really worth it to asn2wsr'ify the kerberos dissector?

First, the dissector currently handles two different versions of kerberos, both 
the "standard" 1510 ASN but also the slightly different ASN used by packetcable.

Second, the dissector as it is today is almost complete and dissects virtually 
the entire asn for both dialects of kerberos we support, so asn2wrs'ifying it 
will not really increase the coverage of it.

Third, the dissector contains a lot of special stuff that vendors
(==ms) added to kerberos that is not ans1 defined,things such as
storing nt_status codes inside salt fields and also calling off to NDR stuff 
like the PAC in w2k domains

Fourth, there is a lot of code to handle the decryption feature  which also 
ties into the various places where krb is used un conjunction with gss-api for 
decryption of packets (== dcerpc and secure ldap)


maybe it is easier and less work to just handmassage the existing dissector to 
use the new signatures instead of asn2wrs'ifying it ?



On 5/7/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
> Hi,
> Could you do the asn2wrs changes and send me the file then I could do 
> some experiments and see how much work is involved? At least you have 
> taken care of T38 then there is Kerberos and some gsm stuff so it might not 
> be to difficult.
> Regards
> Anders
>
> 
>
> Från: [EMAIL PROTECTED] genom Kukosa, Tomas
> Skickat: må 2007-05-07 09:42
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] [Wireshark-commits] 
> rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.c
>  packet-ber.cpacket-ber.hpacket-camel.c ...
>
>
>
> Hi,
>
> BTW when you are making such large changes do not you think about 
> changing of packet-ber from "field oriented" to "type oriented"?
>
> I.e. replacing
>
>  field_function() {
>type_function(hf_field);
>  }
>  sequence_structure[] = {
>   {..., field_function},
>  }
>
> with code
>
>  sequence_structure[] = {
>   {&hf_field, ..., type_function},
>  }
>
> I did the same for PER last year and generated code is much shorter.
>
> Unfortunately it will be probaly very hard for BER as there are much 
> BER code written by hands which can not be regenerated but has to be 
> changed.
>
> regards,
>   Tomas
>
>
> Mailcode: NdD2sKHg
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Anders 
> Broman
> (AL/EAB)
> Sent: Monday, May 07, 2007 8:57 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev
> 21705:/trunk//trunk/plugins/asn1/:
> asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpac
> ke t-acp133.c packet-acse.cpacket-ansi_map.c packet-ber.cpacket-ber.h 
> packet-camel.c ...
>
> Hi,
> I thought as much but there is still a lot of work to get the actx 
> into all the BER dissecors. I'm taking it a step At the time.
> Regards
> Anders
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, 
> Tomas
> Sent: den 7 maj 2007 07:58
> To: wireshark-dev@wireshark.org
> Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 21705:
> /trunk//trunk/plugins/asn1/: asn1.h
> packet-asn1.c/trunk/epan/dissectors/:
> packet-MAP_DialoguePDU.cpacket-acp133.c packet-acse.c 
> packet-ansi_map.c packet-ber.cpacket-ber.h packet-camel.c ...
>
> Hello Anders,
>
> I had not checked X.690 (BER) specification before I defined PER 
> external structures in asn1_ctx_t.
> I expected BER uses encoding based on X.680 definition.
>
> I think we could merge most of PER and BER items in external structure.
>
> I will move PER items one layer upper and you can reuse them later in 
> BER too.
>
> Regards,
>   Tomas
>
>
> Mailcode: NdD2sKHg
> -Ori

Re: [Wireshark-dev] [Wireshark-commits] rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.c packet-ber

[Anders Broman \(AL/EAB\)]

Hi,
Could you do the asn2wrs changes and send me the file then I could do some 
experiments and
see how much work is involved? At least you have taken care of T38 then there 
is Kerberos
and some gsm stuff so it might not be to difficult.
Regards
Anders



Från: [EMAIL PROTECTED] genom Kukosa, Tomas
Skickat: må 2007-05-07 09:42
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] [Wireshark-commits] 
rev21705:/trunk//trunk/plugins/asn1/:asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacket-acp133.cpacket-acse.cpacket-ansi_map.c
 packet-ber.cpacket-ber.hpacket-camel.c ...



Hi,

BTW when you are making such large changes do not you think about
changing of packet-ber from "field oriented" to "type oriented"?

I.e. replacing

 field_function() {
   type_function(hf_field);
 }
 sequence_structure[] = {
  {..., field_function},
 }

with code

 sequence_structure[] = {
  {&hf_field, ..., type_function},
 }

I did the same for PER last year and generated code is much shorter.

Unfortunately it will be probaly very hard for BER as there are much BER
code written by hands which can not be regenerated but has to be
changed.

regards,
  Tomas


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
(AL/EAB)
Sent: Monday, May 07, 2007 8:57 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev
21705:/trunk//trunk/plugins/asn1/:
asn1.hpacket-asn1.c/trunk/epan/dissectors/:packet-MAP_DialoguePDU.cpacke
t-acp133.c packet-acse.cpacket-ansi_map.c packet-ber.cpacket-ber.h
packet-camel.c ...

Hi,
I thought as much but there is still a lot of work to get the actx into
all the BER dissecors. I'm taking it a step
At the time.
Regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 7 maj 2007 07:58
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 21705:
/trunk//trunk/plugins/asn1/: asn1.h
packet-asn1.c/trunk/epan/dissectors/:
packet-MAP_DialoguePDU.cpacket-acp133.c packet-acse.c packet-ansi_map.c
packet-ber.cpacket-ber.h packet-camel.c ...

Hello Anders,

I had not checked X.690 (BER) specification before I defined PER
external structures in asn1_ctx_t.
I expected BER uses encoding based on X.680 definition.

I think we could merge most of PER and BER items in external structure.

I will move PER items one layer upper and you can reuse them later in
BER too.

Regards,
  Tomas


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, May 07, 2007 12:34 AM
To: [EMAIL PROTECTED]
Subject: [Wireshark-commits] rev 21705: /trunk/ /trunk/plugins/asn1/:
asn1.h packet-asn1.c /trunk/epan/dissectors/: packet-MAP_DialoguePDU.c
packet-acp133.c packet-acse.c packet-ansi_map.c packet-ber.c
packet-ber.h packet-camel.c ...

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=21705

User: etxrab
Date: 2007/05/06 10:34 PM

Log:
 Start introducing actx to ber functions.

Directory: /trunk/plugins/asn1/
  ChangesPath Action
  +45 -0 asn1.h   Modified
  +0 -1  packet-asn1.cModified

Directory: /trunk/epan/dissectors/
  ChangesPath Action
  +20 -20packet-MAP_DialoguePDU.c Modified
  +56 -56packet-acp133.c  Modified
  +103 -103  packet-acse.cModified
  +501 -501  packet-ansi_map.cModified
  +13 -10packet-ber.c Modified
  +2 -1  packet-ber.h Modified
  +434 -434  packet-camel.c   Modified
  +8 -8  packet-cdt.c Modified
  +133 -133  packet-cmip.cModified


(68 files not shown)
___
Wireshark-commits mailing list
[EMAIL PROTECTED]
http://www.wireshark.org/mailman/listinfo/wireshark-commits

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] rev 21705: /trunk//trunk/plugins/asn1/: asn1.h packet-asn1.c/trunk/epan/dissectors/: packet-MAP_DialoguePDU.cpacket-acp133.c packet-acse.c packet-ansi_map.c pac

[Anders Broman \(AL/EAB\)]

Hi,
I thought as much but there is still a lot of work to get the actx into
all the BER dissecors. I'm taking it a step
At the time.
Regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 7 maj 2007 07:58
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 21705:
/trunk//trunk/plugins/asn1/: asn1.h
packet-asn1.c/trunk/epan/dissectors/:
packet-MAP_DialoguePDU.cpacket-acp133.c packet-acse.c packet-ansi_map.c
packet-ber.cpacket-ber.h packet-camel.c ...

Hello Anders,

I had not checked X.690 (BER) specification before I defined PER
external structures in asn1_ctx_t.
I expected BER uses encoding based on X.680 definition.

I think we could merge most of PER and BER items in external structure.

I will move PER items one layer upper and you can reuse them later in
BER too.

Regards,
  Tomas


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, May 07, 2007 12:34 AM
To: [EMAIL PROTECTED]
Subject: [Wireshark-commits] rev 21705: /trunk/ /trunk/plugins/asn1/:
asn1.h packet-asn1.c /trunk/epan/dissectors/: packet-MAP_DialoguePDU.c
packet-acp133.c packet-acse.c packet-ansi_map.c packet-ber.c
packet-ber.h packet-camel.c ...

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=21705

User: etxrab
Date: 2007/05/06 10:34 PM

Log:
 Start introducing actx to ber functions.

Directory: /trunk/plugins/asn1/
  ChangesPath Action
  +45 -0 asn1.h   Modified
  +0 -1  packet-asn1.cModified

Directory: /trunk/epan/dissectors/
  ChangesPath Action
  +20 -20packet-MAP_DialoguePDU.c Modified
  +56 -56packet-acp133.c  Modified
  +103 -103  packet-acse.cModified
  +501 -501  packet-ansi_map.cModified
  +13 -10packet-ber.c Modified
  +2 -1  packet-ber.h Modified
  +434 -434  packet-camel.c   Modified
  +8 -8  packet-cdt.c Modified
  +133 -133  packet-cmip.cModified


(68 files not shown)
___
Wireshark-commits mailing list
[EMAIL PROTECTED]
http://www.wireshark.org/mailman/listinfo/wireshark-commits

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Problems in display of RANAP messages

[Anders Broman \(AL/EAB\)]

Hi,
Those are not the routines to use in this case, from tvbuff.h:
 
/** Attach a TVBUFF_REAL_DATA tvbuff to a parent tvbuff. This connection
 * is used during a tvb_free_chain()... the "child" TVBUFF_REAL_DATA
acts
 * as if is part of the chain-of-creation of the parent tvbuff, although
it
 * isn't. This is useful if you need to take the data from some tvbuff,
 * run some operation on it, like decryption or decompression, and make
a new
 * tvbuff from it, yet want the new tvbuff to be part of the chain. The
reality
 * is that the new tvbuff *is* part of the "chain of creation", but in a
way
 * that these tvbuff routines is ignorant of. Use this function to make
 * the tvbuff routines knowledgable of this fact. */
extern void tvb_set_child_real_data_tvbuff(tvbuff_t* parent, tvbuff_t*
child);
 
/**Sets parameters for TVBUFF_REAL_DATA. Can throw ReportedBoundsError.
*/
extern void tvb_set_real_data(tvbuff_t*, const guint8* data, guint
length,
gint reported_length);
 
/** Combination of tvb_new() and tvb_set_real_data(). Can throw
ReportedBoundsError. */
extern tvbuff_t* tvb_new_real_data(const guint8* data, guint length,
gint reported_length);
 

/** Define the subset of the backing buffer to use.
 *
 * 'backing_offset' can be negative, to indicate bytes from
 * the end of the backing buffer.
 *
 * 'backing_length' can be 0, although the usefulness of the buffer
would
 * be rather limited.
 *
 * 'backing_length' of -1 means "to the end of the backing buffer"
 *
 * Will throw BoundsError if 'backing_offset'/'length'
 * is beyond the bounds of the backing tvbuff.
 * Can throw ReportedBoundsError. */
extern void tvb_set_subset(tvbuff_t* tvb, tvbuff_t* backing,
  gint backing_offset, gint backing_length, gint reported_length);
 
/** Combination of tvb_new() and tvb_set_subset()
 * Can throw ReportedBoundsError. */
extern tvbuff_t* tvb_new_subset(tvbuff_t* backing,
  gint backing_offset, gint backing_length, gint reported_length);

Instead you should use:
*nevt_tvb = tvb_new_subset(tvb, offset, length_remaining, len);
Where ofset = Start of ranap message, and both length parameters =
length of ranap message.
Then 

offset = dissect_ranap_Reset(nevt_tvb , 0, &actx, xxx_tree,
hf_xxx_ranap_reset);

Regards

Anders

 


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 2 maj 2007 10:31
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Problems in display of RANAP messages



Hi ,

 

I want to include some RANAP ( asn.1 format) messages in my dissector.

I have seen the way H245 messages are included in MEGACO. On similar
lines, I have written the following code:

 

dissect_xxx_reset(tvbuff_t *tvb,int offset ,proto_tree
*xxx_tree,packet_info *pinfo)

{

guint8 *buf = ep_alloc(10240);

tvbuff_t *ranap_tvb;

int i = 0;

asn1_ctx_t actx;

 

offset = add_IE_indicator(tvb, offset, xxx_tree); /* To add IE Indicator
*/

offset = add_IE_length(tvb, offset, xxx_tree);/* To add IE length
*/

 

ranap_tvb = tvb_new_real_data(buf,i,i);

tvb_set_child_real_data_tvbuff(tvb,ranap_tvb);

add_new_data_source(pinfo, ranap_tvb, "RANAP OVER XXX");

asn1_ctx_init(&actx, ASN1_ENC_PER, TRUE, pinfo);

offset = dissect_ranap_Reset(tvb, offset, &actx, xxx_tree,
hf_xxx_ranap_reset);

 



.

 

}

 

But I am not getting any display of RANAP messages.

 

On the contrary, if I do not use the functions
tvb_set_child_real_data_tvbuff,  add_new_data_source, I am getting
partial display of the RANAP message.

 

I could not completely understand the way it is implemented inn MEGACO.

1. The purpose of the functions tvb_set_child_real_data_tvbuff and
add_new_data_source.

2. The values to be passed to the function tvb_new_real_data. I have
initialised with zero, but its not working out.

So can somebody help me on the above mentioned functions and how should
I go about implementation.

 

Regards,

Tarani 

 

 


The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Missing directories q932 and qsig

[Anders Broman \(AL/EAB\)]

Hi,
I think they ned to be added to EXTRA_DIST or something such as that... 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lars Ruoff
Sent: den 27 april 2007 16:59
To: Wireshark-dev
Subject: [Wireshark-dev] Missing directories q932 and qsig


Just for info:
The following directories are missing from the latest source tarball,
wireshark-0.99.6-SVN-21602.tar.gz:
/asn1/q932
/asn1/qsig
Is this normal?
Didn't check any other tarballs.

br,
Lars
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] New proto_add_bits function (Was: rev 21556:/trunk/epan//tr...)

[Anders Broman \(AL/EAB\)]

Hi,
I have used it in the h263 dissector with a h263 prefix unfortunatly there is 
only short sequences
Beeing dissected most being the same in all h263 frames :(
Perhaps it can be used in the PER dissector but I didn't want to use it before 
we had agreed on a format to
avoid to many changes.
Regrads
Anders

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Mathieson
Sent: den 26 april 2007 16:56
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] 
[Wireshark-commits]rev21556:/trunk/epan//trunk/epan/: proto.c proto.h 
-allbuildbots rednow :-(

OK,

I'll wait until you check in the tvb_get_bits() change, then look at it again.  
Any test files you could share with longer bit sequences and/or different bit 
offsets would be welcome (so I don't trash it just to make my little examples 
work :) ).

Martin

On 4/26/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
> Hi,
> The intention is to use tvb_get bits from inside proto_tree_add_bits 
> so there will be no overlap.
> /Anders
>
> 
>
> Från: [EMAIL PROTECTED] genom Martin Mathieson
> Skickat: to 2007-04-26 13:49
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] [Wireshark-commits]
> rev21556:/trunk/epan//trunk/epan/: proto.c proto.h - allbuildbots 
> rednow :-(
>
>
>
> Hi Anders,
>
> Your tvb_get_bits() has no much in common with the add_bits() 
> functions that it would be a shame not to share all of the fiddly 
> bits.
>
> Anyway, here is the patch I forgot to send earlier.  It may be a few 
> days before I can look at this again :(
>
> Martin
>
>
> On 4/26/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
> > Hi,
> > I think you forgot the patch :)
> > I have been looking at the funktion in packet-ansi_801.c
> > ansi_801_tvb_get_bits() which may be better To use with some changes 
> > to handle endianess and not to use pointers to offsets. Feel free to 
> > check In any changes I'm a bit short on time pressently.
> > Best regards
> > Anders
> > P.S
> > Untested unused first draft of tvb_get_bits() just extracting the 
> > code fom the other funktions.
> > guint32
> > tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, 
> > gboolean
> > little_endian)
> > {
> >   gboolean is_bytealigned = FALSE;
> >   gint offset;
> >   guint length;
> >   guint bit_length;
> >   guint32 value = 0;
> >   guint32 mask = 0;
> >   guint8 mask8= 0xff;
> >   guint16 mask16  = 0x;
> >   guint32 mask24  = 0xff;
> >   guint32 mask32  = 0x;
> >   guint8 shift;
> >
> >   if((bit_offset&0x7)==0)
> >   is_bytealigned = TRUE;
> >   offset = bit_offset>>3;
> >   bit_length = ((bit_offset&0x7)+no_of_bits);
> >   length = bit_length >>3;
> >   if((bit_length&0x7)!=0)
> >   length = length +1;
> >
> >   if (no_of_bits < 2){
> >   /* Single bit */
> >   mask8 = mask8 >>(bit_offset&0x7);
> >   value = tvb_get_guint8(tvb,offset) & mask8;
> >   mask = 0x80;
> >   shift = 8-((bit_offset + no_of_bits)&0x7);
> >   if (shift<8){
> >   value = value >> shift;
> >   mask = mask >> shift;
> >   }
> >   }else if(no_of_bits < 9){
> >   /* One or 2 bytes */
> >   if(length == 1){
> >   /* Spans 1 byte */
> >   mask8 = mask8>>(bit_offset&0x7);
> >   value = tvb_get_guint8(tvb,offset)&mask8;
> >   mask = 0x80;
> >   }else{
> >   /* Spans 2 bytes */
> >   mask16 = mask16>>(bit_offset&0x7);
> >   if(little_endian){
> >   value=tvb_get_letohs(tvb, offset);
> >   } else {
> >   value=tvb_get_ntohs(tvb, offset);
> >   }
> >   mask = 0x8000;
> >   }
> >   shift = 8-((bit_offset + no_of_bits)&0x7);
> >   if (shift<8){
> >   value = value >> shift;
> >   mask = mask >> shift;
> >   }
> >
> >   }else if (no_of_bits &

Re: [Wireshark-dev] [Wireshark-commits] rev21556:/trunk/epan//trunk/epan/: proto.c proto.h - allbuildbots rednow :-(

[Anders Broman \(AL/EAB\)]

Hi,
The intention is to use tvb_get bits from inside proto_tree_add_bits so there 
will be no overlap.
/Anders



Från: [EMAIL PROTECTED] genom Martin Mathieson
Skickat: to 2007-04-26 13:49
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] [Wireshark-commits] 
rev21556:/trunk/epan//trunk/epan/: proto.c proto.h - allbuildbots rednow :-(



Hi Anders,

Your tvb_get_bits() has no much in common with the add_bits()
functions that it would be a shame not to share all of the fiddly
bits.

Anyway, here is the patch I forgot to send earlier.  It may be a few
days before I can look at this again :(

Martin


On 4/26/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
> Hi,
> I think you forgot the patch :)
> I have been looking at the funktion in packet-ansi_801.c
> ansi_801_tvb_get_bits() which may be better
> To use with some changes to handle endianess and not to use pointers to
> offsets. Feel free to check
> In any changes I'm a bit short on time pressently.
> Best regards
> Anders
> P.S
> Untested unused first draft of tvb_get_bits() just extracting the code fom
> the other funktions.
> guint32
> tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, gboolean
> little_endian)
> {
>   gboolean is_bytealigned = FALSE;
>   gint offset;
>   guint length;
>   guint bit_length;
>   guint32 value = 0;
>   guint32 mask = 0;
>   guint8 mask8= 0xff;
>   guint16 mask16  = 0x;
>   guint32 mask24  = 0xff;
>   guint32 mask32  = 0x;
>   guint8 shift;
>
>   if((bit_offset&0x7)==0)
>   is_bytealigned = TRUE;
>   offset = bit_offset>>3;
>   bit_length = ((bit_offset&0x7)+no_of_bits);
>   length = bit_length >>3;
>   if((bit_length&0x7)!=0)
>   length = length +1;
>
>   if (no_of_bits < 2){
>   /* Single bit */
>   mask8 = mask8 >>(bit_offset&0x7);
>   value = tvb_get_guint8(tvb,offset) & mask8;
>   mask = 0x80;
>   shift = 8-((bit_offset + no_of_bits)&0x7);
>   if (shift<8){
>   value = value >> shift;
>   mask = mask >> shift;
>   }
>   }else if(no_of_bits < 9){
>   /* One or 2 bytes */
>   if(length == 1){
>   /* Spans 1 byte */
>   mask8 = mask8>>(bit_offset&0x7);
>   value = tvb_get_guint8(tvb,offset)&mask8;
>   mask = 0x80;
>   }else{
>   /* Spans 2 bytes */
>   mask16 = mask16>>(bit_offset&0x7);
>   if(little_endian){
>   value=tvb_get_letohs(tvb, offset);
>   } else {
>   value=tvb_get_ntohs(tvb, offset);
>   }
>   mask = 0x8000;
>   }
>   shift = 8-((bit_offset + no_of_bits)&0x7);
>   if (shift<8){
>   value = value >> shift;
>   mask = mask >> shift;
>   }
>  
>   }else if (no_of_bits < 17){
>   /* 2 or 3 bytes */
>   if(length == 2){
>   /* Spans 2 bytes */
>   mask16 = mask16>>(bit_offset&0x7);
>   if(little_endian){
>   value=tvb_get_letohs(tvb, offset);
>   } else {
>   value=tvb_get_ntohs(tvb, offset);
>   }
>   mask = 0x8000;
>   }else{
>   /* Spans 3 bytes */
>   mask24 = mask24>>(bit_offset&0x7);
>   if(little_endian){
>   value=tvb_get_letoh24(tvb, offset);
>   } else {
>   value=tvb_get_ntoh24(tvb, offset);
>   }
>   mask = 0x80;
>   }
>   shift = 8-((bit_offset + no_of_bits)&0x7);
>   if (shift<8){
>   value = value >> shift;
>   mask = mask >> shift;
>   }
>
>   }else if (no_of_bits < 25){
>   /* 3 or 4 bytes */
>   if(length == 3){
>   /* Spans 3 bytes */
>   mask24 = mask24>>(bit_offset&0x7);
> 

Re: [Wireshark-dev] [Wireshark-commits] rev 21556:/trunk/epan//trunk/epan/: proto.c proto.h - all buildbots rednow :-(

[Anders Broman \(AL/EAB\)]

Hi,
I think you forgot the patch :)
I have been looking at the funktion in packet-ansi_801.c 
ansi_801_tvb_get_bits() which may be better
To use with some changes to handle endianess and not to use pointers to 
offsets. Feel free to check
In any changes I'm a bit short on time pressently.
Best regards
Anders 
P.S
Untested unused first draft of tvb_get_bits() just extracting the code fom the 
other funktions.
guint32
tvb_get_bits(tvbuff_t *tvb, gint bit_offset, gint no_of_bits, gboolean 
little_endian)
{
gboolean is_bytealigned = FALSE;
gint offset;
guint length;
guint bit_length;
guint32 value = 0;
guint32 mask = 0;
guint8 mask8= 0xff;
guint16 mask16  = 0x;
guint32 mask24  = 0xff;
guint32 mask32  = 0x;
guint8 shift;

if((bit_offset&0x7)==0)
is_bytealigned = TRUE;
offset = bit_offset>>3;
bit_length = ((bit_offset&0x7)+no_of_bits);
length = bit_length >>3;
if((bit_length&0x7)!=0)
length = length +1;

if (no_of_bits < 2){
/* Single bit */
mask8 = mask8 >>(bit_offset&0x7);
value = tvb_get_guint8(tvb,offset) & mask8;
mask = 0x80;
shift = 8-((bit_offset + no_of_bits)&0x7);
if (shift<8){
value = value >> shift;
mask = mask >> shift;
}
}else if(no_of_bits < 9){
/* One or 2 bytes */
if(length == 1){
/* Spans 1 byte */
mask8 = mask8>>(bit_offset&0x7);
value = tvb_get_guint8(tvb,offset)&mask8;
mask = 0x80;
}else{
/* Spans 2 bytes */ 
mask16 = mask16>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letohs(tvb, offset);
} else {
value=tvb_get_ntohs(tvb, offset);
}
mask = 0x8000;
}
shift = 8-((bit_offset + no_of_bits)&0x7);
if (shift<8){
value = value >> shift;
mask = mask >> shift;
}

}else if (no_of_bits < 17){
/* 2 or 3 bytes */
if(length == 2){
/* Spans 2 bytes */
mask16 = mask16>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letohs(tvb, offset);
} else {
value=tvb_get_ntohs(tvb, offset);
}
mask = 0x8000;
}else{
/* Spans 3 bytes */ 
mask24 = mask24>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letoh24(tvb, offset);
} else {
value=tvb_get_ntoh24(tvb, offset);
}
mask = 0x80;
}
shift = 8-((bit_offset + no_of_bits)&0x7);
if (shift<8){
value = value >> shift;
mask = mask >> shift;
}

}else if (no_of_bits < 25){
/* 3 or 4 bytes */
if(length == 3){
/* Spans 3 bytes */
mask24 = mask24>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letoh24(tvb, offset);
} else {
value=tvb_get_ntoh24(tvb, offset);
}
mask = 0x80;
}else{
/* Spans 4 bytes */ 
mask32 = mask32>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letohl(tvb, offset);
} else {
value=tvb_get_ntohl(tvb, offset);
}
mask = 0x8000;
}
shift = 8-((bit_offset + no_of_bits)&0x7);
if (shift<8){
value = value >> shift;
mask = mask >> shift;
}

}else if (no_of_bits < 33){
/* 4 or 5 bytes */
if(length == 4){
/* Spans 4 bytes */ 
mask32 = mask32>>(bit_offset&0x7);
if(little_endian){
value=tvb_get_letohl(tvb, offset);
   

Re: [Wireshark-dev] Display RTP SSRC in Hex?

[Anders Broman \(AL/EAB\)]

Hi,
HEX_DEC may be an alternative to get both.
Regards
Anders



Från: [EMAIL PROTECTED] genom Lars Ruoff
Skickat: on 2007-04-25 09:43
Till: Wireshark-dev
Ämne: [Wireshark-dev] Display RTP SSRC in Hex?



Hi,
how about displaying the RTP SSRC (RTP Streams, RTP Statistics) in hex rather 
than dec?
Would it make easier to read and compare i think.
What is the common practise display format in other apps?
I can submit a patch if others agree.

Lars
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] asn2wrs tagged type problem

[Anders Broman \(AL/EAB\)]

Hi,
Thanks I'll give it a try soon. Another thing that turned up
With the guy needing exported RANAP functions to use in a plugin
Should there be a directive to add "external" to the exported functions
or could that
Always be added?
Best regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 25 april 2007 08:39
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] asn2wrs tagged type problem

Hi Anders,

it should be fixed now (at least tcap.asn is compileable with asn2wrs).

Best regards,
  Tomas 


Mailcode: NdD2sKHg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
Sent: Monday, April 23, 2007 8:13 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] asn2wrs tagged type problem

Hi,
Fixing the tagged type would be great but when I try to use the -T
option for tcap I get the following error:

ASN.1 to Wireshark dissector compiler
Traceback (most recent call last):
  File "../../tools/asn2wrs.py", line 5117, in ?
eth_main()
  File "../../tools/asn2wrs.py", line 5083, in eth_main
ectx.eth_prepare()
  File "../../tools/asn2wrs.py", line 800, in eth_prepare
if x.has_key(self.type[d]['ethname']) or self.type[d]['import']:
KeyError: 'DialoguePortion/_untag'

Is it supposed to work yet or is it work in progress?
Best regards
Anders

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector

[Anders Broman \(AL/EAB\)]

Hi,
I was refering to the ranap.cnf file. But I suspect that the problem is
that you have built your dissector as a plugin and
need to have the ranap functions exported trough libethereal.def, try to
add them there possibly you need yo add export
in the ranap.h file like:
 
#line 1 "packet-ranap-exp.h"
extern const value_string ranap_Service_Handover_vals[];
extern const value_string ranap_TargetID_vals[];
extern int dissect_ranap_ResetAcknowledge(tvbuff_t *tvb _U_, int offset
_U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
extern int dissect_ranap_ResetResource(tvbuff_t *tvb _U_, int offset
_U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
extern int dissect_ranap_EncryptionInformation(tvbuff_t *tvb _U_, int
offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index
_U_);
extern int dissect_ranap_IntegrityProtectionInformation(tvbuff_t *tvb
_U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int
hf_index _U_);
extern int dissect_ranap_Service_Handover(tvbuff_t *tvb _U_, int offset
_U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
extern int dissect_ranap_TargetID(tvbuff_t *tvb _U_, int offset _U_,
asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);

you'll ned to do this by hand as asn2wrs does not do this automatically.
 
You are probably better off building your dissector as a "normal"
dissector avoiding this kind of problems. As you are changing the main
code to make your
plugin to work you need to disrtribute a complete Wireshark package any
way not only the Plugin. Note that any one that gets this package
can request the source code under the GPL license.
Best regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 24 april 2007 10:44
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Including ASN.1 format coding in a C
dissector



Hi ,

 

Can you specify which  .cnf  file, because we don't have a .cnf file in
my plugin directory..

Also , do we need to make any changes in makefie.am, makefile.common
etc??

 

Regards,

Tarani 

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
(AL/EAB)
Sent: Tuesday, April 24, 2007 1:49 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Including ASN.1 format coding in a C
dissector

 

Hi,

Can you send me your .cnf file?

 

Best regards

Anders

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 24 april 2007 08:57
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Including ASN.1 format coding in a C
dissector

Hi ,

 

The ID of your packet-ranap-template.h file:

$Id: packet-ranap-template.h 18228 2006-05-27 22:09:07Z etxrab $ *

Also packet-ranap-exp.h is included in the file packet-ranap-template.h.

 

I am unable to find the cause for the error.

 

Please help..

 

Regards,

Tarani

 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Monday, April 23, 2007 12:10 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi ,

 

I had to include some RANAP messages  in my dissector.

I have included in the following way:

 

dissect_xxx_msg(tvbuff_t *tvb,int offset,proto_tree
*macic_tree,packet_info *pinfo)

{

guint8 *buf = ep_alloc(10240);

tvbuff_t *ranap_tvb;

int i;

asn1_ctx_t actx;

 

offset = add_IE_indicator(tvb, offset, macic_tree); /* To add IE
Indicator */

offset = add_IE_length(tvb, offset, macic_tree);/* To add IE length
*/

 

ranap_tvb = tvb_new_real_data(buf,i,i);

tvb_set_child_real_data_tvbuff(tvb,ranap_tvb);

add_new_data_source(pinfo, ranap_tvb, "RANAP OVER MACIC");

asn1_ctx_init(&actx, ASN1_ENC_PER, TRUE, pinfo);

offset= dissect_ranap_ResetAcknowledge(ranap_tvb, offset, &actx,
macic_tree, hf_macic_ranap_resetAcknowledge); 



.

Remaining part of the msg continues..

}

I have included the appropriate headers : packet_ranap.h, packet_per.h,
packet_ber.h etc etc...

I am getting a run-time error mentioned below:

 

undefined symbol: dissect_ranap_ResetResource

 

Any other place that I have to declare the functions  

Please help.

 

Regards,

Tarani 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Friday, April 13, 2007 12:52 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

To include the RANAP messages in my dissector, I have done the
following:

 

1.In ranap.cnf under #.EXPORTS, I have added the message id s which I
want to export.

2.In packet-ranap.h, I have included the corresponding functions of the
messa

Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector

[Anders Broman \(AL/EAB\)]

Hi,
Can you send me your .cnf file?
 
Best regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 24 april 2007 08:57
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Including ASN.1 format coding in a C
dissector



Hi ,

 

The ID of your packet-ranap-template.h file:

$Id: packet-ranap-template.h 18228 2006-05-27 22:09:07Z etxrab $ *

Also packet-ranap-exp.h is included in the file packet-ranap-template.h.

 

I am unable to find the cause for the error.

 

Please help..

 

Regards,

Tarani

 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Monday, April 23, 2007 12:10 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi ,

 

I had to include some RANAP messages  in my dissector.

I have included in the following way:

 

dissect_xxx_msg(tvbuff_t *tvb,int offset,proto_tree
*macic_tree,packet_info *pinfo)

{

guint8 *buf = ep_alloc(10240);

tvbuff_t *ranap_tvb;

int i;

asn1_ctx_t actx;

 

offset = add_IE_indicator(tvb, offset, macic_tree); /* To add IE
Indicator */

offset = add_IE_length(tvb, offset, macic_tree);/* To add IE length
*/

 

ranap_tvb = tvb_new_real_data(buf,i,i);

tvb_set_child_real_data_tvbuff(tvb,ranap_tvb);

add_new_data_source(pinfo, ranap_tvb, "RANAP OVER MACIC");

asn1_ctx_init(&actx, ASN1_ENC_PER, TRUE, pinfo);

offset= dissect_ranap_ResetAcknowledge(ranap_tvb, offset, &actx,
macic_tree, hf_macic_ranap_resetAcknowledge); 



.

Remaining part of the msg continues..

}

I have included the appropriate headers : packet_ranap.h, packet_per.h,
packet_ber.h etc etc...

I am getting a run-time error mentioned below:

 

undefined symbol: dissect_ranap_ResetResource

 

Any other place that I have to declare the functions  

Please help.

 

Regards,

Tarani 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Friday, April 13, 2007 12:52 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

To include the RANAP messages in my dissector, I have done the
following:

 

1.In ranap.cnf under #.EXPORTS, I have added the message id s which I
want to export.

2.In packet-ranap.h, I have included the corresponding functions of the
messages which I want to add.

3.In my dissector , I have included packet-ranap.h , packet-per.h and
called the functions appropriately.

 

But I am getting errors due to some linking problems.

 

error: `actx' undeclared (first use in this function)

error: (Each undeclared identifier is reported only once

 

I have not defined asn1_ctx_t *actx in my dissector as I have included
the appropriate headers.

 

Can you please help???

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Thursday, April 12, 2007 11:32 AM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

Thanks for the information. The dissector is propreitary , hence I cant
include it in Wireshark.

 

I will include RANAP messages in the way you have mentioned.

But then , I will have a tough time forming packets for testing . Any
clue how can I form the packets.

 

Thanks in advance.

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Wednesday, April 11, 2007 5:40 PM
To: 'wireshark-dev@wireshark.org'
Subject: Including ASN.1 format coding in a C dissector

 

Hi ,

 

I have written  a dissector for a protocol which has a coding standard
of Tag-Length-Value. Now in this dissector , I have to add some messages
of RANAP protocol which has a coding standard in ASN.1 format.Already
the dissector for RANAP is available in the wireshark. Now:

 

1.Can I call the existing dissector for those particular messages??? If
so how do I do that??

2. If I want to include it normally in my dissector, how can I convert
the ASN.1 format to obtain the tag and lengths of  individual
parameters??

 

Can anybody please help??

 

//Tarani 


The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

Re: [Wireshark-dev] Windows build failing on packet-ber.c

[Anders Broman \(AL/EAB\)]

Indeed it did :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris
Sent: den 23 april 2007 18:52
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Windows build failing on packet-ber.c

Anders Broman (AL/EAB) wrote:

> The buldbot is failing on:

I've checked in a change that should fix those warnings.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector

[Anders Broman \(AL/EAB\)]

Hi,
Is the ID of your packet-ranap-template.h file:
* $Id: packet-ranap-template.h 18228 2006-05-27 22:09:07Z etxrab $ *
If not do an update as
#include "packet-ranap-exp.h" may be is missing?
BR
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 23 april 2007 08:40
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Including ASN.1 format coding in a C
dissector



Hi ,

 

I had to include some RANAP messages  in my dissector.

I have included in the following way:

 

dissect_xxx_msg(tvbuff_t *tvb,int offset,proto_tree
*macic_tree,packet_info *pinfo)

{

guint8 *buf = ep_alloc(10240);

tvbuff_t *ranap_tvb;

int i;

asn1_ctx_t actx;

 

offset = add_IE_indicator(tvb, offset, macic_tree); /* To add IE
Indicator */

offset = add_IE_length(tvb, offset, macic_tree);/* To add IE length
*/

 

ranap_tvb = tvb_new_real_data(buf,i,i);

tvb_set_child_real_data_tvbuff(tvb,ranap_tvb);

add_new_data_source(pinfo, ranap_tvb, "RANAP OVER MACIC");

asn1_ctx_init(&actx, ASN1_ENC_PER, TRUE, pinfo);

offset= dissect_ranap_ResetAcknowledge(ranap_tvb, offset, &actx,
macic_tree, hf_macic_ranap_resetAcknowledge); 



.

Remaining part of the msg continues..

}

I have included the appropriate headers : packet_ranap.h, packet_per.h,
packet_ber.h etc etc...

I am getting a run-time error mentioned below:

 

undefined symbol: dissect_ranap_ResetResource

 

Any other place that I have to declare the functions  

Please help.

 

Regards,

Tarani 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Friday, April 13, 2007 12:52 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

To include the RANAP messages in my dissector, I have done the
following:

 

1.In ranap.cnf under #.EXPORTS, I have added the message id s which I
want to export.

2.In packet-ranap.h, I have included the corresponding functions of the
messages which I want to add.

3.In my dissector , I have included packet-ranap.h , packet-per.h and
called the functions appropriately.

 

But I am getting errors due to some linking problems.

 

error: `actx' undeclared (first use in this function)

error: (Each undeclared identifier is reported only once

 

I have not defined asn1_ctx_t *actx in my dissector as I have included
the appropriate headers.

 

Can you please help???

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Thursday, April 12, 2007 11:32 AM
To: 'wireshark-dev@wireshark.org'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

Thanks for the information. The dissector is propreitary , hence I cant
include it in Wireshark.

 

I will include RANAP messages in the way you have mentioned.

But then , I will have a tough time forming packets for testing . Any
clue how can I form the packets.

 

Thanks in advance.

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent
Networks) 
Sent: Wednesday, April 11, 2007 5:40 PM
To: 'wireshark-dev@wireshark.org'
Subject: Including ASN.1 format coding in a C dissector

 

Hi ,

 

I have written  a dissector for a protocol which has a coding standard
of Tag-Length-Value. Now in this dissector , I have to add some messages
of RANAP protocol which has a coding standard in ASN.1 format.Already
the dissector for RANAP is available in the wireshark. Now:

 

1.Can I call the existing dissector for those particular messages??? If
so how do I do that??

2. If I want to include it normally in my dissector, how can I convert
the ASN.1 format to obtain the tag and lengths of  individual
parameters??

 

Can anybody please help??

 

//Tarani 


The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Windows build failing on packet-ber.c

[Anders Broman \(AL/EAB\)]

Hi,
The buldbot is failing on:
packet-ber.c packet-ber.c(255) : error C2220: warning treated as error -
no object file generated packet-ber.c(255) : warning C4090: 'function' :
different 'const' qualifiers packet-ber.c(255) : warning C4028: formal
parameter 1 different from declaration packet-ber.c(255) : warning
C4024: 'dissector_table_foreach' : different types for formal and actual
parameter 2 

Best regards
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector

[Anders Broman \(AL/EAB\)]

Hi,
2.In packet-ranap.h, I have included the corresponding functions of the 
messages which I want to add.

This shouldn't be neeeded if you regenerated the RANAP dissector wich you must.

( run nmake -f makefile.nmake ranap in the asn1 directory).

 

error: `actx' undeclared (first use in this function)

error: (Each undeclared identifier is reported only once

Without checking - isn't actx required in the funktion calls? e.g you ned to 
define it and initialise it

before calling the RANAP dissector ( chec in packet-ranap.c for actx_init or 
simmilar).

BR

Anders



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: fr 2007-04-13 09:22
Till: [EMAIL PROTECTED]
Ämne: Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector



Hi Anders,

 

To include the RANAP messages in my dissector, I have done the following:

 

1.In ranap.cnf under #.EXPORTS, I have added the message id s which I want to 
export.

2.In packet-ranap.h, I have included the corresponding functions of the 
messages which I want to add.

3.In my dissector , I have included packet-ranap.h , packet-per.h and called 
the functions appropriately.

 

But I am getting errors due to some linking problems.

 

error: `actx' undeclared (first use in this function)

error: (Each undeclared identifier is reported only once

 

I have not defined asn1_ctx_t *actx in my dissector as I have included the 
appropriate headers.

 

Can you please help???

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent Networks) 
Sent: Thursday, April 12, 2007 11:32 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Including ASN.1 format coding in a C dissector

 

Hi Anders,

 

Thanks for the information. The dissector is propreitary , hence I cant include 
it in Wireshark.

 

I will include RANAP messages in the way you have mentioned.

But then , I will have a tough time forming packets for testing . Any clue how 
can I form the packets.

 

Thanks in advance.

 

Regards,

Tarani 

 



From: Taraniteja Vishwanatha (WT01 - IP-Multimedia Carrier & Ent Networks) 
Sent: Wednesday, April 11, 2007 5:40 PM
To: '[EMAIL PROTECTED]'
Subject: Including ASN.1 format coding in a C dissector

 

Hi ,

 

I have written  a dissector for a protocol which has a coding standard of 
Tag-Length-Value. Now in this dissector , I have to add some messages of RANAP 
protocol which has a coding standard in ASN.1 format.Already the dissector for 
RANAP is available in the wireshark. Now:

 

1.Can I call the existing dissector for those particular messages??? If so how 
do I do that??

2. If I want to include it normally in my dissector, how can I convert the 
ASN.1 format to obtain the tag and lengths of  individual parameters??

 

Can anybody please help??

 

//Tarani 


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com

<>___
Wireshark-dev mailing list
[EMAIL PROTECTED]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Decode Octet string into sequence

[Anders Broman \(AL/EAB\)]

Hi,
I'm not shure what you are trying to do according to the INAP ASN1 file:
 
CallResult ::= OCTET STRING(SIZE (minCallResultLength..maxCallResultLength))

--  This parameter provides the SCF with the charging related information 
previously requested
--  using the ApplyCharging operation. This shall include the partyToCharge 
parameter as
--  received in the related ApplyCharging operation to correlate the result to 
the request.
--  The remaining content is network operator specific.
--  Examples of charging related information to be provided by the SSF may be: 
bulk counter values,
--  costs, tariff change and time of change, time stamps, durations, etc.
--  Examples of conditions on which the charging related information are to be 
reported may be:
--  threshold value reached, timer expiration, tariff change, end of connection 
configuration, etc.

Have you regenerated the dissector with the ASN1 code you indicated?
From 
I have a message : "BER ERROR: Sequence expected  but class:0(UNIVERSAL) PC:0 
tag:4  was unexpected". 

because I have "04h" instead of "30h" in my file cap
It looks like it is an OCTET STRING you are receiving not a SEQUENCE is it 
possible that that
OCTET STRING is "double encoded" so that the next octets are the actual 
SEQUENCE?
In that case you'll have to do some codeing in the .cnf file to handle this 
case.
BR
Anders



From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Wed 4/11/2007 4:19 PM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Decode Octet string into sequence



Hi, 


I have a problem, I would like to decode "CallResult" in  "ApplyChargingArg" 
for  INAP Protocol. 
It 's an OCTET STRING and I would like force it in SEQUENCE : 

CallResult ::= SEQUENCE { 
sequenceInfo[01] SequenceInfoAC, 
partyToCharge[02] LegId OPTIONAL, 
supervisionResult[03] SupervisionResult OPTIONAL} 


instead of : 

CallResult:= OCTET STRING 


I have a message : "BER ERROR: Sequence expected  but class:0(UNIVERSAL) PC:0 
tag:4  was unexpected". 

because I have "04h" instead of "30h" in my file cap. 

It is possible to decode it? 


With best regards, 


François Niquel

DEVOTEAM SRIT
3 rue Blaise Pascal 
22300 Lannion - France 

Tél. : 02 96 48 74 16

-
<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Including ASN.1 format coding in a C dissector

[Anders Broman \(AL/EAB\)]

Hi,
You could export the relevant ASN1 sequence by adding somethig like this from
GSM_MAP in the gsm_map.cnf file
 
#.EXPORTS
AddressString
 
Add packet-ranap.h to the includes in your file and then use the exported 
funktion
offset = dissect_gsm_map_AddressString();
in your dissector. Is this something you plan to offer for inclusion in 
Wireshark?
Best regards
Anders



From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Wed 4/11/2007 2:10 PM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Including ASN.1 format coding in a C dissector



Hi ,

 

I have written  a dissector for a protocol which has a coding standard of 
Tag-Length-Value. Now in this dissector , I have to add some messages of RANAP 
protocol which has a coding standard in ASN.1 format.Already the dissector for 
RANAP is available in the wireshark. Now:

 

1.Can I call the existing dissector for those particular messages??? If so how 
do I do that??

2. If I want to include it normally in my dissector, how can I convert the 
ASN.1 format to obtain the tag and lengths of  individual parameters??

 

Can anybody please help??

 

//Tarani 


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Introduction and first questions/suggestions

[Anders Broman \(AL/EAB\)]

Hi,
>Dissector specific
>Item 19. What's the reason, the APDU part of BACnet/IP is not
dissected? Is it just the workload (for which a solution >can be
>found) or there a technical reason such as variable length, the BACnet
specific solution of segmenting or other? 

Dissectors get done/extended whenever someone finds the time/intrest to
do so. Withe BACnet there is another stopper
As the protocol isn't freely avalable any extension to the dissector has
to be done by someone with access to the protocol spec. and sample
traces.
Best regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Simon Ginsburg
Sent: den 4 april 2007 14:21
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Introduction and first questions/suggestions

Hello,

since I signed up this list just recently, I take the opportunity to
introduce myself. My full name is Dr. Simon Ginsburg and I'm Product
Manager for communication protocols/products for the company Saia-
Burgess Controls Ltd in Switzerland. This is the company, where my
college Christian Durrer has already written a dissector included in
Wireshark for our proprietary field bus called "S-Bus".

One of my main fields of activity currently is the implementation of the
BACnet protocol into our PLC (Programmable Logic Controllers).  
For testing, training, support and training purposes I frequently use
Wireshark and also tell our customers with technical problems in the
field to send my not only their project but also trace logs usually
taken with Wireshark.

During recent support call treatments I discovered some fields of
improvements. Before I adding them to the long list of whishes or in the
Wikipedia, I wanted to check that I have not overlooked something.

Wishlist:

Either under Chapter "GUI" or "Dissection":
When a protocol is used on another port than Wireshark expects it to be
(such as BACnet on UDP port 48560) the context sensitive menu Item
"Decode as..." is GREAT, but finding what I need is not so great since
only an abreviation (in above example BVLC) can be selected without any
way of help. I suggest a tooltip when hovering over a selected protocol
item with the same content as in help --> Supported Protocols  (in above
example BVLC: BACnet Virtual Link Control).

Dissector specific
Item 19. What's the reason, the APDU part of BACnet/IP is not dissected?
Is it just the workload (for which a solution can be
found) or there a technical reason such as variable length, the BACnet
specific solution of segmenting or other?

Wikipedia:
BACnet is not easy to find. IMHO it's also a member of the
"FieldbusProtocolFamily" as is LON and EIB, the first using "IP-852",
the latter EIBnet/IP for the transport over IP. Is it OK that I extend
the Wiki pages accordingly?

Sincerely
Simon

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Regarding Downloading through wget

[Anders Broman (AL/EAB)]

Hi,
If you are behind a http proxy you need to define its address in HTTP_PROXY as 
indicated
in the printout. I think it's mentioned in the guide.
BR
Anders 



Från: [EMAIL PROTECTED] genom Manjunath P
Skickat: fr 2007-03-30 16:14
Till: wireshark dev
Ämne: [Wireshark-dev] Regarding Downloading through wget


Hi  all,
  nmake -f Makefile.nmake  setup is not  working for me.
  All  the  steps  prio  to this  are  correct as I hv  verified it  
through  verify_tools option.
  "wget"  is not working  for me.

xx
 C:\wireshark>nmake -f Makefile.nmake setup
Microsoft (R) Program Maintenance Utility Version 8.00.50727.42
Copyright (C) Microsoft Corporation.  All rights reserved.
Checking for required applications:
cl: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/cl
link: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/link
nmake: /cygdrive/c/Program Files/Microsoft Visual Studio 8/VC/BIN/nmake
 
bash: /usr/bin/bash
bison: /usr/bin/bison
flex: /usr/bin/flex
env: /usr/bin/env
grep: /usr/bin/grep
/usr/bin/find: /usr/bin/find
perl: /usr/bin/perl
C:/python24/python.exe: /cygdrive/c/python24/python.exe
sed: /usr/bin/sed
unzip: /usr/bin/unzip
wget: /usr/bin/wget
rm -r -f C:\wireshark-win32-libs/adns-1.0-win32-05
rm -r -f C:\wireshark-win32-libs/gettext-0.14.5
rm -r -f C:\wireshark-win32-libs/glib
rm -r -f C:\wireshark-win32-libs/gnutls-1.6.1-1
rm -r -f C:\wireshark-win32-libs/gtk2
rm -r -f C:\wireshark-win32-libs/gtk+
rm -r -f C:\wireshark-win32-libs/gtk-wimp
rm -r -f C:\wireshark-win32-libs/kfw-2.5
rm -r -f C:\wireshark-win32-libs/libiconv-1.9.1.bin.woe32
rm -r -f C:\wireshark-win32-libs/lua5.1
rm -r -f C:\wireshark-win32-libs/net-snmp-5.4
rm -r -f C:\wireshark-win32-libs/pcre-6.4
rm -r -f C:\wireshark-win32-libs/portaudio_v18_1
rm -r -f C:\wireshark-win32-libs/portaudio_v19
rm -r -f C:\wireshark-win32-libs/user-guide
rm -r -f C:\wireshark-win32-libs/WpdPack
rm -r -f C:\wireshark-win32-libs/AirPcap_Devpack_1_0_0_594
rm -r -f C:\wireshark-win32-libs/zlib123-dll
if not exist C:\wireshark-win32-libs md C:\wireshark-win32-libs
** glib-2.12.7.zip **
No HTTP proxy specified (http_proxy and HTTP_PROXY are empty).
Downloading gtk2.10/glib-2.12.7.zip into C:\WIRESH~2, installing into glib
--17:55:12--  http://anonsvn.wireshark.org/wireshark-win32-libs/tags/2007-01-19/
packages/gtk2.10/glib-2.12.7.zip   => `glib-2.12.7.zip'

Resolving anonsvn.wireshark.org... 128.121.50.122
Connecting to anonsvn.wireshark.org|128.121.50.122|:80... failed: Connection ref
used.
 
ERROR: Can't download http://anonsvn.wireshark.org/wireshark-win32-libs/tags/200
7-01-19/packages/gtk2.10/glib-2.12.7.zip
NMAKE : fatal error U1077: 'C:\cygwin\bin\bash.EXE' : return code '0x1' Stop.
xx
   But  I  can  access the  website( 
http://anonsvn.wireshark.org/wireshark-win32-libs/tags/2007-01-19/ ).
   so, I decided to download through  net  directly.
   But  the  problem is,  I am not able  to download files  like  
adns-1.0-win32-05,gtk+,WdPack,  AirPcap_Devpack_1_0_0_594.
   
So  I need   1)  A  proxy  for  wget  which  works  properly
 OR2)  Any  alternate  sites where I can download the above.
 
-Thanks  in  advance
Manjunath Patil
 
 
 
 
 
 
 
 
 
 
 
 
SASKEN BUSINESS DISCLAIMER
-
This message may contain confidential, proprietary or legally privileged 
information. In 
case you are not the original intended Recipient of the message, you must not, 
directly or 
indirectly, use, Disclose, distribute, print, or copy any part of this message 
and you are 
requested to delete it and inform the sender. Any views expressed in this 
message are 
those of the individual sender unless otherwise stated. Nothing contained in 
this message 
shall be construed as an offer or acceptance of any offer by Sasken 
Communication 
Technologies Limited ("Sasken") unless sent with that express intent and with 
due 
authority of Sasken. Sasken has taken enough precautions to prevent the spread 
of 
viruses. However the company accepts no liability for any damage caused by any 
virus 
transmitted by this email
<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Filter does not work on current svn version

[Anders Broman (AL/EAB)]

Hi,
Hmm the problem seems to actually be in the H.263 dissector...
Best regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sebastien
Tandel
Sent: den 30 mars 2007 14:08
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Filter does not work on current svn version

Hi,

   I modified dfilter-macro for a strict aliasing gcc warning which
stopped the compilation when using -Werror. I replaced (void**) by
(void*) I had no problem on my debian but it seems you do. Sorry. Can
you tell me on which platform and compiler it occured?

I reverted back these "fixes" on the svn, could you test please?


Regards,
Sebastien Tandel

Anders Broman (AL/EAB) wrote:
> Hi,
> Applying a filter in the current build results in:
> 13:13:01  Err  Per-packet memory corrupted.
>
>
> Press any key to exit
>
> Best regards
> Anders
>
>   
> --
> --
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>   

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Filter does not work on current svn version

[Anders Broman (AL/EAB)]

Hi,
Applying a filter in the current build results in:
13:13:01  Err  Per-packet memory corrupted.


Press any key to exit

Best regards
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Warnings in asn2wrs generated files

[Anders Broman (AL/EAB)]

 
Hi,
I had a quick look at the warnings for NBAP some of the "unused
function" warnings are due
To the "dirty" way hf fields and stuff are auto generated by creating
dummy choice statements for
Opcodes and elements to hand craft them or remove the dummy statements
after copying the auto generated stuff to the template file seems like
owerkill or?

Other parts of the warnings are problems with asn2wrs it self or how
it's used.
>Tomas kukosa wrote:
>those "field functions" are created bacuse of -F option is used.
>It is used because some of "field functions" are called from nbap
template.
> 
>"field functions" are not called from generated code now. 
>It was changed few months ago when I change PER helper funcions from
"field oriented" to "type oriented".

I'm not sure how to fix those...

Best regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joerg Mayer
Sent: den 28 mars 2007 14:13
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] [Patch] pragma warning

On Wed, Mar 28, 2007 at 08:21:24AM +, ronnie sahlberg wrote:
> I dont think it is really realistic to have all autogenerated files 
> always compile without any warnings.

Which warnings do you have in mind specifically? Why do you think they
can't be avoided?

> Maybe we should instead split Makefile.common up into three parts :
> 
> First part : normal dissectors
> 
> Second part : ANS2WRS generated dissectors  which take extra compile 
> time flags and definitions to suppress artefacts from the compiler.

I think they should just be generated from their "real sources" on each
build, thus removing the need to manually rebuild them at all.

> Third part : PIDL generated dissectors that once again take extra 
> compile parameters and definitions.

dito.

 ciao
Joerg
-- 
Joerg Mayer   <[EMAIL PROTECTED]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Suggested enhancements for WireShark

[Anders Broman (AL/EAB)]

Hi,
I'm looking at something simmilar where a number of bits are added to
the tree and where the bit position
In the octet(s) are variable. I think this can be useful in bit oriented
protocol where a number of bit
Can be otional and a fixed mask is useless. This is jut prototype code:

Offset and length is given in bits making it possible to add:
..10 10..   Foo 10
Or
.101 0...   Foo 10

proto_item *
h263_proto_tree_add_bits(proto_tree *tree, int hf_index, tvbuff_t *tvb,
gint bit_offset, gint no_of_bits)
{
gint offset;
guint length;
char *str;
header_field_info *hfinfo;
guint32 value = 0;
int bit;
guint32 mask, tmp;
gboolean is_bytealigned = FALSE;
guint8 mask8= 0xff;
guint16 mask16  = 0x;
guint32 mask24  = 0xff;
guint32 mask32  = 0x;
guint8 shift;
int i;
const char *format = NULL;

if((bit_offset&0x7)==0)
is_bytealigned = TRUE;

hfinfo = proto_registrar_get_nth(hf_index);

offset = bit_offset>>3;
length = ((bit_offset&0x7)+no_of_bits)>>3;
length = length +1;

if (no_of_bits < 2){
/* Single bit */
mask8 = mask8 >>(bit_offset&0x7);
value = tvb_get_guint8(tvb,offset) & mask8;
mask = 0x80;
shift = 8-((bit_offset + no_of_bits)&0x7);
value = value >> shift;
mask = mask >> shift;
length = 1;
}else if(no_of_bits < 9){
/* One or 2 bytes */
if(length == 1){
/* Spans 1 byte */
mask8 = mask8>>(bit_offset&0x7);
value = tvb_get_guint8(tvb,offset)&mask8;
mask = 0x80;
}else{
/* Spans 2 bytes */ 
mask16 = mask16>>(bit_offset&0x7);
value = tvb_get_ntohs(tvb,offset) & mask16;
mask = 0x8000;
}
shift = 8-((bit_offset + no_of_bits)&0x7);
value = value >> shift;
mask = mask >> shift;

}else if (no_of_bits < 17){
/* 2 or 3 bytes */
if(length == 2){
/* Spans 2 bytes */
mask16 = mask16>>(bit_offset&0x7);
value = tvb_get_ntohs(tvb,offset) & mask16;
mask = 0x8000;
}else{
/* Spans 3 bytes */ 
mask24 = mask24>>(bit_offset&0x7);
value = tvb_get_ntoh24(tvb,offset) & mask24;
mask = 0x80;
}
shift = 8-((bit_offset + no_of_bits)&0x7);

value = value >> shift;
mask = mask >> shift;

}else if (no_of_bits < 25){
/* 3 or 4 bytes */
if(length == 3){
/* Spans 3 bytes */
mask24 = mask24>>(bit_offset&0x7);
value = tvb_get_ntoh24(tvb,offset) & mask24;
mask = 0x80;
}else{
/* Spans 4 bytes */ 
mask32 = mask32>>(bit_offset&0x7);
value = tvb_get_ntohl(tvb,offset) & mask32;
mask = 0x80;
}
shift = 8-((bit_offset + no_of_bits)&0x7);

value = value >> shift;
mask = mask >> shift;

}else if (no_of_bits < 33){
/* 4 or 5 bytes */

}else{
g_assert_not_reached();
}

/* prepare the string */
str=ep_alloc(256);
g_snprintf(str, 256, "");
for(bit=0;bit<((int)(bit_offset&0x07));bit++){
if(bit&&(!(bit%4))){
strcat(str, " ");
}
strcat(str,".");
mask = mask>>1;
}
/* read the bits for the int */
for(i=0;i>1;
}
for(;bit%8;bit++){
if(bit&&(!(bit%4))){
strcat(str, " ");
}
strcat(str,".");
}


strcat(str," = ");
strcat(str,hfinfo->name);
if (no_of_bits== 1){
/* Boolean field */
if (hfinfo->strings) {
const true_false_string *tfstring =
&tfs_true_false;
tfstring = (const struct true_false_string*)
hfinfo->strings;

return proto_tree_add_boolean_format(tree,
hf_index, tvb, offset, length, value,
"%s: %s",
str,
value ? tfstring->true_string :
tfstring->false_string);
  

Re: [Wireshark-dev] gsm_map dissector question

[Anders Broman (AL/EAB)]

Hi,
In which specification is mt-fsm(MT-ForwardSM?) given with Opcode 46? 
I supose a solution would be to introduce a preference if MAPv2 or V3 is
used.
I have little time to look at this currently.
Best regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abhik Sarkar
Sent: den 26 mars 2007 11:31
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] gsm_map dissector question

Hi Anders,

Thanks for your reply. Attached are sample captures. The MSUs are syslog
encapsulated, so you need to be running SVN rev 21109 or higher. Decode
UDP destination port 7890 as syslog and you will see the MTP3 and higher
layers.

example1.cap : A simple MAPv2 mt-fsm showing up as mo-fsm.
example2.cap : The gsm_map dissector throwing up a BER decode error
because it thinks there are some extra invalid field beyond the sm-RP-UI
of the mo-fsm, but the extra field is actually the more-messages-to-send
flag in a MAPv2 mt-fsm.

I had one more example, but I can't find it anymore. I will send it on
if I do find it.

Best regards,
Abhik.

On 3/26/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
> Hi,
> If you could supply a sample trace we could see what can be done.
> Best regards
> Anders
>
> 
>
> From: [EMAIL PROTECTED] on behalf of Abhik Sarkar
> Sent: Mon 3/26/2007 9:49 AM
> To: wireshark-dev@wireshark.org
> Subject: [Wireshark-dev] gsm_map dissector question
>
>
>
> Hi List,
>
> I have been capturing and decoding some live traffic on a GSM network,

> and find a problem in decoding of GSM MAP operations.
>
> The GSM MAP dissector is currently based on 3GPP TS 29.002 v7.5.0.
> This leads to incorrect decoding of packets which are working on lower

> MAP versions. For example, a MAP v2 ShortMsgMT-Relay gets decoded as 
> MAP v3 ShortMsgMO-Relay (because the opcodes are same). This leads to 
> all kinds of warnings, and sometimes incorrect decoding.
>
> I don't suppose there is a (simple) way around this, is there? I guess

> a complex (and resource hungry) method would be for the TCAP dissector

> to follow dialogs and then pass the application context information to

> the MAP dissector for MAP to interpret the operation based on the 
> application context in addition to the op-code.
>
> I am sorry if this has already been discussed, I searched the 
> archives, but could not find anything relevant... perhaps I didn't use

> the correct search string.
>
> Thanks,
> Abhik.
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] gsm_map dissector question

[Anders Broman (AL/EAB)]

Hi,
If you could supply a sample trace we could see what can be done.
Best regards
Anders



From: [EMAIL PROTECTED] on behalf of Abhik Sarkar
Sent: Mon 3/26/2007 9:49 AM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] gsm_map dissector question



Hi List,

I have been capturing and decoding some live traffic on a GSM network,
and find a problem in decoding of GSM MAP operations.

The GSM MAP dissector is currently based on 3GPP TS 29.002 v7.5.0.
This leads to incorrect decoding of packets which are working on lower
MAP versions. For example, a MAP v2 ShortMsgMT-Relay gets decoded as
MAP v3 ShortMsgMO-Relay (because the opcodes are same). This leads to
all kinds of warnings, and sometimes incorrect decoding.

I don't suppose there is a (simple) way around this, is there? I guess
a complex (and resource hungry) method would be for the TCAP dissector
to follow dialogs and then pass the application context information to
the MAP dissector for MAP to interpret the operation based on the
application context in addition to the op-code.

I am sorry if this has already been discussed, I searched the
archives, but could not find anything relevant... perhaps I didn't use
the correct search string.

Thanks,
Abhik.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Adding a data item to gsm map

[Anders Broman \(AL/EAB\)]

Hi,
Are you trying to add dissection of a private data item allready used by
some application or trying
to design an application which uses proprietarry data?
 
If it's the former just add your ASN1 code to the gsm map asn1 at the
apropriate place and regenerate the dissector if it's the later
use the extension container present in the protocol(s).
Best regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of manogna
manogna
Sent: den 12 mars 2007 12:43
To: Wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Adding a data item to gsm map


Hi All,
 
Could you please let me know how to handle this?
 
Thanks,
manu

manogna manogna <[EMAIL PROTECTED]> wrote:

Hi,
 
My purpose is to extend GSM MAP with private extensions.
myAppData is proprietary data.
 
Best Regards,
manu
 
From: Andreas Fink <[EMAIL PROTECTED]
 >
Date: Fri, 9 Mar 2007 12:07:27 +0100



whats the purpose of that? 
extend GSM MAP with private extensions or extending GSM MAP with
extensions which appeared in the standard?

On 09.03.2007, at 11:35, manogna manogna wrote:


Hi All,
 
I've to add a data item to GSM MAP dissector.
 
The data item is :
 
myAppData ::= SEQUENCE {
  myvar1 [0] MyVar1,
  myvar2 [1] MyVar2 OPTIONAL
}
 
Additional information is as follows.
 
TC-BEGIN may carry proprietary information. This is applicable
only when the MAP dialogue is transferred. It is also specified that,
myAppData is optional.
This information is transferred in SUA information element Info
String. 
 
Any inputs on how to handle this?
 
Thanks,
manu



We won't tell. Get more on shows you hate to love
 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
 




Never miss an email again!
Yahoo! Toolbar
  alerts you the instant new Mail arrives. Check it out.
 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] local operation code in MAP

[Anders Broman \(AL/EAB\)]

Hi,
Shouldn't the encoded value be H'81 H'19(153) ?
Best regards
Anders



From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Tue 2/27/2007 3:14 PM
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] local operation code in MAP



Hi,

 

I've given the value for operation code, not the ASN1 compiler.

 

I've tried below suggestion but still got the problem.

Operation code length : 02, and the operation code : H'81 H'99.

 

I tried to print the opcode value read from dissect_ber_integer, 
dissect_ber_integer64

They print negative number for int format & huge positive number for unsigned 
format.

 

Best Regards,

Bhavani.

 

 

 

From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 
Date: Tue, 27 Feb 2007 13:05:42 +0100




  Hi,
 
You said:
"Hex value shown, in the bytes pane is 99."
Is this value field by yourself, or by an ASN1 compiler ?
I think, It could be a problem of long form encoding.
Could you try to use H'81 H'99 instead of H'99 for the operation code in
the message to decode ?
 
Regards
Florent

 



From: DurgaBhavani Uppuluru 
Sent: Tuesday, February 27, 2007 12:08 PM
To: 'wireshark-dev@wireshark.org'
Subject: RE: local operation code in MAP

 

Hi Again,

 

I've tried latest svn version files too, still I get the same problem.

I've added gsmmap, ranap directories & packet-gtp.c from svn Revision 20934, on 
top of wireshark-0.99.5 sources.

 

Please help me.

 

Best Regards,

Bhavani.



From: DurgaBhavani Uppuluru 

Sent: Tuesday, February 27, 2007 9:41 AM
To: 'wireshark-dev@wireshark.org'
Subject: RE: local operation code in MAP

 

Hi,

 

I'm using wireshark 0.99.5 sources.

The below code is right. 

I've added the operations in the same way.

 

Here are the steps followed:

 

My GSMMAP.asn files looks

 

1. OperationLocalvalue ::= INTEGER{

updateLocation (2),

:

noteMM-Event (89),

operation1(152),

operation2(153)

}

 

2. Operation descriptions of operation1 & operation2 are added

 

3. packet-gsm_map-template.c is updated with

 

gsm_map_opr_code_strings[]={

{   2, "updateLocation" },

:

{   152, "operation1" },

{   153, "operation2" }

}

 

dissect_invokeData()

switch(opcode){

  case  2: /*updateLocation*/ dissect_gsm_map_UpdateLocationArg();  break;

:

  case 152: /*operation 1*/ dissect_gsm_map_Operation1Arg(); break;

  case 153: /*operation 2*/ dissect_gsm_map_Operation2Arg(); break;

}

return offset;

}



3. makefile is used to generate packet-gsm_map.c, packet-gsm_map.h.

Options used with asn2wrs are:

python ../../tools/asn2wrs.py -b -e -p gsm_map -c gsmmap.cnf -s 
packet-gsm_map-template GSMMAP.asn

 

4. Generated packet-gsm_map.c, packet-gsm_map.h are copied to 
../../epan/dissectors folder.

Standard makefile present in the wireshark-0.99.5 directory is used to build 
the wireshark exe.

 

The same steps when followed with operation codes with 90,91 or 94,95  work 
fine.

 

Thanks for your time.

 

Best Regards,

Bhavani.

 

From: "Anders Broman \(AL/EAB\)" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
Date: Mon, 26 Feb 2007 16:21:09 +0100

Hi,

Are you running the latest SVN version of Wireshark?

I asume that "adding an operation with local value 153 to GSMMAP" means that 
you are editing the sources,

what happens if you change:

GSMMAPOperationLocalvalue ::= INTEGER{
 updateLocation (2),

:

 noteMM-Event (89)
} 

To:

 noteMM-Event (89),

 your-string(153)
} 

in GSMMAP.asn and rebuild the dissector using asn2wrs?

Best regards

Anders

 



From: DurgaBhavani Uppuluru 

Sent: Monday, February 26, 2007 10:46 AM
To: 'wireshark-dev@wireshark.org'
Subject: RE: local operation code in MAP

 

Hi Anders,

 

Hex value shown, in the bytes pane is 99.

I've tried other numbers too (>150) and I get similar result.

 

Best Regards,

Bhavani.

 

From: "Anders Broman" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
Date: Sun, 25 Feb 2007 19:55:43 +0100

Hi,
What is the hex value shown in the bytes pane when marking localvalue in the
middle pane?
Best regards
Anders

 



From: DurgaBhavani Uppuluru
Sent: Sunday, February 25, 2007 2:36 PM
To: 'wireshark-dev@wireshark.org'
Subject: local operation code in MAP

 

Hi All,

 

Greetings to you.

 

I'm adding an operation with local value 153 to GSMMAP.

But dissector does not recognize 153, it reports Unknown -103.

Kindly tell me how to set this value.

 

Thanks,

Bhavani.


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive 

Re: [Wireshark-dev] Mixed application contexts in MAP

[Anders Broman \(AL/EAB\)]

Hi,
Are you using the 0.99.5 sources or a fresh SVN checkout?
That code is only in the latest sources I think.
Best regards
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 26 februari 2007 11:45
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Mixed application contexts in MAP



Hi,

 

I'm adding proprietary operations & application contexts to GSMMAP.

I'm updating the same GSMMAP.asn file with the operations.

 

Please let me know whether I can add them directly, to the GSMMAP file
or not.

I couldn't find the below PlmnContainer in the wireshark soure.

 

Did you mean the below 'line' to be an example?

 

Best Regards,

Bhavani

 

 

From: "Anders Broman" <[EMAIL PROTECTED]
 >
Date: Sun, 25 Feb 2007 20:01:34 +0100




Hi,,

I'm not sure what you want but see:

register_ber_oid_dissector("1.3.12.2.1006.53.2.1.3",
dissect_gsm_mapext_PlmnContainer,

in the packet-gsm_map-template.c file and PlmnContainer in the asn1
file.

Best regards

Anders



From: DurgaBhavani Uppuluru

Sent: Sunday, February 25, 2007 6:17 PM
To: 'wireshark-dev@wireshark.org'
Subject: Mixed application contexts in MAP

 

Hi,

 

Can I add application context with 'iso(1)' OID along with contexts
of 'itu-t(0)' OIDs in the same dissector development file?

 

Thanks,

Bhavani


The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] local operation code in MAP

[Anders Broman \(AL/EAB\)]

Hi,
Are you running the latest SVN version of Wireshark?
I asume that "adding an operation with local value 153 to GSMMAP" means
that you are editing the sources,
what happens if you change:
GSMMAPOperationLocalvalue ::= INTEGER{
 updateLocation (2),
:
 noteMM-Event (89)
} 
To:
 noteMM-Event (89),
 your-string(153)
} 
in GSMMAP.asn and rebuild the dissector using asn2wrs?
Best regards
Anders
 


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 26 februari 2007 06:16
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] local operation code in MAP



Hi Anders,

 

Hex value shown, in the bytes pane is 99.

I've tried other numbers too (>150) and I get similar result.

 

Best Regards,

Bhavani.

 

From: "Anders Broman" <[EMAIL PROTECTED]
 >
Date: Sun, 25 Feb 2007 19:55:43 +0100




Hi,
What is the hex value shown in the bytes pane when marking localvalue in
the
middle pane?
Best regards
Anders

 



From: DurgaBhavani Uppuluru
Sent: Sunday, February 25, 2007 2:36 PM
To: 'wireshark-dev@wireshark.org'
Subject: local operation code in MAP

 

Hi All,

 

Greetings to you.

 

I'm adding an operation with local value 153 to GSMMAP.

But dissector does not recognize 153, it reports Unknown -103.

Kindly tell me how to set this value.

 

Thanks,

Bhavani.


The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Newbie - How to "hook into" wireshark

[Anders Broman \(AL/EAB\)]

Hi,
Are those Ethertypes registered with
http://standards.ieee.org/regauth/ethertype/index.shtml ?
 
You can use packet-tipc.c as an example on how to register a dissector
based on ethertype:
void
proto_reg_handoff_tipc(void)
{
 dissector_handle_t tipc_handle;
 
 tipc_handle = create_dissector_handle(dissect_tipc, proto_tipc);
 dissector_add("ethertype", ETHERTYPE_TIPC, tipc_handle);
 if (extra_ethertype)
  dissector_add("ethertype", ETHERTYPE_TIPC2, tipc_handle);
 
 ip_handle = find_dissector("ip");
}
 
For UDP you can chose to register your dissector on a specific port
preferably with a preference defaulted to zero, or make a heuristic UDP
dissector
packet-sip.c can be used as a reference I think.
BR
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Jamulla
Sent: den 13 februari 2007 13:10
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Newbie - How to "hook into" wireshark


Hello,
 
I'm new to wireshark development and have read the README.developer only
1 time so far. *smile*
I've finally got a development environment with MS VC++ 6 and cygwin
working, and I've built wireshark and have it running from the source, I
then built a "dissector" with very little/nothing in it, and I can see
it in the "enable dissectors" list, but I can't seem to select it to
"force" a packet to be dissected with it, etc. So, with my (non-plug-in)
dissector, I have a build that works correctly it appears, but my
dissector doesn't yet do anything useful.
 
Now before I do anything useful with it, I wanted to see it at least get
"hooked into" wireshark so it'll be called when appropriate.
I'm trying to figure out exactly how to get an existing dissector (is
that an upper or lower one??, and I'm not sure exactly one would call my
dissector(s)) to call a new dissector I'm going to write (maybe it's
really called a sub-dissector?). Actually, I have a few different ones I
need to write, and so I need to have "hooks" in for a few different
cases.
 
Here's the cases:
a) I have a "protocol" that has a 0x6100 in the "ethertype" field of an
Ethernet packet. How do I get one of the dissectors to call mine if it
sees this in the packet?
I also have 2 more "protocols" that are similar with 0x6101 and 0x6102
in that field.
I don't have the capture file in front of me to be more specific.
 
b) I have a set of messages that are IP/UDP, and they have specific
information in the first few bytes of the "data" part of a UDP packet.
How do I "hook in" my dissector for this case?
 
Any help is greatly appreciated.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Option to allow processing of unrecognisedData-link level PCAP file

[Anders Broman \(AL/EAB\)]

Hi,
The correct way would be to use the User DLT:s(147 - 162) in the program
producing the traces I would think.
BR
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas
Pratley
Sent: den 5 februari 2007 17:45
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Option to allow processing of
unrecognisedData-link level PCAP file



Hi guys

 

At the moment, if Wireshark comes across an unexpected data-link level
type in the global header when reading a PCAP file, it completely
rejects the file. This doesn't allow the user to apply any intelligence,
e.g. by manipulating the "wtap_encap" dissector table using Lua.

 

A quick hack prototype suggests that it is possible to read unknown or
mis-labelled data; the frame dissector just hands it off to the data
dissector. 

 

a) Would adding an option allowing unrecognised data to be read in from
a PCAP file cause any side-effects that I haven't spotted? The only
changes other than setting up the option would be in
libpcap.c:libpcap_open, so that it would continue processing an
unrecognised type.

 

b) What would the best way be of adding this option? My first thought
was to make it a preference, but the wiretap library has no dependencies
on the epan module where the preferences are. It looks like it would
take some careful wiring to add in the option without introducing a
dependency (which I think would break some of the apps). Setting up a
new (non-protocol) preference might also have to be duplicated across
tshark and wireshark, which is ugly.

 

Cheers

 

Doug

__ 
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
__ 
www.detica.com
http://www.detica.com/> 

 




This message should be regarded as confidential. If you have received
this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard
copy by an authorised signatory. The contents of this email may relate
to dealings with other companies within the Detica Group plc group of
companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP,
England.


___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Is it possible to somehow override builtin LAPD?

[Anders Broman \(AL/EAB\)]

Hi,
A better solution would be to look into making that into preferences in the 
standard dissector.
BR
Anders



Från: [EMAIL PROTECTED] genom Jonas Nilsson A (LI/EAB)
Skickat: on 2007-01-17 16:03
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] Is it possible to somehow override builtin LAPD?



Hi, 

I am new to Wireshark so excuse me if this topic has been covered before (I 
have searched for an answer without finding it).

In the builtin LAPD dissector there a number of protocols defined in the 
lapd_sapi.h file. My problem is that I would like to dissect other protocols on 
top of LAPD that (in some cases) uses the same SAPI as the ones already 
defined. 

I would like to be able to distribute the protocols running on top of LAPD as 
plugins together with the binary windows distribution but I will have a 
conflict for at least one of the protocols on top of LAPD. 

What if I would distribute a modified LAPD as a plugin? Would that somehow 
override the builtin LAPD dissector? Is there a better way of getting around 
this problem?

Any help would be much appreciated. 

Best Regards, 
Jonas 

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] rev 20442:/trunk/tools/lemon/ /trunk/tools/lemon/: lemon.c

[Anders Broman \(AL/EAB\)]

Hi,
I have filed a bug with sqlite.
BR
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joerg Mayer
Sent: den 16 januari 2007 11:57
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev
20442:/trunk/tools/lemon/ /trunk/tools/lemon/: lemon.c

On Mon, Jan 15, 2007 at 07:48:06PM +, [EMAIL PROTECTED] wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=20442
> 
> User: lego
> Date: 2007/01/15 07:48 PM
> 
> Log:
>  Fix a major leakage of token minors in lemon generated parsers due to
the fact that lemon was not genmerating destructor code for elements in
the RHS of rules without C-code.
> 

Can you please provide feedback to the lemon author?

 thanks
   Joerg
-- 
Joerg Mayer   <[EMAIL PROTECTED]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Microsoft Visual C Version 6support isa bitoutdated ...

[Anders Broman \(AL/EAB\)]

Hi,
The buildbot has the same problem so it's not related to MSVC...
BR
Anders



Från: [EMAIL PROTECTED] genom Alfred Alinazar
Skickat: to 2007-01-11 09:43
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Microsoft Visual C Version 6support isa bitoutdated 
...



Ulf Lamping wrote:
> Should be fixed now, I simply messed up the line copying the file "if
> exist copy zlib1.dll.manifest ..." :-(
>
> I've done some more, all MSVC variants shouldn't give a NSIS warnings
> now :-)
>
> Regards, ULFL
Ulf,
I managed to build my wireshark yesterday.
But it failed again today after I update the source with the latest SVN.

Here is the error:
---
Microsoft (R) Program Maintenance Utility   Version 7.00.8882
Copyright (C) Microsoft Corp 1988-2000. All rights reserved.

cl -DWIN32 -DNULL=0 -D_MT -D_DLL -DHAVE_CONFIG_H /I..
/I../wiretap /IC:\
wireshark-win32-libs\glib\include\glib-2.0 
/IC:\wireshark-win32-libs\glib\lib\g
lib-2.0\include /IC:\wireshark-win32-libs\gtk+\include
/IC:\wireshark-win32-libs
\gtk+\include\gdk  /IC:\wireshark-win32-libs\gtk+\lib\gtk+\include
/IC:\wireshar
k-win32-libs\gnutls-1.6.1-1\include /DNOCRYPT 
/IC:\wireshark-win32-libs\WPdpack
\WPCAP\LIBPCAP /IC:\wireshark-win32-libs\WPdpack\WPCAP\LIBPCAP\bpf 
/IC:\wiresha
rk-win32-libs\WPdpack\WPCAP\LIBPCAP\lbl 
/IC:\wireshark-win32-libs\WPdpack\inclu
de /IC:\wireshark-win32-libs\net-snmp-5.4\include
/IC:\wireshark-win32-libs\net-
snmp-5.4\win32  /Zm800 -D_U_="" -D_NEED_VAR_IMPORT_ /Zi /W3 /MD
/D_CRT_SECURE_NO
_DEPRECATE /D_CRT_NONSTDC_NO_DEPRECATE 
/IC:\wireshark-win32-libs\portaudio_v19\
include /IC:\wireshark-win32-libs\portaudio_v19\src\common-Fd.\ -c
airpcap_g
ui_utils.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42
for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

airpcap_gui_utils.c
airpcap_gui_utils.c(338) : error C2039: 'str' : is not a member of
'_GByteArray'

C:\wireshark-win32-libs\glib\include\glib-2.0\glib/garray.h(45)
: see de
claration of '_GByteArray'
airpcap_gui_utils.c(338) : error C2198: 'g_strdup' : too few arguments
for call
airpcap_gui_utils.c(837) : warning C4133: '=' : incompatible types -
from 'GStri
ng *' to 'GByteArray *'
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Platform SDK for
Windows
 Server 2003 R2\Bin\nmake.exe"' : return code '0x2'
Stop.
-


regards,

-Alfred-
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Microsoft Visual C Version 6support isa bitoutdated ...

[Anders Broman \(AL/EAB\)]

Hi,
Thanks Ulf it works fine.
 
When doing packaging I get:
1 warning:
  File: "C:\wireshark-win32-libs\zlib123-dll\zlib1.dll.manifest" -> no files fou
nd. (wireshark.nsi:315)
 
BR
Anders



Från: [EMAIL PROTECTED] genom Ulf Lamping
Skickat: on 2007-01-10 01:38
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Microsoft Visual C Version 6support isa bitoutdated 
...



Andrew Hood wrote:
>> Anders also observed it didn't build. If you did "nmake -k ..." it might
>> build later on, and then rerunning nmake might work.
>>
That was a bug in the dependencies, I've checked in a fix. It should
compile zlib1.dll now as required.

Regards, ULFL
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Dissector plugin not registering properly.

[Anders Broman \(AL/EAB\)]

Hi,
Hard to tell without seeing the register routine. Are you sure there is a valid 
handle
when you do the dissector_add()?
BR
Anders



Från: [EMAIL PROTECTED] genom Jared King
Skickat: on 2007-01-10 07:04
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] Dissector plugin not registering properly.



I am writing a dissector plugin for an inhouse message protocol. I can not
get it to dissect the packets it should.

Wireshark sees the plugin, it brings up the preference I have created to set
the port number manually. Initially I use a line like:
"dissector_add("tcp.port", , my_protocol_handle_handle)"
Then if the user wishes to change the port number they do it in preferences
and I delete the old and add the new.

For some reason it does not dissect the packets. The packets are being
received but just interpreted as TCP packets and not going any further.

The protocol connects at my side (side running wireshark) on port  by
default and uses a random port at the other end. Is it possible that
this could
be causing troubles. Do both the ports (source and destination) need to
match
or just one or the other?

What else could I be doing wrong?

Thanks

Jared King
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] rev 20334: /trunk//trunk/asn1/ansi_map/: ansi_map.asn ansi_map.cnfpacket-ansi_map-template.c /trunk/epan/dissectors/:packet-ansi_map.c packet-ansi_map.h

[Anders Broman \(AL/EAB\)]

Hi,
I think thats a good idea. But perhaps we should wait a day or two to
see if we get any complaints on
The new ANSI MAP dissector and the plans to move the files.
Lets say that if no one oposes we'll move the files on Wednesday.
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kukosa, Tomas
Sent: den 8 januari 2007 09:25
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 20334:
/trunk//trunk/asn1/ansi_map/: ansi_map.asn
ansi_map.cnfpacket-ansi_map-template.c
/trunk/epan/dissectors/:packet-ansi_map.c packet-ansi_map.h

Hello, 

the only ASN.1 plugin uses old asn1.c/.h files now.
I would propose to move them into plugin/asn1 directory. (I have it
tested and it works)

Does anybody still need them in the epan directory?

Tomas


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, January 06, 2007 9:51 PM
To: wireshark-commits@wireshark.org
Subject: [Wireshark-commits] rev 20334: /trunk/ /trunk/asn1/ansi_map/:
ansi_map.asn ansi_map.cnf packet-ansi_map-template.c
/trunk/epan/dissectors/: packet-ansi_map.c packet-ansi_map.h

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=20334

User: etxrab
Date: 2007/01/06 08:51 PM

Log:
 Check in the asn2wrs generated ANSI map dissector.

Directory: /trunk/asn1/ansi_map/
  ChangesPath  Action
  +6 -1  ansi_map.asn  Modified
  +1 -1  ansi_map.cnf  Modified
  +5 -5  packet-ansi_map-template.cModified

Directory: /trunk/epan/dissectors/
  ChangesPath Action
  +13477 -10472 packet-ansi_map.cModified
  +21 -4 packet-ansi_map.hModified

___
Wireshark-commits mailing list
Wireshark-commits@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-commits
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Microsoft Visual C Version 6 support isa bitoutdated ...

[Anders Broman \(AL/EAB\)]

Hi,
Note that the packaging still fails though :(
 
NMAKE : fatal error U1077: '"%ProgramFiles%\nsis\makensis.exe"' : return code 
'0x1'
Stop.

BR
Anders



Från: [EMAIL PROTECTED] genom Ulf Lamping
Skickat: on 2007-01-03 15:41
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Microsoft Visual C Version 6 support isa bitoutdated 
...



 

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Build of some plugins broken

[Anders Broman \(AL/EAB\)]

Hi,
Building of some plugins is currently broken:
ib\gobject-2.0.lib asn1.res
   Creating library asn1.lib and object asn1.exp
packet-asn1.obj : error LNK2001: unresolved external symbol __pctype
packet-asn1.obj : error LNK2001: unresolved external symbol
___mb_cur_max
packet-asn1.obj : error LNK2001: unresolved external symbol _errno
asn1.dll : fatal error LNK1120: 3 unresolved externals
NMAKE : fatal error U1077: 'link' : return code '0x460'

For some reason some plugins builds OK:
all: \
agentx \
artnet \
ciscosm \
custom \
docsis \
enttec \
giop \
gryphon \
h223 \
irda \
lwres \
opsi \
pcli \
profinet \
rlm \
rtnet \
rudp \
sbus \
stats_tree \
v5ua

BR
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] How to dissect bit information

[Anders Broman \(AL/EAB\)]

Hi,
In addittion look at the funktion dissect_gsm_map_ISDN_AddressString() ip 
packet-gsm_map.c
and
 item = get_ber_last_created_item();
 subtree = proto_item_add_subtree(item, ett_gsm_map_isdn_address_string);
 
 proto_tree_add_item(subtree, hf_gsm_map_extension, parameter_tvb, 0,1,FALSE);
 proto_tree_add_item(subtree, hf_gsm_map_nature_of_number, parameter_tvb, 
0,1,FALSE);
 proto_tree_add_item(subtree, hf_gsm_map_number_plan, parameter_tvb, 0,1,FALSE);
 
 digit_str = unpack_digits(parameter_tvb, 1);
 
 proto_tree_add_string(subtree, hf_gsm_map_isdn_address_digits, parameter_tvb, 
1, -1, digit_str);

 
BR
Anders



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman 
(AL/EAB)
Sent: den 18 december 2006 16:54
To: Developer support list for Wireshark
Subject: SV: [Wireshark-dev] How to dissect bit information


Hi,
The value used to mach the value string value is the "masked out" value.
 
So if the value is 0xc0f0 and the mask is 0xc00 the value used to match the 
string would be 3.
BR
Anders



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: må 2006-12-18 08:09
Till: [EMAIL PROTECTED]; [EMAIL PROTECTED]; wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] How to dissect bit information



Hi Anders/ Steve ,

 

This is with regards to the mail posted by vikash "How to dissect bit 
information".

As you have suggested we can get the desired bit/bits by masking the remaining 
bits.But the problem we are facing

is there is a set of values assosiated with each bit / bits.In Wireshark, the 
"value_string" can take values pertaining to the whole octet

and therefore we are not able to understand how to capture the values 
assosiated with bit/bits.

I would really appreciate your help in this matter

 

//Tarani 


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] How to dissect bit information

[Anders Broman \(AL/EAB\)]

Hi,
The value used to mach the value string value is the "masked out" value.
 
So if the value is 0xc0f0 and the mask is 0xc00 the value used to match the 
string would be 3.
BR
Anders



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: må 2006-12-18 08:09
Till: [EMAIL PROTECTED]; [EMAIL PROTECTED]; wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] How to dissect bit information



Hi Anders/ Steve ,

 

This is with regards to the mail posted by vikash "How to dissect bit 
information".

As you have suggested we can get the desired bit/bits by masking the remaining 
bits.But the problem we are facing

is there is a set of values assosiated with each bit / bits.In Wireshark, the 
"value_string" can take values pertaining to the whole octet

and therefore we are not able to understand how to capture the values 
assosiated with bit/bits.

I would really appreciate your help in this matter

 

//Tarani 


The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

www.wipro.com

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] How to dissect bit information??

[Anders Broman \(AL/EAB\)]

Hi,
In value".. VALS(X),   0x0.." the 0x is the bit mask, for Z use 0x0f,
for Y use 0x30.
BR
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 15 december 2006 09:18
To: wireshark-dev@wireshark.org
Cc: [EMAIL PROTECTED]
Subject: [Wireshark-dev] How to dissect bit information??


Hello ,
 
While writing a dissector for my protocol I'm stuck up at a point .
The description of my problem is provided below :
Suppose my packet is like :  
 
__
   | 7 |   6 |   5 |  4
|3|2|1 |   0   | Octet
 

--
   | X |   Y
|Z  |1
 

--
   |   Number of Digits
|2
 

--
   |  digit 2
|digit 1|3
 

-- 
   | ..
| ...
 

--
   |  digit 2n
|  digit 2n-1|n+2
 

- 
 
I'm able to display the "digit" information using "
proto_tree_add_string " function , but I'm not getting how to dissect
octet 1 i.e X , Y and Z.
Reason for my confusion is that  the messages to be displayed depends
upon the values of X , Y and Z . 
Say the messages are as :if X = 0 ; received 0 for X
  X = 1 ; received 1 for X
   if Y = 0 ; received y value
as 0
  Y = 1 ; received y value
as 1
  ... and so on
.
If I use  { &hf_protox_octet1 , {"octet1 indicator",
"protox.octet1",   FT_UINT8,   BASE_DEC,   VALS(X),   0x0,
"", HFILL }} and 
static const value_string X_values[] = {
 { 0, "received 0 for X" },
 { 1, "received 1 for X" },};
it gives the value of entire octet1 and NOT the value of X or Y or Z.
 
Please suggest how I may get the desired dissection .
Could you also explain in detail about the RANGE_STRING and the
statement
length = tvb_length(tvb).
 
Regards ,
Vikash
 
 
 

The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email.

www.wipro.com

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Dificulties in dissecting some packets

[Anders Broman \(AL/EAB\)]

Hi,
In addition it looks like a telecom proto with a BCD coded number so it might 
allready be a dissector
or a routine avalable.
BR
Anders
 



From: [EMAIL PROTECTED] on behalf of Sebastien Tandel
Sent: Wed 12/13/2006 5:30 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dificulties in dissecting some packets



hi,

sorry for the previous mail, I was reading my mail with horde and the
figures did not rendered the format correctly and now I'm seeing it in
Thunderbird and it represents them correctly now ;)

all is documented in the doc/README.developer

case 1) with a structure "value_string"
case 2) if you're using the svn version of wireshark, you're lucky, you
can use the new feature "range_string" else see the following
http://www.wireshark.org/lists/wireshark-dev/200612/msg00039.html
case 3) "true_false_string"


Hope that helps,

Sebastien Tandel



[EMAIL PROTECTED] wrote:
> hi,
>
>   may you format you mail in an other way, please?
>
> Selon [EMAIL PROTECTED]:
>
>  
>> Hi ,
>>
>> I have encountered some problems when dissecting the packets for a
>> protocol.I am mentioning 3 different scenarios
>>
>>
>>
>> 1.
>>
>> In the below case , the octet is split into parts and each part viz x ,
>> y and z take different values.
>>
>> I am not able to understand how to go about it.
>>
>>
>>
>> PARAMETER 1
>>
>>
>> 7
>>
>> 6
>>
>> 5
>>
>> 4
>>
>> 3
>>
>> 2
>>
>> 1
>>
>> 0
>>
>> octet
>>
>> X
>>
>> Y
>>
>> Z
>>
>> 3
>>
>> Number of Digits
>>
>> 4
>>
>> Digit 2
>>
>> Digit 1
>>
>> 5
>>
>> Digit 4
>>
>> Digit 3
>>
>> 6
>>
>> Digit 2n
>>
>> Digit 2n-1
>>
>> n+4
>>
>> SUB PARAMETER X
>>
>> Value
>>
>> Description
>>
>> 0
>> 1
>>
>> aaa
>> bbb
>>
>>
>>
>>   SUB PARAMETER Y
>>
>> Value
>>
>> Description
>>
>> 0
>> 1
>>
>> 2
>>
>> 3
>>
>> A
>> B
>>
>> C
>>
>> D
>>
>>
>>
>>
>>
>> 2.
>>
>> In the parameter mentioned below the value  may come in a range,. How
>> can we dissect such values??
>>
>>
>>
>>
>> PARAMETER 2
>>
>> Value
>>
>> Description
>>
>> 0
>> 1-10
>> 10-255
>>
>> Not used
>> xxx
>> yyy
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 3.
>>
>> In the following parameter, the value of each bit indicates if the
>> assosiated version is currently used or not.
>>
>>
>>
>> Value 0 :  not used
>>
>> Value 1 : used
>>
>>
>> PARAMETER 3
>>
>> Bit7
>>
>> Bit6
>>
>> Bit5
>>
>> Bit4
>>
>> Bit3
>>
>> Bit2
>>
>> Bit1
>>
>> Bit0
>>
>> octet
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Is it possible to include such informations, which depend upon whether a
>> bit is set or not ,  in the dissector .
>>
>>
>>
>> Regards ,
>>
>> Tarani
>>
>>
>>
>>
>> The information contained in this electronic message and any attachments to
>> this message are intended for the exclusive use of the addressee(s) and may
>> contain proprietary, confidential or privileged information. If you are not
>> the intended recipient, you should not disseminate, distribute or copy this
>> e-mail. Please notify the sender immediately and destroy all copies of this
>> message and any attachments.
>>
>> WARNING: Computer viruses can be transmitted via email. The recipient should
>> check this email and any attachments for the presence of viruses. The company
>> accepts no liability for any damage caused by any virus transmitted by this
>> email.
>>
>> www.wipro.com
>>
>
>
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Protocol development

[Anders Broman \(AL/EAB\)]

Hi,
The pacet capture is handled by libpcap or winpcap (or some other tool/program) 
depending on the platform used.
In the case of Ethernet the capture is made by puting the Ethernet car in 
promiscuous mode
which means that all packets on the network segment the card is on will be 
captured.
 
Dissection is based on the protocol layer an Ethernet packet will be handled to 
the Ethernet dissector
which in the case of IP will hand it to the IP dissector which will hand it to 
the UDP dissector in the case of UDP.
On UDP it gets trickier to discover what protocol is used on top of UDP 
basically three metods exists:
- Dissector registered on a particular port.
- Hueristics ( look at the packet data and guess).
- Conversation - A previous (Control packet) packet was dissected which had 
information about which ports and addresses was going to be used for a certain 
protocol.
 
Its done in a similar manner for other protocols.
 
BR
Anders



From: [EMAIL PROTECTED] on behalf of prashanth joshi
Sent: Wed 12/13/2006 4:53 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Protocol development


Hi our requirement is as follows:
The packets are sent from the  application to a particular multicast ip address.
Now we want ethereal to capture these packets from the network.
So as I have observed for the implemnation of a protocol, a dissector has to be 
registered with a port. But I really dont know how they are getting the packets 
capturing at the ip layer. I mean I dont know how ethereal recognizes the ip 
address on which it has to capture the ip packets. Pleaseb any one tell me how 
this can be done. Besos we are supposed to implement our protocol for a 
particular multicast address and a particular udp port.
Regards
Prashanth

[EMAIL PROTECTED] wrote:

Hi,

You can't as you said "register a protocol for an IP address" ... but 
you can
register a plugin which will dissect your protocol.
If you only want the dissection for a particular IP address, wireshark 
allows
you to create a filter (capture or display).

for a plugin implementation in wireshark see the documentation
http://www.wireshark.org/docs/wsdg_html_chunked/

Regards,
Sebastien Tandel

Selon prashanth joshi :

> Hi all,
> We are required to develop a protocol on ethereal. The packets are 
sent to
> a particular ip address and the ethereal is supposed to capture 
packets from
> that ip address. Please any one tell me how to register our protocol 
for that
> ip address.
> Regards,
> Prashanth.
>
>
> -
> Everyone is raving about the all-new Yahoo! Mail beta.


___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev





Need a quick answer? Get one in minutes from people who know. Ask your question 
on Yahoo! Answers 

 .
<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Problems building from recent tarball

[Anders Broman \(AL/EAB\)]

Hi,
The files in the directory  airpdcap/
  is bissing from the source tarball
as well as
/trunk/plugins/h223 moduleinfo.nmake
  and
plugin.rc.in
  

BR
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin

[Anders Broman \(AL/EAB\)]

Hi,
You should try to see in packet-giop.c what happens after the output of:
  ServiceContextList
Sequence Length: 0

My guess is that a sequence length of zero isn't handled properly. I have 
little time to look at this currently...
 
BR
Anders



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: to 2006-12-07 14:56
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin



[EMAIL PROTECTED] wrote on 07/12/2006 12:52:43:

> Hi,
> Perhaps a fault in the GIOP dissector. Can you send the text output of
> the failed decoding?
> BR
> Anders
>

I'm not 100% sure which bit you are after, but the packet
bytes look like :-

Frame 199 (130 bytes on wire, 130 bytes captured)

   00 01 af 15 fd df 00 30 48 12 04 d4 08 00 45 00  ...0H.E.
0010   00 74 11 d2 40 00 80 06 9a e6 0a a5 0b 78 0a a5  [EMAIL PROTECTED]
0020   2d 0a 04 87 04 04 20 52 7c 07 0d a9 71 d6 50 18  -. R|...q.P.
0030   fd bb 8e 33 00 00 47 49 4f 50 01 02 01 00 40 00  [EMAIL PROTECTED]
0040   00 00 ec 00 00 00 03 00 00 00 00 00 00 00 1b 00  
0050   00 00 14 01 0f 00 52 53 54 45 6d a5 36 00 05 98  ..RSTEm.6...
0060   4a 00 00 00 01 00 00 00 01 00 00 00 02 00 0b 00  J...
0070   00 00 67 65 74 52 65 66 54 69 6d 65 00 00 00 00  ..getRefTime
0080   00 00..

And the decode window above shows:-

General Inter-ORB Protocol Request
  Request id: 236
  Response flags: SYNC_WITH_TARGET (3)
  Reserved: 0 0 0
  TargetAddress Discriminant: 0
  KeyAddr (object key length): 27
  KeyAddr (object key): RSTEm.6...J
  Operation length: 11
  Request operation: getRefTime
  ServiceContextList
Sequence Length: 0
[Malformed Packet: Q_QUENTINV3]

If I turn off our Q_QUENTINV3 protocol then the last line is not printed.

Another bit of information that might help. If I set the filter to giop
then the info in the main window looks like :-

Q_QUENTINV3 GIOP 1.2 Request 236: getRefTime[Malformed Packet]

Without the giop filter the "[Malformed Packet]" string is missing

Regards

Andy Ling

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin

[Anders Broman \(AL/EAB\)]

Hi,
Perhaps a fault in the GIOP dissector. Can you send the text output of
the failed decoding?
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: den 7 december 2006 10:53
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Malformed packets in CORBA protocol plugin

I originally posted this to the user list, but it was suggested this is
a better forum.

I am having problems with a CORBA protocol plugin. I have generated the
.c file using :-

omniidl -p c:\wireshark-0.99.3a\tools -b wireshark_be q_quentinv3.idl >
packet-quentinv3.c

and built and installed the .dll without problems.

But when I enable the protocol analyser, any IDL method that doesn't
have any arguments is marked as [Malformed Packet: Q_QUENTINV3] Those
with arguments have the arguments decoded correctly and are not marked
with any error.

If I disable my protocol analyser then no packets show errors.

I'm using version 0.99.3a on Win2K

Thanks for any help

Andy Ling
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] sigcomp - accessing state with a partial state id >6 bytes

[Anders Broman \(AL/EAB\)]

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of cco
Sent: den 28 november 2006 11:56
To: Developer support list for Wireshark
Subject: [Wireshark-dev] sigcomp - accessing state with a partial state
id >6 bytes

>hi!
>
>it seems that wireshark fails to access a previous saved state when the
specified psi is longer than 6 bytes. and yes, >the state was saved at
END-MESSAGE(); at least this is what the debug message reports.
>
>here is the scenario:

>1. sigcomp pkt with bytecode is recv. sucessful decompression,
END-MESSAGE makes a state create request. state is saved >(it seems that
only the first six bytes of the state id are kept; no idea why) 2.
sigcomp packet tries to access prev. >saved state with a partial state
id. partial state id is longer than 6 bytes and wireshark fails. since
one of the 
>peers is able to decompress it I suspect there is a problem in
wireshark.
>
>thanks!
>bye now!
>cristian

Hi,
Wireshark will save the state id with the minimum access length in it's
hash table.
I guess that later when that state of 6 bytes is compareth with a state
of 8 bytes the comparison fails.

I think that ought to be changed to save the full 20 bytes state id and
the minimum access length
And the comparisson should then be made on the actual state id length
used, if greater then minimum length.

I currently have little time to work on this you might want to file a
bugzilla report on this 
preferably with an example trace.
BR
Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Compilation problem, SVN 19973

[Anders Broman \(AL/EAB\)]

Hi,
I guess this checkin broke it:
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19967
So the libwireshark.def:s must be changed accordingly.
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Johansson
Sent: den 24 november 2006 09:44
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Compilation problem, SVN 19973

I am unable to compile Wireshark (Win32) after my latest "svn update" 
due to the following:

libwireshark.def : error LNK2001: unresolved external symbol
proto_can_match_selected libwireshark.def : error LNK2001: unresolved
external symbol proto_construct_dfilter_string libwireshark.lib : fatal
error LNK1120: 2 unresolved externals

Is this due to a major checkin being in progress (hence I should sit
back and wait), or is something broken?

/ Regards, Peter
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] (Script)-Problem building current SVN-revision of Wireshark under WindowsXP

[Anders Broman \(AL/EAB\)]

Hi,
As a workaround it's also possible to do dos2unix on the tools/win32-setup.sh 
file.
BR
Anders



Från: [EMAIL PROTECTED] genom Jaap Keuter
Skickat: on 2006-11-22 17:14
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] (Script)-Problem building current SVN-revision of 
Wireshark under WindowsXP



Hi,

Read back the message threads on Bash. There were/are issues with the
latest releases. A rollback to an older one resolved that.

Thanx,
Jaap

On Wed, 22 Nov 2006, Benjamin Meyer wrote:

> Hello
>
> I would like to build an uptodate version of Wireshark.
> I checked out SVN-Revision 19955 from
> http://anonsvn.wireshark.org/wireshark/trunk to a local directory.
>
> I test the installed tools with "nmake -f Makefile.nmake
> verify_tools" and get the following result:
>
> --- snip ---
>
> C:\WireShark>nmake -f Makefile.nmake verify_tools
>
> Microsoft (R) Program Maintenance Utility   Version 6.00.9782.0
> Copyright (C) Microsoft Corp 1988-1998. All rights reserved.
>
> bash tools\win32-setup.sh --appverify  cl  link  nmake  bash
>bison
>  flexenv grep/usr/bin/find   perlenv python  sed
>unzip
>  wget
> : command not foundh: line 2:
> : command not foundh: line 8:
> : command not foundh: line 11:
> 'ools/win32-setup.sh: line 12: syntax error near unexpected token `{
> 'ools/win32-setup.sh: line 12: `err_exit () {
> NMAKE : fatal error U1077: 'bash' : return code '0x2'
> Stop.
>
> --- snap ---
>
>
>
> The problem is:
> If I download "wireshark-0.99.4.tar" (via Download-page) and do
> "verify_tools" it works just fine and I can build Wireshark without
> any problem.
>
>
>
> --- snip ---
>
> C:\Kram\wireshark-0.99.4>nmake -f Makefile.nmake verify_tools
>
> Microsoft (R) Program Maintenance Utility   Version 6.00.9782.0
> Copyright (C) Microsoft Corp 1988-1998. All rights reserved.
>
> bash tools\win32-setup.sh --appverify  cl  link  nmake  bash
>bison
>  flexenv grep/usr/bin/find   perlenv python  sed
>unzip
>  wget
> Checking for required applications:
> cl: /cygdrive/d/PROGRA~1/MICROS~3/VC98/BIN/cl
> link: /cygdrive/d/PROGRA~1/MICROS~3/VC98/BIN/link
> nmake: /cygdrive/d/PROGRA~1/MICROS~3/VC98/BIN/nmake
> bash: /usr/bin/bash
> bison: /usr/bin/bison
> flex: /usr/bin/flex
> env: /usr/bin/env
> grep: /usr/bin/grep
> /usr/bin/find: /usr/bin/find
> perl: /usr/bin/perl
> env: /usr/bin/env
> python: /usr/bin/python
> sed: /usr/bin/sed
> unzip: /usr/bin/unzip
> wget: /usr/bin/wget
>
> --- snap ---
>
> Any ideas what I can do? I am not familiar with this script-based
> building process.
> In cygwin the following script-versions are installed:
>
> This is perl, v5.8.7 built for cygwin-thread-multi-64int
>
> Python 2.4.3 (#1, May 18 2006, 07:40:45)
> [GCC 3.3.3 (cygwin special)] on cygwin
>
>
> Thank you for hints.
>
> Benjamin Meyer
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] RSVP Dissection

[Anders Broman \(AL/EAB\)]

Hi,
It's the "if (tree) {" statement causing the behaviour, it's there to
speed up dissection so its a trade of to leave it in or remove it.
BR
Anders



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anergy Virt
Sent: den 22 november 2006 13:51
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] RSVP Dissection


Hi

I need some info for my tap for RSVP messages which is not available in
the default structure provided by the dissector. So I extended the
default structure and added my desired fields.
Apparently the dissector does not call the sub dissectors for every
packet but wait till user click on the tree. How can I overcome this
problem because if the sub dissector isn't called, I wont be able to
retrieve my desired info. 

Thanks

an



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] wierd display issue ..

[Anders Broman \(AL/EAB\)]

Hi,
Itr looks like wireshark-setup-0.99.5-SVN-19918.exe is working OK.
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
Sent: den 17 november 2006 08:37
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] wierd display issue ..

Hi,
I did some brief tests yesterday and it looked to me like the installer from 
the buildbot did not contain the same pango *-dll:s as my own build.

I have tried to fix it by temporarily changing the setup script to overwrite 
files when unzipping. I haven't had the time to check the result yet.
BR
Anders

-Ursprungligt meddelande-
Från: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] För LEGO
Skickat: den 17 november 2006 03:38
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] wierd display issue ..

I believe it might have to do with the latest gtk upgrade.

I looked for something similar in gnome's bugzilla I couldn't find anything 
that looked like this (There might be, I just cannot find it they got several 
Kbugs there!). As I cannot even verify it (no windows box for at least one more 
month);  I think it would be unappropriate for me to file a bug like "Some 
users had told us that if this and that then all boxes happen".

As the worst case scenario we might want to back those changes (or go forward 
even more) and have someone (else) seeing what happens.

The fix BTW is tough to verify, as the bug desc says: "Sadly I can do this only 
once per machine" so once tested once it cannot be tested again on the same box!



On 11/17/06, Ulf Lamping <[EMAIL PROTECTED]> wrote:
> LEGO wrote:
> > take a look to 
> > http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1223
> > for a workarround.
> >
> > On 11/17/06, Ravi Kondamuru <[EMAIL PROTECTED]> wrote:
> >
> >> Hi,
> >> I just build the latest revision of wireshark rev: 19915. I am 
> >> seeing a weird display issue. I cant see any text. I am attaching a 
> >> screenshot
to the
> >> email. I am not able to figure out what might have gone wrong. i 
> >> did a distclean and rebuilt the wireshark again. The build is made 
> >> on windows
xp
> >> pro.
> >>
> Any ideas for a fix?
>
> If we get to the next release, we probably don't want to force our 
> release users to downgrade to SVN xxx ;-)
>
> Regards, ULFL
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Glib.h Missing???

[Anders Broman \(AL/EAB\)]

Hi,
Have you downloaded the required libraries by running:
nmake -f makefile.nmake setup ?
If you have built before you may have to do nmake -f makefile.nmake clean_setup 
and nmake -f makefile.nmake setup
to get the latest versions.
BR
Anders



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: on 2006-11-15 11:57
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] Glib.h Missing???



I'm doing something stupid I know... but ... 

I've downloaded the source wireshark-0.99.5-SVN-19892.tar.gz and installed it 
but when I try to build Wireshark I get 
Cannot open include file: 'glib.h': 

I've search the directories and there is no sign of glib.h. 

Thanks 

Trefor 



cd codecs 
NMAKE /   -f Makefile.nmake 

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0 
Copyright (C) Microsoft Corp 1988-1998. All rights reserved. 

cl -DHAVE_CONFIG_H /IC:\wireshark-win32-libs\glib\include\glib-2.0  
/IC: 
\wireshark-win32-libs\glib\lib\glib-2.0\include -D_U_="" /Zi /W3 -Fd.\ -c 
G711u\ 
G711udecode.c -o G711udecode.obj 
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86 
Copyright (C) Microsoft Corp 1984-1998. All rights reserved. 

G711udecode.c 
G711u\G711udecode.c(25) : fatal error C1083: Cannot open include file: 
'glib.h': 
 No such file or directory 
NMAKE : fatal error U1077: 'cl' : return code '0x2' 
Stop. 
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual 
Studio\VC98\bin\N 
MAKE.EXE"' : return code '0x2' 
Stop. 

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Wireshark / Tshark 0.99.4 crashes with Segmentation fault where p rev. version worked

[Anders Broman \(AL/EAB\)]

Hi,
The problem seems to be with dcerpc perghaps you can filter out those frames 
with 0.99.2 and try 0.99.4?
BR
Anders



Från: [EMAIL PROTECTED] genom Jaap Keuter
Skickat: må 2006-11-13 16:55
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Wireshark / Tshark 0.99.4 crashes with Segmentation 
fault where p rev. version worked



Hi,

110MB is certainly a big trace. I guess you have a rough idea at which
part of the capture file the crash occurs. Can your 'editcap' that piece
out of the big capture and check if the problem remains? You could also
cut it in 5 x 22MB pieces, which should easily load into Wireshark one by
one.

Thanx,
Jaap

On Mon, 13 Nov 2006, [iso-8859-1] "Mrz, Frank" wrote:

> Hello Wireshark Community,
>
> I have discovered a problem with causes Wireshark and Tshark to crash with a
> segmentation fault error. This problem is new to the version 0.99.4.  I have
> a tcpdumb which holds mostly GTP data which I would like to open or filter
> with Wireshark or Tshark. When I use the same capture file in 0.99.2 I have
> no problems at all.
>
> I have made a gdb backtrace which I have attached to this email. I can not
> include the capture file due to the size 110MB and due to it holds private
> data.
>
> I would appreciate if somebody could have a look at this please. Sorry I do
> not understand this output myself.
>
> Best Regards,
>
> Frank
>
> (gdb)
> Continuing.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0,
> length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at
> tvbuff.c:389
> 389 if (!compute_offset_length(tvb, offset, length, offset_ptr,
> length_ptr, exception)) {
> (gdb)
>
>
> (gdb) backtrace
> #0  0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0,
> length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at
> tvbuff.c:389
> #1  0x00f099f0 in ensure_contiguous_no_exception (tvb=0x8f0e9a0,
> offset=Variable "offset" is not available.
> ) at tvbuff.c:824
> #2  0x00f0a990 in tvb_memeql (tvb=0x8f0e9a0, offset=0, str=0x1512474 "",
> size=4) at tvbuff.c:1696
> #3  0x01042f82 in dissect_dcerpc_cn (tvb=0x8f0e9a0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, can_desegment=1, pkt_len=0xbf40029c) at
> packet-dcerpc.c:3809
> #4  0x01044e3e in dissect_dcerpc_cn_bs_body (tvb=0x8f0e9a0, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-dcerpc.c:4104
> #5  0x00ee850c in dissector_try_heuristic (sub_dissectors=0x887c5c8,
> tvb=0x8f0e9a0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1532
> #6  0x0722 in dissect_http_message (tvb=0x8f0e96c, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1112
> #7  0x01112002 in dissect_http (tvb=0x8f0e96c, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #8  0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #9  0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e96c,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #10 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #11 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e938, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #12 0x012e7c7c in process_tcp_payload (tvb=0x8f0e938, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
> nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #13 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e938, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
> tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #14 0x0f38 in dissect_http_message (tvb=0x8f0e904, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #15 0x01112002 in dissect_http (tvb=0x8f0e904, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #16 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #17 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e904,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #18 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #19 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e8d0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #20 0x012e7c7c in process_tcp_payload (tvb=0x8f0e8d0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
> nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #21 0x012e83c5 in dissect_tcp_payl

Re: [Wireshark-dev] creating a NBAP dissector with a different versionof the NBAP ASN.1 definition - asn2wrs questions

[Anders Broman \(AL/EAB\)]

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Peylo
Sent: den 6 november 2006 14:03
To: Wireshark-dev@wireshark.org
Subject: [Wireshark-dev] creating a NBAP dissector with a different
versionof the NBAP ASN.1 definition - asn2wrs questions

>
>- what Version of the NBAP standard was used to create
asn/nbap/nbap.asn?

From the template file "3GPP TS 25.433 version 6.6.0 Release 6"

>- the not preprocessed nbap.asn is just what can be found in an
>TS25.433 document by ETSI? There are 6 parts and they are "just"
>concatenated?

Yes, or rather from 3gpp.org.

>- is it possible to express a more or less simple algorithm what to
comment out? If possible I'd like to write a perl 
>script that automatically preprocesses the ASN file. If that succeeds
I'd like to have it added to asn/nbap/.

The file was edited by hand :-( 
A possible solution could be to make a diff files between the
incompatible versions to find the incompatable
Asn1 parts then insert that asn1 code with a different name
Like:
Foo_v1::= foo_v1

Then insert a preference: Decode NBAP as V1,V2 etc
And do the necessary changes in the .cnf and ..-template.c to call the
different functions depending on the version.

Do you have an example of some differences and a trace file to
illustrate it with?

BR
Anders

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Problem due to segmentation of GTP packet.....

[Anders Broman \(AL/EAB\)]

Hi,
You 
have to insert TCP reassembly into the dissector by using tcp_dissect_pdus(), 
have a look in packed-diameter.c how it can be done.
There 
is alo a section in the manual about this.
 
BR
Anders
P.S
Example code:
 
static 
guintget_diameter_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int 
offset){  /* Get the length of the Diameter packet. */  
return tvb_get_ntoh24(tvb, offset + 1);}
:
static 
voiddissect_diameter_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree 
*tree){  tcp_dissect_pdus(tvb, pinfo, tree, gbl_diameter_desegment, 
4, get_diameter_pdu_len, dissect_diameter_common);} /* 
dissect_diameter_tcp */
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of prashanth 
joshiSent: den 6 november 2006 14:06To: Developer support 
list for WiresharkSubject: Re: [Wireshark-dev] Problem due to 
segmentation of GTP packet.

Hi,  one correction. It is not 5 CDR's in our GTP packet, but only cdr 
and within that there are 5 service records. 4 service records are 
displayed and the fifth service record is not displayed due to segmentation done 
by TCP.
Regards,
Prashanth.prashanth joshi 
<[EMAIL PROTECTED]> wrote:

  Hi all,
  Please any one solve my problem. Every body here are struggling to solve 
  it, but no body is getting the solution.
  Regards,
  Prashanth.
  
 
Our trace file contains 5 GCDR 's  within the same GTP 
packet.
The first four CDR's are correctly parsed. How ever the 
fifth is not at all displayed. It was observed that the tcp segmentation 
occured after the fourth cdr.
As a result the fifth CDR even though it is present in the 
data stream is not at all parsed by the ethereal.
It seems as TCP fragments are reassembled only at the 
destimation and ethereal sniffs packets off the wire even before the packets 
reach the destination ( ie within the n/w and not at the destination ) only 
the 4 cdr's are displayed. And the fifth cdr when it arrives in the stream 
much later is not recognized by the ethereal becos it can recognize the cdr 
only if there is gtp header attached to it.
The gtp header had arrived with the first four cdrs'. So 
ethereal does not recognize the fifth cdr as there is no gtp header with 
it.
So how to solve this problem...
Regards,
Prashanth

  
  
  Everyone is raving about the 
  all-new Yahoo! 
  Mail.___Wireshark-dev 
  mailing 
  listWireshark-dev@wireshark.orghttp://www.wireshark.org/mailman/listinfo/wireshark-dev


Want to start your own business? Learn how on Yahoo! 
Small Business.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] Buildin from tarball fails...

[Anders Broman \(AL/EAB\)]

Title: Buildin from tarball fails...






Hi

Wiresharkdoc.ico is missing from EXTRA_DIST = \  in top makefile.am

Could some one check in a fix?


BR

Anders



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Where do I get gmodule.h fordissectordevelopment

[Anders Broman \(AL/EAB\)]

Hi,
To develop on Windows you don't only need wireshark sources you'll also
need all the support libraries
(see the manual) run 
make -f makefile.nmake setup
To obtain them.
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Trybis
Sent: den 6 november 2006 13:37
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Where do I get gmodule.h
fordissectordevelopment

I think I am following the manual.
I used SVN to get the 00.99.4 sources but these do not contain gmodule.h

Have you any idea where gmodule.h is normally?
There have been other posts about people having difficulty compiling
dissectors because this file is missing, but I have not seen how they
resolved their problem.

Thanks
RT

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter
Sent: 06 November 2006 11:26
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Where do I get gmodule.h for
dissectordevelopment

Hi,

Please consult the Wireshark Developer Manual for all steps needed to
setup your (plugin) development environment. You can find it in the
documentation and developer section of the Wireshark website.

Currently there is no way to setup a plugin development environment
only.
This is due to that fact that the plugin API isn't stable yet, hence all
plugins must be build and used within the same context as the version of
Wireshark you intend to use.

Thanx,
Jaap

On Mon, 6 Nov 2006, Robert Trybis wrote:

> Hello,
>
> I want to write a dissector and I am trying to work through the
example
> "packet-foo" from the documentation.
>
> I downloaded the Windows binary distribution for WireShark 00.99.4 ,
as
> I only want to write a plugin and don't wish to build the entire 
> program.
>
> The install worked perfectly and I can capture packets on the network.
>
> However the "packet-foo" example requires include files that don't
come
> with the binary distribution e.g.
>
> #ifdef HAVE_CONFIG_H
> # include "config.h"
> #endif
>
> #include 
> #include 
> #include 
>
> I then used SVN to checkout release 00.99.4 of the source, to match
the
> binary I had obtained previously.
>
> This seems to contain packet.h and prefs.h but not gmodule.h
>
> Can anybody tell me where I can get gmodule.h ?
>
> Also there is a file config.h.win32 which I presume I should use as 
> config.h can somebody confirm this.
>
> Thanks
>

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] 0.99.4 packaging fails on Windows

[Anders Broman \(AL/EAB\)]

Hi,
The src package is built on unix. Updating the epan/wslua/Makefile.am will
Make the unix build include this files in the src package.

If you build from a a SVN checkout there isn't a problem in the first place.
/Anders  

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maynard, Chris
Sent: den 3 november 2006 14:21
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] 0.99.4 packaging fails on Windows

The link you sent for revision 19764 only lists one file that was changed, 
namely epan/wslua/Makefile.am.  This file is only used by automake, isn't it, 
which isn't used in a Windows build environment, so I don't think this will 
help.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
Sent: Friday, November 03, 2006 2:42 AM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] 0.99.4 packaging fails on Windows

Hi,
An attempt to fix it was checked in in rev 19764
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19764
I have not had the time to test it though.
/Anders 

-Ursprungligt meddelande-
Från: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] För Maynard, Chris
Skickat: den 3 november 2006 01:11
Till: Developer support list for Wireshark
Ämne: [Wireshark-dev] 0.99.4 packaging fails on Windows

I successfully compiled Wireshark 0.99.4 on a Win32 platform, but when I ran 
"nmake -f Makefile.nmake packaging", it failed as follows:


.
File: "libtasn1-3.dll" 538493 bytes
File: "lua5.1.dll" 114688 bytes
File: "init.lua" 5611 bytes
File: "..\..\epan\wslua\console.lua" -> no files found.
Usage: File [/nonfatal] [/a] ([/r] [/x filespec [...]] filespec [...] |
   /oname=outfile one_file_only)
Error in script "wireshark.nsi" on line 335 -- aborting creation process NMAKE 
: fatal error U1077: '"C:/program files/nsis/makensis.exe"' :
return code
'0x1'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio\VC98\Bin\ 
MAKE.EXE"' : return code '0x2'
Stop.

C:\wireshark-0.99.4>


It seems that the wireshark.nsi file includes these 2 lines [335-336], but 
neither file is present in the epan\wslua\ directory:

File "..\..\epan\wslua\console.lua"
File "..\..\epan\wslua\dtd_gen.lua"

Did "nmake -f Makefile.nmake" truly succeed and these 2 lines should simply be 
removed from the wireshark.nsi file, or should these 2 files actually be there 
and something went wrong during compilation, or something else?  I commented 
out the 2 lines and the installer seemed to build and install OK, but I guess I 
just wanted to make sure nothing is missing, such as the 
..\epan\wslua\template-init.lua file, for example.

Thanks in advance,
Chris Maynard



-
This email may contain confidential and privileged material for the sole use of 
the intended recipient(s). Any review, use, retention, distribution or 
disclosure by others is strictly prohibited. If you are not the intended 
recipient (or authorized to receive for the recipient), please contact the 
sender by reply email and delete all copies of this message. Also, email is 
susceptible to data corruption, interception, tampering, unauthorized amendment 
and viruses. We only send and receive emails on the basis that we are not 
liable for any such corruption, interception, tampering, amendment or viruses 
or any consequence thereof.

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] OMG Still it doesn't compile!

[Anders Broman \(AL/EAB\)]

Hi,
Downloading net-snmp-5.3.1.zip from:
http://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/ and unzipping 
it I have
the C:\wireshark-win32-libs\net-snmp-5.3.1\win32\lib\release\ netsnmp.lib ??
Brg
Anders




Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: on 2006-11-01 09:49
Till: wireshark-dev@wireshark.org
Ämne: Re: [Wireshark-dev] OMG Still it doesn't compile!



Nope, no joy doing that either, still the same problem with the netsnmp.lib 
file.

Apart from the ftp on wireshark where else can I get a copy of net-snmp-5.3.1?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman
Sent: 31 October 2006 22:15
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] OMG Still it doesn't compile!

Hi,
Thats realy weird. Have you tried to do:

Nmake -f makefile.nmake clean_setup
Nmake -f makefile.nmake setup

Then check:
C:\wireshark-win32-libs\net-snmp-5.3.1\win32\lib\release\
For netsnmp.lib

It's there on my system...

BR
Anders

-Ursprungligt meddelande-
Från: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] För [EMAIL PROTECTED]
Skickat: den 31 oktober 2006 14:48
Till: wireshark-dev@wireshark.org
Ämne: Re: [Wireshark-dev] OMG Still it doesn't compile!

Ok I've started over. This post is a little long, but it shows where I'm at, 
hopefully it'll give you guys an idea as to what I'm not doing or whats 
wrong

All this is from the win32 command line.

Run vcvar32.bat
Nmake -f makefile.nmake distclean
Nmake -f makefile.nmake verify_tools
Nmake -f makefile.nmake setup
Nmake -f makefile.nmake all

And there's a whole load of compiling that goes on forever and a day, I get 
some compiler warnings (unreferenced locals, things like that), some fatal 
errors relating to winposixtype.h and netsnmp.h but still it keeps going!

To get past all that I need to move some files locally and then it compiles up 
to:

LINK : fatal error LNK1181: cannot open input file 
"C:\wireshark-win32-libs\net-snmp-5.3.1\win32\lib\release\netsnmp.lib"
NMAKE : fatal error U1077: 'C:\PROGRA~1\MICROS~3\VC98\BIN\link.exe' :
return code '0x49d'
Stop.
NMAKE : fatal error U1077: 'C:\PROGRA~1\MICROS~3\VC98\BIN\NMAKE.EXE' :
return code '0x2'
Stop.

Now I don't have  netsnmp.lib, I do have netsnmpagent.lib, which I rename and 
move locally which solves the immediate problem, but may cause yet to be 
discovered problems later! At that point I have another error relating to 
lua5.1 which I solve by renaming the vc6 directory to 'dll'.

BUT...

After this point I now get:

Creating library libwireshark.lib and object libwireshark.exp
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_sprint_realloc_objid
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_sprint_realloc_value
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_netsnmp_ds_set_int
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_netsnmp_ds_set_boolean
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_read_configs
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_init_mib
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_read_premib_configs
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_register_mib_handlers
dissectors.lib(packet-snmp.obj) : error LNK2001: unresolved external symbol 
_shutdown_mib
dissectors.lib(packet-cops.obj) : error LNK2001: unresolved external symbol 
_sprint_realloc_by_type
dissectors.lib(packet-cops.obj) : error LNK2001: unresolved external symbol 
_mib_to_asn_type
dissectors.lib(packet-cops.obj) : error LNK2001: unresolved external symbol 
_get_tree
dissectors.lib(packet-cops.obj) : error LNK2001: unresolved external symbol 
_tree_head
lua5.1.lib(lauxlib.obj) : error LNK2001: unresolved external symbol _errno
lua5.1.lib(loslib.obj) : error LNK2001: unresolved external symbol _errno
lua5.1.lib(liolib.obj) : error LNK2001: unresolved external symbol _errno
lua5.1.lib(lobject.obj) : error LNK2001: unresolved external symbol __pctype
lua5.1.lib(llex.obj) : error LNK2001: unresolved external symbol __pctype
lua5.1.lib(lstrlib.obj) : error LNK2001: unresolved external symbol __pctype
lua5.1.lib(lbaselib.obj) : error LNK2001: unresolved external symbol __pctype
lua5.1.lib(lobject.obj) : error LNK2001: unresolved external symbol 
___mb_cur_max
lua5.1.lib(llex.obj) : error LNK2001: unresolved external symbol ___mb_cur_max
lua5.1.lib(lstrlib.obj) : error LNK2001: unresolved external symbol 
___mb_cur_max
lua5.1.lib(lbaselib.obj) : error LNK2001: unresolved external symbol 
___mb_cur_max
lua5.1.lib(lmathlib.obj) : error LNK2001: unresolved external symbol __HUGE 
libwireshark.dll : fatal error LNK1120: 17 unresolved externals NMAKE : fatal 
error U1077: 'C:\PROGRA~1\MICROS~3\VC98\BIN\link.exe' :
return code '0x460'
Stop.
NMA

Re: [Wireshark-dev] [Wireshark-commits] rev 19695: /trunk/ /trunk/tools/: win32-setup.sh /trunk/: Makefile.nmake config.nmake

[Anders Broman \(AL/EAB\)]

Hi,
I've built it and started it up :-)

Brg
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf Lamping
Sent: den 26 oktober 2006 09:42
To: wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 19695: /trunk/
/trunk/tools/: win32-setup.sh /trunk/: Makefile.nmake config.nmake

[EMAIL PROTECTED] wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19695
>
> User: etxrab
> Date: 2006/10/26 07:25 AM
>
> Log:
>  Preparations for using the latest GTK 2.8 files for now only gettext
is updated.
>
> Directory: /trunk/tools/
>   ChangesPath  Action
>   +1 -1  win32-setup.shModified
>
> Directory: /trunk/
>   ChangesPath  Action
>   +13 -8 Makefile.nmakeModified
>   +7 -4  config.nmake  Modified
>
>   
Any experiences with GTK2.8 on Windows so far?

Regards, ULFL
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] nmake U1077 errors

[Anders Broman \(AL/EAB\)]

Hi,
Sorry 
my bad, the lines to remove are:
 cd 
asn1    
-- As this dir does not exist $(MAKE) /$(MAKEFLAGS) -f Makefile.nmake 
clean    -- That would have been run in ../asn1 cd 
..    
-- step up one level from asn1
 
Or 
use a tarball from http://wireshark.org/download/automated/src/
 
Brg
Anders 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: den 24 oktober 2006 
15:59To: wireshark-dev@wireshark.orgSubject: Re: 
[Wireshark-dev] nmake U1077 errors

Ok so now I have the same error for wiretap, the one right 
under asn1.
 
Doh!


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman 
(AL/EAB)Sent: 24 October 2006 10:47To: Developer support 
list for WiresharkSubject: SV: [Wireshark-dev] nmake U1077 
errors


Hi,
From memorry :-)
The lines were
cd asn1
nmake...
The nmake line should be removed as 
well...
BR
Anders
 


Från: [EMAIL PROTECTED] genom 
[EMAIL PROTECTED]Skickat: ti 2006-10-24 
11:42Till: wireshark-dev@wireshark.orgÄmne: Re: 
[Wireshark-dev] nmake U1077 errors

I removed that line, but instead I get this 
error:
 
NMAKE : fatal error U1052: file 'Makefile.nmake' not 
foundStop.NMAKE : fatal error U1077: '"C:\PROGRA~1\Microsoft Visual 
Studio\VC98\Bin\NMAKE.EXE"' : return code '0x2'Stop.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman 
(AL/EAB)Sent: 24 October 2006 10:21To: Developer support 
list for WiresharkSubject: SV: [Wireshark-dev] nmake U1077 
errors


Hi,
The first problem is due to the asn1 
libraries missing from the source you downloaded.
It's fixed in later versions. Either 
download a source tarball from the buildbot directory
or remove that line from the distclean 
target in the nmake file.
 
The seciond problem is due to an "error" in 
Cygwin bash, download an older version.
 
Brg
Anders 


Från: [EMAIL PROTECTED] genom 
[EMAIL PROTECTED]Skickat: ti 2006-10-24 
11:19Till: wireshark-dev@wireshark.orgÄmne: 
[Wireshark-dev] nmake U1077 errors

I'm attepting to 
write a decoder, well I would if I could get wireshark to 
compile!
 
I'm on a win2k box 
and I'm getting the following error when I run nmake -f makefile.nmake 
distclean:
 
cd asn1NMAKE : fatal error U1077: 'cd' : return 
code '0x1'Stop.
 
I also get the 
following error when I attempt verify_tools and setup:
 
: command not 
foundh: line 2:: command not foundh: line 4:'ools/win32-setup.sh: line 
5: syntax error near unexpected token `{'ools/win32-setup.sh: line 5: 
`err_exit () {NMAKE : fatal error U1077: 'bash' : return code 
'0x2'Stop.
 
Any help would be 
appreciated.
 
 



This email and any files attached are intended for the addressee and may contain 
information of a confidential nature. If you are not the intended recipient, be 
aware that this email was sent to you in error and you should not disclose, 
distribute, print, copy or make other use of this email or its attachments. Such 
actions, in fact, may be unlawful. In compliance with the various Regulations 
and Acts, General Dynamics UK Limited reserves the right to monitor (and examine 
for viruses) all emails and email attachments, both inbound and outbound. Email 
communications and their attachments may not be secure or error- or virus-free 
and the company does not accept liability or responsibility for such matters or 
the consequences thereof. Registered Office: 100 New Bridge Street, London EC4V 
6JA. Registered in England and Wales No: 1911653. 




This email and any files attached are intended for the addressee and may contain 
information of a confidential nature. If you are not the intended recipient, be 
aware that this email was sent to you in error and you should not disclose, 
distribute, print, copy or make other use of this email or its attachments. Such 
actions, in fact, may be unlawful. In compliance with the various Regulations 
and Acts, General Dynamics UK Limited reserves the right to monitor (and examine 
for viruses) all emails and email attachments, both inbound and outbound. Email 
communications and their attachments may not be secure or error- or virus-free 
and the company does not accept liability or responsibility for such matters or 
the consequences thereof. Registered Office: 100 New Bridge Street, London EC4V 
6JA. Registered in England and Wales No: 1911653. 




This email and any files attached are intended for the addressee and may contain 
information of a confidential nature. If you are not the intended recipient, be 
aware that this email was sent to you in error and you should not disclose, 
distribute, print, copy or make other use of this email or its attachments. Such 
actions, in fact, may be unlawful. In compliance with the various Regulations 
and Acts, Gen

Re: [Wireshark-dev] nmake U1077 errors

[Anders Broman \(AL/EAB\)]

Hi,
>From memorry :-)
The lines were
cd asn1
nmake...
The nmake line should be removed as well...
BR
Anders
 



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: ti 2006-10-24 11:42
Till: wireshark-dev@wireshark.org
Ämne: Re: [Wireshark-dev] nmake U1077 errors


I removed that line, but instead I get this error:
 
NMAKE : fatal error U1052: file 'Makefile.nmake' not found
Stop.
NMAKE : fatal error U1077: '"C:\PROGRA~1\Microsoft Visual 
Studio\VC98\Bin\NMAKE.EXE"' : return code '0x2'
Stop.



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders Broman 
(AL/EAB)
Sent: 24 October 2006 10:21
To: Developer support list for Wireshark
Subject: SV: [Wireshark-dev] nmake U1077 errors


Hi,
The first problem is due to the asn1 libraries missing from the source you 
downloaded.
It's fixed in later versions. Either download a source tarball from the 
buildbot directory
or remove that line from the distclean target in the nmake file.
 
The seciond problem is due to an "error" in Cygwin bash, download an older 
version.
 
Brg
Anders 



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: ti 2006-10-24 11:19
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] nmake U1077 errors


I'm attepting to write a decoder, well I would if I could get wireshark to 
compile!
 
I'm on a win2k box and I'm getting the following error when I run nmake -f 
makefile.nmake distclean:
 
cd asn1
NMAKE : fatal error U1077: 'cd' : return code '0x1'
Stop.
 
I also get the following error when I attempt verify_tools and setup:
 
: command not foundh: line 2:
: command not foundh: line 4:
'ools/win32-setup.sh: line 5: syntax error near unexpected token `{
'ools/win32-setup.sh: line 5: `err_exit () {
NMAKE : fatal error U1077: 'bash' : return code '0x2'
Stop.
 
Any help would be appreciated.
 
 



This email and any files attached are intended for the addressee and may 
contain information of a confidential nature. If you are not the intended 
recipient, be aware that this email was sent to you in error and you should not 
disclose, distribute, print, copy or make other use of this email or its 
attachments. Such actions, in fact, may be unlawful. In compliance with the 
various Regulations and Acts, General Dynamics UK Limited reserves the right to 
monitor (and examine for viruses) all emails and email attachments, both 
inbound and outbound. Email communications and their attachments may not be 
secure or error- or virus-free and the company does not accept liability or 
responsibility for such matters or the consequences thereof. Registered Office: 
100 New Bridge Street, London EC4V 6JA. Registered in England and Wales No: 
1911653. 



This email and any files attached are intended for the addressee and may 
contain information of a confidential nature. If you are not the intended 
recipient, be aware that this email was sent to you in error and you should not 
disclose, distribute, print, copy or make other use of this email or its 
attachments. Such actions, in fact, may be unlawful. In compliance with the 
various Regulations and Acts, General Dynamics UK Limited reserves the right to 
monitor (and examine for viruses) all emails and email attachments, both 
inbound and outbound. Email communications and their attachments may not be 
secure or error- or virus-free and the company does not accept liability or 
responsibility for such matters or the consequences thereof. Registered Office: 
100 New Bridge Street, London EC4V 6JA. Registered in England and Wales No: 
1911653. 

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] nmake U1077 errors

[Anders Broman \(AL/EAB\)]

Hi,
The first problem is due to the asn1 libraries missing from the source you 
downloaded.
It's fixed in later versions. Either download a source tarball from the 
buildbot directory
or remove that line from the distclean target in the nmake file.
 
The seciond problem is due to an "error" in Cygwin bash, download an older 
version.
 
Brg
Anders 



Från: [EMAIL PROTECTED] genom [EMAIL PROTECTED]
Skickat: ti 2006-10-24 11:19
Till: wireshark-dev@wireshark.org
Ämne: [Wireshark-dev] nmake U1077 errors


I'm attepting to write a decoder, well I would if I could get wireshark to 
compile!
 
I'm on a win2k box and I'm getting the following error when I run nmake -f 
makefile.nmake distclean:
 
cd asn1
NMAKE : fatal error U1077: 'cd' : return code '0x1'
Stop.
 
I also get the following error when I attempt verify_tools and setup:
 
: command not foundh: line 2:
: command not foundh: line 4:
'ools/win32-setup.sh: line 5: syntax error near unexpected token `{
'ools/win32-setup.sh: line 5: `err_exit () {
NMAKE : fatal error U1077: 'bash' : return code '0x2'
Stop.
 
Any help would be appreciated.
 
 



This email and any files attached are intended for the addressee and may 
contain information of a confidential nature. If you are not the intended 
recipient, be aware that this email was sent to you in error and you should not 
disclose, distribute, print, copy or make other use of this email or its 
attachments. Such actions, in fact, may be unlawful. In compliance with the 
various Regulations and Acts, General Dynamics UK Limited reserves the right to 
monitor (and examine for viruses) all emails and email attachments, both 
inbound and outbound. Email communications and their attachments may not be 
secure or error- or virus-free and the company does not accept liability or 
responsibility for such matters or the consequences thereof. Registered Office: 
100 New Bridge Street, London EC4V 6JA. Registered in England and Wales No: 
1911653. 

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

[Wireshark-dev] GTK+ 2.8/Glib for Windows?

[Anders Broman \(AL/EAB\)]

Title: GTK+ 2.8/Glib for Windows?






Hi,

Is it time to use GTK+ 2.8 for Windows? We have droped Win98 support anyway.


Brg

Anders



___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] RTP-MIDI

[Anders Broman \(AL/EAB\)]

Hi,
Couldn't the get_short_manu/get_long_manu constructs be replaced by
A const value_string 
static const value_string foo_vals[] = {
  {   1, "Sequential Circuits" },
:
  { 0, NULL }
};

and a
proto_tree_add_item()or roto_tree_add_uint()
And a hf var 
Of
{ &hf_foo,
  { "Manufacturer", "rtpmidi.Manufacturer",
FT_UINT32, BASE_DEC, VALS(foo_vals), 0,
"Manufacturer", HFILL }},
  
BR
Anders

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Erichsen
Sent: den 10 oktober 2006 10:36
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] RTP-MIDI

Hi again,

I have done the changes I described earlier.  Attached in the archive you find 
the newest source-code version of the RTP-MIDI dissector- plugin...

I would appreciate it much, if someone could check whether this compiles & 
works on Linux as well...

Best regards,
Tobias

> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von Anders 
> Broman
> Gesendet: Dienstag, 10. Oktober 2006 07:16
> An: Developer support list for Wireshark
> Betreff: Re: [Wireshark-dev] RTP-MIDI
> 
> Hi,
> At a quick glance you need to change the C++ style comments // To /* 
> */ as all compilers do not like them.
> Best regards
> Anders
> 
> -Ursprungligt meddelande-
> Från: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] För Tobias Erichsen
> Skickat: den 8 oktober 2006 19:55
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] RTP-MIDI
> 
> Well - here we go...
> 
> Attached you will find two files:
> 
> rtpmidi.zip -> the source of the rtp-midi plugin capture.zip
> -> an archive which contains two captures of rtp-midi-data
> 
> The specification that is the basis for this dissector is:
> http://www.cs.berkeley.edu/~lazzaro/sa/pubs/txt/current-rtp-midi.txt
> 
> The code compiles under Windows (cygwin & vs 6), I have not tried 
> compiling it with linux, so anyone who wants to give it a try, please 
> do so.
> 
> Additionally, I guess that the things I have done in the dissector 
> could probably optimized. I have just used calls that I got a glimpse 
> of within some of the other dissectors (rtp & rtp-events, rudp).
> So comments on how to improve the code are highly welcome ;-)
> 
> Best regards,
> Tobias
>  
> 
> > -Ursprüngliche Nachricht-
> > Von: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Im Auftrag von Tobias 
> > Erichsen
> > Gesendet: Freitag, 6. Oktober 2006 07:48
> > An: Developer support list for Wireshark
> > Betreff: Re: [Wireshark-dev] RTP-MIDI [heur]
> > 
> > I will do some final code-cleaning over the next couple of days, do 
> > some more testing and will post the code here some time during the 
> > weekend...
> > 
> > Tobias
> >  
> > 
> > > -Ursprüngliche Nachricht-
> > > Von: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] Im Auftrag von
> > Erwin Rol
> > > Gesendet: Donnerstag, 5. Oktober 2006 23:21
> > > An: Developer support list for Wireshark
> > > Betreff: Re: [Wireshark-dev] RTP-MIDI
> > > 
> > > On Thu, 2006-10-05 at 23:15 +0200, Tobias Erichsen wrote:
> > > > The problem is that RTP-MIDI does some "tweaking" to the
> > MIDI-data.
> > > > For example: System-Exclusive-data can be segmented
> into multiple
> > > > RTP-frames by ending a segment with a Status-Byte that
> > > would normally not be there.
> > > > Another thing is the fact that Realtime-Status-Bytes (just
> > > one octet
> > > > long) can be at any position in a "normal" midi-stream, but in 
> > > > RTP-MIDI they always "stand alone"...
> > > 
> > > But they still share a lot of "code", like all the command 
> > > descriptions etc.  Maybe the RTP-MIDI dissector can just be
> > extended
> > > to also do normal MIDI (one MIDI message per packet kind).
> > > 
> > > But anyway i hope your dissector is added soon, good work :-)
> > > 
> > > - Erwin
> > > 
> > > 
> > > ___
> > > Wireshark-dev mailing list
> > > Wireshark-dev@wireshark.org
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > > 
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > 
> 
> 
> ___
> Wireshark-dev mailing list
> Wireshark-dev@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] New dissector for Enea's LINX protocol

[Anders Broman \(AL/EAB\)]

Hi,
Chose the one you like :) it can always be changed later.
BR
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Peylo
Sent: den 9 oktober 2006 09:35
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] New dissector for Enea's LINX protocol

Hi,

I was just starting to add LINX to the wiki but I'm not able to classify
it. It should be in the same category as TIPC but there's no entry for
that.

I would add something like ClusterProtocolFamily or
InterProcessCommunicationProtocolFamily - what do you think?

Regards,
Martin


On 10/6/06, Martin Peylo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm busy with other tasks right now but I'll add the protocol to the 
> Wiki and upload sample captures within the next days!
>
> Regards,
> Martin
>
>
>
> On 10/5/06, Jaap Keuter <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Now that we've added your dissector to the repository could you 
> > write up a protocol page in the Wiki? Oh, the sample capture goes 
> > onto SampleCaptures of course.
> >
> > Thanx,
> > Jaap
> >
> > On Wed, 4 Oct 2006, Martin Peylo wrote:
> >
> > > Hi,
> > >
> > > could anybody please check the attached dissector for Enea's LINX
> > protocol?
> > >
> > > A protocol spec is available at
> > > . The source

> > > of the kernel module could be obtained from Enea by sending a 
> > > request to "linx at enea dot com".
> > >
> > > Currently they use ethertype 0x which is not registered at 
> > > IEEE. I was told they requested one - what should to be done about
that?
> > >
> > > Please come back to me with any remarks!
> > >
> > > Regards,
> > > Martin
> > >
> >
> > ___
> > Wireshark-dev mailing list
> > Wireshark-dev@wireshark.org
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] problems with fragmented reassembly on tcp

[Anders Broman \(AL/EAB\)]

Hi,
Lets assume tcp_dissect_pdus() works as expected (if not that's a
separate issue).

If you look at the code in the diameter dissector:
static guint
get_diameter_pdu_len(tvbuff_t *tvb, int offset)
{
  /* Get the length of the Diameter packet. */
  return tvb_get_ntoh24(tvb, offset + 1);
}

static int
dissect_diameter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
  if (!check_diameter(tvb))
return 0;
  dissect_diameter_common(tvb, pinfo, tree);
  return tvb_length(tvb);
}

static void
dissect_diameter_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*tree)
{
  tcp_dissect_pdus(tvb, pinfo, tree, gbl_diameter_desegment, 4,
get_diameter_pdu_len, dissect_diameter_common);
} /* dissect_diameter_tcp */

Your corresponding code would be something like:
 
tcp_dissect_pdus(tvb, pinfo, tree, gbl_diameter_desegment, 6 + "length
of length parameter",...
get_diameter_pdu_len Should fetch the length parameter
check_diameter() Should check for the "55's" 

The Fifth parameter to tcp_dissect_pdus()(4 in the example) is the
minimum length required to determine the full length of the PDU.
Which in this case is the number of bytes required to get and including
the length parameter. 
Best regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Still Life
Sent: den 5 oktober 2006 09:40
Cc: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] problems with fragmented reassembly on tcp

Kristof Provost wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160
> 
> I suspect it will be easier if you use the tcp_dissect_pdus()
function.
> If you can determine the message length without reading the entire 
> message (you can) that's the recommended approach.

I can determine the *message* length only when i have already the
complete header.
Immagine if I capture a multiple message packet and immagine it is
fragmented in a point after the end of the ultimate complete message and
before the mesageLenght field of the broken message:

  |<-myMsg--->|
...|-+--- -++++--||---+
...|tcpHeader|555 5||mesageLenght|messgeId|details|
...|-+--- -++++--||---+
  ^Fragmentation

I can't understand how much byte I have to take to complete the PDU.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Not possible to run wireshark from root dev dir on Windows

[Anders Broman \(AL/EAB\)]

 
Ulf Lamping wrote:
> Peter Johansson wrote:
>   
>> I have recently noticed that wireshark.exe and wireshark-gtk2.exe no 
>> longer can be run from the root development directory on Windows because 
>> a set of dlls files no longer gets copied there by the build target 
>> install-deps ("nmake -f makefile.nmake install-deps"). For example 
>> wiretap-0.3.dll, libwireshark.dll, adns_dll.dll, libgnutls-14.dll, 
>> libgcrypt-11.dll and libgpg-error-0.dll.
>> Instead all works fine if run from the \wireshark-gtk1\ 
>> and the \wireshark-gtk2\ directories.
>>
>> Is this behaviour by feature or design?
>>
>>   
>> 
> That's by design.
>
> See: http://www.wireshark.org/lists/wireshark-dev/200609/msg00425.html
> I see. Should perhaps the files capinfos.exe, dumpcap.exe, editcap.exe, 
> mergecap.exe, randpkt.exe, rdps.exe, text2pcap.exe, tshark.exe, 
> wireshark-gtk2.exe and wireshark.exe be moved to the  dir>\wireshark-gtk<1/2> directories from the  instead of 
> being copied then? Why leave them in the ?
>
> / Peter

As well shouldn't the distclean target also remove these dir's?

/Anders
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] RTP-MIDI

[Anders Broman \(AL/EAB\)]

Hi,
Yes why not, but preferedly as a "normal" dissector not a plugin.
An entry to http://wiki.wireshark.org 's protocol pages with a link to
the spec and a sample trace would also be nice. 

Best regards
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tobias
Erichsen
Sent: den 2 oktober 2006 17:27
To: Developer support list for Wireshark
Subject: [Wireshark-dev] RTP-MIDI

Hi everyone,

thanks to the help of Jaap Keuter, I'm proceeding pretty well in writing
a dissector plugin for RTP-MIDI payload:

http://www.cs.berkeley.edu/~lazzaro/sa/pubs/txt/current-rtp-midi.txt

I hope to have this thing done in a couple of days and I was wondering
if there is any interest to make this part of the standard-distribution
of Wireshark...

Best regards,
Tobias
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] rev 19372: /trunk/ /trunk/: Makefile.nmake

[Anders Broman \(AL/EAB\)]

Hi,
Yes removing the /d did the trick.
Brg
Anders 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf Lamping
Sent: den 30 september 2006 10:57
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 19372: /trunk/
/trunk/: Makefile.nmake

Anders Broman wrote:
> Hi,
> On my Windows2000 machine at work I get a syntax error from that
line...
> (Not on the XP one at home though).
>   
I don't have a Win2000 machine to test.

Could you try if removing the /d helps?

Regards, ULFL
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Problem dissection generic ASN1

[Anders Broman \(AL/EAB\)]

Hi,
I think it sounds reasonable to have the dissector turned off as default
and definetly turned of if there is no
"ASN.1 type table file" as the table is "stating" how the protocol
should be dissected right?
 Furthermore the default port should probably be zero e.g dissection
turned off. At some stage the dissector should also be changed to use
the
BER helpers rather than the current ones.
If you frequently use the asn1 plugin to dissect a protocol you should
consider using asn2wrs and create a "real" dissector for the protocol in
question.
Best regards
Anders

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Steffen
Sent: den 28 september 2006 10:44
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Problem dissection generic ASN1

Dear Developers

I think I was able to pinpoint a long standing problem with the ASN1
dissector (plugin), and I wonder whether other users have the same
experience.

The ASN1 dissector works fine if you specify an "ASN.1 type table file"
in the preference. It automatically dissects packets send to the
configured ports, and you can use the context menu entry "Decode As ..."
to force dissection as ASN1.

However, if the field "ASN.1 type table file" is empty, the dissector
does not work. It does not recognize packets send to the specified
ports, and it does not appear in the list of dissectors under "Decode As
...". I find this a rather strange behaviour, and I could not find any
hint in the code that this would be intended. (I need to get my debugger
working to find out why it might happen unintentionally.)

So is this problem indeed unintended? If so, I could try to produce a
fix. The only reservation that I have is that it may make Wireshark more
vulnerable, because the ASN1 dissector certainly still has a few rough
edges. Since the default setting basically disables the dissector, no
vulnerability is reach. However, if I fix this issue, the dissector
would automatically dissect everything on port 801 (by default).

So should the ASN1 dissector be disabled by default, or can I just fix
the issue, and thereby enable the dissector by default?

Yours,
Thomas
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Fwd: And again BER errors whiledecodingH248packets

[Anders Broman \(AL/EAB\)]

>On 9/25/06, ronnie sahlberg <[EMAIL PROTECTED]> wrote:
>> Are these zero length constructs actually allowed by the standard?
>>
>> If they are not it might be better to just abort dissection completely
>> with a "[malformed packet]" message.

>I honestly do not know if the standard allows for that, however,
>I do not agree with aborting dissection en tout. I believe that if we
>can decode it we should, but an error label  (expert info) should be
>added to the item.
>
>Luis

If I remeber correctly the "BER" standard allows zero lengt SEQUENCE and 
SEQUENCE OF, I'm haven't checked if the H.248 standard
says anything on the subject.
It looks though like an "unusual" implementation :)

Brg
Anders
<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Fwd: And again BER errors while decodingH248packets

[Anders Broman \(AL/EAB\)]

Hi,
Well there is one item of Zero length :)

Which may not be so easy to fix.
Brg
Anders

-Original Message-
From: [EMAIL PROTECTED] on behalf of Oleg Kostenko
Sent: Mon 9/25/2006 11:09 AM
To: Anders Broman; wireshark-dev@wireshark.org
Subject: Re: [Wireshark-dev] Fwd: And again BER errors while decodingH248packets
 
Hello Anders,

BER errors are gone, but now some lines tell that there is '1 item' f
something, while actually there isn't:

...
Item: mediaDescriptor (1)
  mediaDescriptor
termStateDescr
here: propertyParms: 1 item
  serviceState: inSvc (2)
streams: oneStream (0)
  oneStream
localControlDescriptor
  reserveValue: False
  reserveGroup: False
here: propertyParms: 1 item
Item: eventsDescriptor (4)
  eventsDescriptor
requestID: 0
here:   eventList: 1 item
...

-- 
Best regards,
 Olegmailto:[EMAIL PROTECTED]


Monday, September 25, 2006, 1:08:29 AM, you wrote:

AB> Hi,
AB> I have checked in a fix please verify it with your traces.

AB> Best regards
AB> Anders

AB> -Ursprungligt meddelande-
AB> Från: Oleg Kostenko [mailto:[EMAIL PROTECTED] 
AB> Skickat: den 20 september 2006 10:41
AB> Till: Anders Broman; wireshark-dev@wireshark.org
AB> Ämne: Re[2]: Fwd: And again BER errors while decoding H248packets

AB> Hello Anders,

AB> Here is the fragment from the ASN.1 specification for H.248.

AB> TerminationStateDescriptor ::= SEQUENCE
AB> {
AB>   propertyParms   SEQUENCE OF PropertyParm,
AB>   eventBufferControl  EventBufferControl OPTIONAL,
AB>   serviceStateServiceState OPTIONAL,
AB>   ...
AB> }

AB> As I understand, "SEQUENCE OF" means zero or more elements, so it is
AB> possible that there will be no propertyParms at all. So in terms of
AB> ASN.1 the packet is correct and no BER errors should occur. Right?

___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] New radius attributes (RFC 4590)

[Anders Broman \(AL/EAB\)]

Hi,
IANA has them as:
   102  EAP-Key-Name [RFC4072]
   103  Digest-Response   
[RFC-ietf-radext-digest-auth-09.txt] 
   104  Digest-Realm  
[RFC-ietf-radext-digest-auth-09.txt]  
   105  Digest-Nonce  
[RFC-ietf-radext-digest-auth-09.txt] 
   106  Digest-Nextnonce  
[RFC-ietf-radext-digest-auth-09.txt] 
   107  Digest-Response-Auth  
[RFC-ietf-radext-digest-auth-09.txt] 
   108  Digest-Method 
[RFC-ietf-radext-digest-auth-09.txt]  
   109  Digest-URI
[RFC-ietf-radext-digest-auth-09.txt] 
   110  Digest-Qop
[RFC-ietf-radext-digest-auth-09.txt] 
   111  Digest-Algorithm  
[RFC-ietf-radext-digest-auth-09.txt] 
   112  Digest-Entity-Body-Hash   
[RFC-ietf-radext-digest-auth-09.txt] 
   113  Digest-CNonce 
[RFC-ietf-radext-digest-auth-09.txt] 
   114  Digest-Nonce-Count
[RFC-ietf-radext-digest-auth-09.txt] 
   115  Digest-Username   
[RFC-ietf-radext-digest-auth-09.txt] 
   116  Digest-Opaque 
[RFC-ietf-radext-digest-auth-09.txt] 
   117  Digest-Auth-Param 
[RFC-ietf-radext-digest-auth-09.txt] 
   118  Digest-AKA-Auts   
[RFC-ietf-radext-digest-auth-09.txt] 
   119  Digest-Domain 
[RFC-ietf-radext-digest-auth-09.txt] 
   120  Digest-Stale  
[RFC-ietf-radext-digest-auth-09.txt] 
   121  Digest-HA1
[RFC-ietf-radext-digest-auth-09.txt] 
   122  SIP-AOR   
[RFC-ietf-radext-digest-auth-09.txt] 

Brg
Anders
-Original Message-
From: [EMAIL PROTECTED] on behalf of Joerg Mayer
Sent: Wed 9/20/2006 4:32 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] New radius attributes (RFC 4590)
 
On Wed, Sep 20, 2006 at 04:27:43PM +0200, Jaap Keuter wrote:
> Too bad, since the patch doesn't match RFC 4590 table 2.
> Care to fix it?

The only thing I could do is to revert the patch. Should I do that?

 Ciao
 Joerg
-- 
Joerg Mayer   <[EMAIL PROTECTED]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

<>___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] newbie build problem with python

[Anders Broman \(AL/EAB\)]

Hi,
Try to 
use Cygwins Python.
Brg
Anders


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Shelly 
CadoraSent: den 17 september 2006 01:57To: 
wireshark-dev@wireshark.orgSubject: [Wireshark-dev] newbie build 
problem with python

Hi,
 
Trying to build wireshark for the first time here but I'm getting this 
fatal error:
Making register.c (using python)/usr/bin/env: python: No such file 
or directoryNMAKE : fatal error U1077: 'c:\cygwin\bin\env.exe' : return code 
'0x7f'Stop.
 
If I change config.nmake from 
PYTHON=env python
 
to
 
PYTHON="C:/Python23/python.exe"PATH=c:\python23;$(PATH)
 
then the error changes to this:
Making register.c (using python)C:/Python23/python.exe: can't open file 
'..'NMAKE : fatal error U1077: 'C:/Python23/python.exe' : return code 
'0x2'Stop.
 
Any ideas what could cause this to fail?  I've been following the 
Wireshark Wiki for MSVC 7 since I don't have access to the non-free 
versions.
 
Here's the output from verify_tools -- python is where it should be as far 
as I can tell.
 
C:\wireshark>nmake -f Makefile.nmake verify_tools
Microsoft (R) Program Maintenance Utility Version 7.10.3077Copyright 
(C) Microsoft Corporation.  All rights reserved.
Checking for required 
applications:    cl: 
/cygdrive/c/Program Files/Microsoft Visual Studio .NET 
2003/Vc7/bin/cl    link: 
/cygdrive/c/Program Files/Microsoft Visual Studio .NET 
2003/Vc7/bin/link    nmake: 
/cygdrive/c/Program 
Files/Microsoft.NET/SDK/v1.1/Bin/nmake    
bash: /usr/bin/bash    bison: 
/usr/bin/bison    flex: 
/usr/bin/flex    env: 
/usr/bin/env    grep: 
/usr/bin/grep    /usr/bin/find: 
/usr/bin/find    perl: 
/usr/bin/perl    env: 
/usr/bin/env    python: 
/usr/bin/python    sed: 
/usr/bin/sed    unzip: 
/usr/bin/unzip    wget: 
/usr/bin/wget
C:\wireshark>
 
Thanks,
Shelly


Do you Yahoo!?Everyone is raving about the all-new 
Yahoo! Mail.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev