[Wireshark-dev] [Patch] to voip_calls.c (bug 892 again)

2006-07-04 Thread Martin Mathieson
Hi, Mike Oliveras has indicated that for MGCP voip calls, 2 seconds may be a better timeout for still matching DLCX requests to a hung-up endpoint, as in this patch. Regards, Martin ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org

[Wireshark-dev] [Patch] to voip_calls.c (bug 892 again)

2006-07-04 Thread Martin Mathieson
This time with patch attached Hi, Mike Oliveras has indicated that for MGCP voip calls, 2 seconds may be a better timeout for still matching DLCX requests to a hung-up endpoint, as in this patch. Regards, Martin Index: gtk/voip_calls.c

Re: [Wireshark-dev] [Patch] to voip_calls.c (bug 892 again)

2006-07-04 Thread Martin Mathieson
PROTECTED] on behalf of Martin Mathieson Sent: Tue 7/4/2006 11:49 AM To: Developer support list for Wireshark Subject: [Wireshark-dev] [Patch] to voip_calls.c (bug 892 again) This time with patch attached Hi, Mike Oliveras has indicated that for MGCP voip calls, 2 seconds may be a better timeout

[Wireshark-dev] New DTD (xcap-caps)

2006-07-19 Thread Martin Mathieson
Hi, Here is a DTD for xcap-caps and changes needed to install it (nsi change is untested). Regards, Martin ? wireshark:protocol proto_name=xcap-caps description=XML Configuration Access Protocol Server Capabilities hierarchy=yes ? !-- $Id: reginfo.dtd 18248 2006-05-29 20:44:06Z

Re: [Wireshark-dev] [Wireshark-commits] rev 18766: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-msrp.c

2006-07-20 Thread Martin Mathieson
Joerg Mayer wrote: On Wed, Jul 19, 2006 at 06:51:26PM +, [EMAIL PROTECTED] wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=18766 User: etxrab Date: 2006/07/19 06:51 PM Log: From Martin Mathieson: This patch: - adds headers found in later versions of the msrp

Re: [Wireshark-dev] [Wireshark-commits] rev 18766: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-msrp.c

2006-07-20 Thread Martin Mathieson
Martin Mathieson wrote: Joerg Mayer wrote: On Wed, Jul 19, 2006 at 06:51:26PM +, [EMAIL PROTECTED] wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=18766 User: etxrab Date: 2006/07/19 06:51 PM Log: From Martin Mathieson: This patch: - adds headers found

[Wireshark-dev] [Patch] Allow FT_NONE item to be filtered from menu

2006-07-20 Thread Martin Mathieson
Hi, This patch allows FT_NONE items to be built into filter expressions (i.e. testing for their presence or absence rather than comparing with a value) using the Apply|Prepare a Filter menus. What drove me to add this was having to type in !tcp.analysis.out_of_order. Does this seem

Re: [Wireshark-dev] Bug 976

2006-07-21 Thread Martin Mathieson
Guy Harris wrote: On Jun 27, 2006, at 5:51 AM, Martin Mathieson wrote: Looking at frame 170 in the trace, it looks like tvb_get_ephemeral_text() struggles with the null character in the middle of the 4th parameter (in the WWW-Authenticate header) and returns NULL. That shouldn't

[Wireshark-dev] [Patch] Tracking setup of MSRP conversations

2006-07-24 Thread Martin Mathieson
Hi, These patches: - allow SDP to parse the IP address + port for the MSRP session from the path attribute - setup an MSRP conversation using this address, whose data points back to the SDP frame - link to the SDP setup frame while dissecting MSRP (can be switched off by a preference) - I

[Wireshark-dev] Small [Patch] to H.323 VoIP calls

2006-07-24 Thread Martin Mathieson
Hi, I'm not sure if this will help with the problems that Keith French is seeing, but when I loaded some of my old H.323 traces, one of them would assert/abort. This patch fixes that assertion (looks like it was obviously asserting on the wrong pointer variable). Regards, Martin

Re: [Wireshark-dev] [Patch] Tracking setup of MSRP conversations

2006-07-25 Thread Martin Mathieson
I missed out a patch to add the new header file to epan/dissector/Makefile.common Thanks, Martin Martin Mathieson wrote: Hi, These patches: - allow SDP to parse the IP address + port for the MSRP session from the path attribute - setup an MSRP conversation using this address, whose data

[Wireshark-dev] [Patch] to fix DTD parsing problem

2006-07-26 Thread Martin Mathieson
Hi, I'm seeing these errors: ../tshark -G fields | /usr/bin/perl ./dfilter2pod.pl ./wireshark-filter.pod.template wireshark-filter.pod tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/reginfo.dtd: syntax error in reginfo.dtd:22 at or before 'CDATA': DTD parsing failure syntax

Re: [Wireshark-dev] Small [Patch] to H.323 VoIP calls

2006-07-26 Thread Martin Mathieson
: [Wireshark-dev] Small [Patch] to H.323 VoIP calls Guys, Thanks for your efforts, as I am not a developer, I await 0.99.3 with interest. Keith French. - Original Message - From: Martin Mathieson [EMAIL PROTECTED] To: Developer support list for Wireshark wireshark-dev

Re: [Wireshark-dev] [Patch] to fix DTD parsing problem

2006-07-26 Thread Martin Mathieson
Martin Mathieson wrote: name [A-Za-z][-a-z0-9_]*[-a-zA-Z0-9_]* Wouldn't [A-Za-z][-a-zA-Z0-9_]* suffice? ([...]* matches zero or more occurrences, and [-a-zA-Z0-9_] is a superset of [a-z0-9_].) That would have been the obvious fix to make in the first place, I was lazily

Re: [Wireshark-dev] Small [Patch] to H.323 VoIP calls

2006-07-27 Thread Martin Mathieson
VoIP calls Guys, Thanks for your efforts, as I am not a developer, I await 0.99.3 with interest. Keith French. - Original Message - From: Martin Mathieson [EMAIL PROTECTED] To: Developer support list for Wireshark wireshark-dev@wireshark.org Sent: Tuesday, July 25

Re: [Wireshark-dev] question about RTP Streams

2006-09-06 Thread Martin Mathieson
Andreina, If the RTP session is properly exchanging RTCP sender receiver reports, wireshark can calculate the network roundtrip delay in both directions (i.e. the time in milliseconds it takes the RTCP reports to travel from the point of capture to either RTP endpoints and back again). To

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1110] New: Invalid characters in show attribute in PDML output

2006-09-18 Thread Martin Mathieson
Its trying to print the value of an FT_NONE field, which ends up looking at uninitialised bytes. The attached patch doesn't write the show attribute for FT_NONE fields, but does this result in well-formed PDML? Best regards, Martin [EMAIL PROTECTED] wrote:

[Wireshark-dev] Tools Menu not available without HAVE_LUA_5_1

2006-10-02 Thread Martin Mathieson
Hi, I notice that the whole Tools menu is not available unless HAVE_LUA_5_1 is defined (it isn't for me, I don't have Lua installed yet). How should this be fixed? Martin ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org

Re: [Wireshark-dev] Tools Menu not available without HAVE_LUA_5_1

2006-10-02 Thread Martin Mathieson
)? Regards, Martin LEGO wrote: As I added that menu for Lua's use I thought that having an empty menu would not be nice so I excluded it when Lua isn't there. On 10/2/06, Martin Mathieson [EMAIL PROTECTED] wrote: Hi, I notice that the whole Tools menu is not available unless HAVE_LUA_5_1

Re: [Wireshark-dev] Tools Menu not available without HAVE_LUA_5_1

2006-10-02 Thread Martin Mathieson
OK, done. LEGO wrote: You are right, that's how it should have been. That's to be applied! On 10/2/06, Martin Mathieson [EMAIL PROTECTED] wrote: The top-level 'Tools' menu *does* appear for me, but is empty. I (wrongly) thought that I was missing existing menu items (i.e. not relating

Re: [Wireshark-dev] signedness of comparison functions in ftype-integer.c

2007-01-08 Thread Martin Mathieson
On 1/4/07, Martin Mathieson [EMAIL PROTECTED] wrote: On 1/3/07, Guy Harris [EMAIL PROTECTED] wrote: Martin Mathieson wrote: For the more general problem, I see 2 possible solutions: (1) have both signed and values in the union, and use the appropriate signed or unsigned parts

Re: [Wireshark-dev] [Wireshark-commits] rev 20442: /trunk/tools/lemon/ /trunk/tools/lemon/: lemon.c

2007-01-16 Thread Martin Mathieson
Is this useful? Martin GNU gdb 6.2.1 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is

Re: [Wireshark-dev] UDLD dissector bug (tshark 0.99.4)

2007-01-18 Thread Martin Mathieson
Could you please test with latest svn rev (20479 or later) or send a capture file? Regards, Martin On 1/18/07, rmkml [EMAIL PROTECTED] wrote: Hi, Im found this event : 14 14:31:11.880727 00:09:11:e4:17:bb - 01:00:0c:cc:cc:cc UDLD [Dissector bug, protocol UDLD: proto.c:1096: failed

Re: [Wireshark-dev] [PATCH] Support ALCAP, NBAP over SSCOP in K12xx

2007-01-27 Thread Martin Mathieson
On 1/27/07, Kriang Lerdsuwanakij [EMAIL PROTECTED] wrote: With above 3 changes together, dissecting Iub traces are correct for control and signaling planes. I am still investigating user plane frames because writing UMTS RLC/MAC protocol dissector is required. . Hi Kriang, This is very

[Wireshark-dev] Is anyone looking at current build breakage?

2007-02-01 Thread Martin Mathieson
This is the end of the Windows buildbot log, very similar to my linux build failure (I build with libpcap support enabled). I don't have time to dig into it this morning... Martin Linking wireshark.exe link @C:\DOCUME~1\buildbot\LOCALS~1\Temp\nma02516. ringbuffer.obj : error LNK2001:

Re: [Wireshark-dev] Is anyone looking at current build breakage?

2007-02-01 Thread Martin Mathieson
OK, its (hopefully) fixed now... ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?

2007-02-02 Thread Martin Mathieson
Richard, I remember struggling with this when writing the Microsoft Media Server protocol (packet-ms-mms.c), but it did seem to work. It was ideal for me for 2 reasons: (1) tcp_dissect_pdus() doesn't work for new-style dissectors that can reject data (2) in that protocol large PDUs can be

Re: [Wireshark-dev] [PATCH] Add FP support fo K12xx

2007-02-08 Thread Martin Mathieson
This patch only touches K12's part. There are a few parameters for FP that the patch still does not provide together with my idea for future work: - The UMTS release number - This will go into a preference setting. FP dissector should use a default release from preference when it is not given

Re: [Wireshark-dev] Prevent compiler warnings by using stop on warnings/treat warnings as errors compiler option?

2007-03-20 Thread Martin Mathieson
Currently, you don't tend to even notice new warnings that you introduce on your own platform, as they get lost in the general compilation noise. Part of the problem (when working from the command-line at least) is how much output is generated, and how far you'd need to scroll back to see the

Re: [Wireshark-dev] Expert info missing entries

2007-03-27 Thread Martin Mathieson
Hi Andrej, There wasn't any follow-up to my query. I'm afraid I've come to prefer the 'Expert Info Composite' view. I just tried to reproduce the problem with my up-to-date build (it doesn't have the patch from the previous email), and everything looks OK. I disabled colour highlighting and

Re: [Wireshark-dev] [Wireshark-commits] rev 21452: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ieee80211.c

2007-04-17 Thread Martin Mathieson
Hi, My build is failing to link from this revision onwards. The error output is the following: gcc -DINET6 -D_U_=__attribute__((unused)) -Wall -Wpointer-arith -W -g -O2 -Wdeclaration-after-statement -I/usr/local/include -DXTHREADS -D_REENTRANT -DXUSE_MTSAFE_API -I/opt/gnome/include/gtk-2.0

Re: [Wireshark-dev] [Wireshark-commits] rev 21452: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ieee80211.c

2007-04-17 Thread Martin Mathieson
] wrote: On Tue, Apr 17, 2007 at 05:31:02PM +0100, Martin Mathieson wrote: epan/.libs/libwireshark.so: undefined reference to `.LC1693' collect2: ld returned 1 exit status I recently updated my version of gcc from 3.4.3 - 3.4.6. Here is the version info from Help | About Wireshark : Did

Re: [Wireshark-dev] [Wireshark-commits] rev 21452: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ieee80211.c

2007-04-17 Thread Martin Mathieson
I just noticed (when trying to build with packet-ieee80211.c removed from epan/dissectors/Makefile.common) that my config.h has the following: /* Enable AirPDcap (WPA/WPA2 decryption) */ #define HAVE_AIRPDCAP 1 Is this correct? Martin On 4/17/07, Martin Mathieson [EMAIL PROTECTED] wrote: I've

Re: [Wireshark-dev] [Wireshark-commits] rev 21452: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ieee80211.c

2007-04-18 Thread Martin Mathieson
trying to work out if subversion can help by not updating this file when I do 'svn update' from the top...). Thanks, Martin On 4/18/07, Jeff Morriss [EMAIL PROTECTED] wrote: Martin Mathieson wrote: Hi, My build is failing to link from this revision onwards. The error output is the following

Re: [Wireshark-dev] [Wireshark-commits] rev 21452: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ieee80211.c

2007-04-20 Thread Martin Mathieson
and configure my wireshark build to use that. Thanks again, Martin On 4/20/07, Jeff Morriss [EMAIL PROTECTED] wrote: Martin Mathieson wrote: It does look like the same problem. Their report says that a problem of this kind was fixed in gcc-3.4.4-2{,.fc3}, so either its the same problem

Re: [Wireshark-dev] compile error : epan/.libs/libwireshark.so: undefined reference to `.LC1694'

2007-04-20 Thread Martin Mathieson
Hi Toralf, My workaround at the moment is to update with this command: svn update svn update -r 21451 epan/dissectors/packet-ieee80211.c Martin On 4/20/07, Jeff Morriss [EMAIL PROTECTED] wrote: Toralf Förster wrote: After some of the last SVN updates I get now: ...

Re: [Wireshark-dev] [Wireshark-commits] rev 21556: /trunk/epan/ /trunk/epan/: proto.c proto.h - all buildbots red now :-(

2007-04-25 Thread Martin Mathieson
I've had a play with this function, I like it - it can improve and simplify parts of packet-umts_fp.c which are bit-oriented, like E-DCH data. Having the function spit out the return value is helpful here, as this will avoid the dissector doing the equivalent shiting and masking work for a second

Re: [Wireshark-dev] [Wireshark-commits] rev 21556: /trunk/epan//trunk/epan/: proto.c proto.h - all buildbots red now :-(

2007-04-26 Thread Martin Mathieson
LNK4006: _tvb_get_bits already def ined in tvbuff.obj; second definition ignored -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Martin Mathieson Skickat: den 25 april 2007 19:23 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev

Re: [Wireshark-dev] [Wireshark-commits] rev 21556:/trunk/epan//trunk/epan/: proto.c proto.h - all buildbots rednow :-(

2007-04-26 Thread Martin Mathieson
] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Mathieson Sent: den 26 april 2007 13:20 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 21556:/trunk/epan//trunk/epan/: proto.c proto.h - all buildbots rednow :-( Anders, I've tried the functions (with new

Re: [Wireshark-dev] [Wireshark-commits] rev21556:/trunk/epan//trunk/epan/: proto.c proto.h - allbuildbots rednow :-(

2007-04-26 Thread Martin Mathieson
) [EMAIL PROTECTED] wrote: Hi, The intention is to use tvb_get bits from inside proto_tree_add_bits so there will be no overlap. /Anders Från: [EMAIL PROTECTED] genom Martin Mathieson Skickat: to 2007-04-26 13:49 Till: Developer support list for Wireshark Ämne

Re: [Wireshark-dev] [PATCH] UMTS Frame Protocol: more K12/K15 support, Spare Extension fields

2007-05-03 Thread Martin Mathieson
On 5/3/07, Kriang Lerdsuwanakij [EMAIL PROTECTED] wrote: Hello This patch adds the handling of Spare Extension bytes to UMTS Frame Protocol. It also handles the case when the presence of CRC in dedicated channels is not known (i.e. when FP from a K12/K15 log is dissected). The new

[Wireshark-dev] Automatically setting focus for display filter control no longer works [Patch]

2007-05-25 Thread Martin Mathieson
Hi, I think this regression is related to Gerald's change 21898, whose log message was: Don't set the focus on the display filter entry when we're passed a contorl- or alt-modified character. Fixes bug 1610. I notice that pressing down control or alt doesn't affect the value of event-keyval

Re: [Wireshark-dev] Automatically setting focus for display filter control no longer works [Patch]

2007-05-25 Thread Martin Mathieson
Wrong patch, try this one instead! On 5/25/07, Martin Mathieson [EMAIL PROTECTED] wrote: Hi, I think this regression is related to Gerald's change 21898, whose log message was: Don't set the focus on the display filter entry when we're passed a contorl- or alt-modified character. Fixes bug

Re: [Wireshark-dev] WIMAX decoder is called twice

2007-05-28 Thread Martin Mathieson
or 2) just use Intel's dissector by getting a recent buildbot build. ___ Intel has supplied dissectors for wireless interface protocols. I understand that WiMAX involves other interfaces/protocols (it looks like the air interface may be R1

[Wireshark-dev] od for Windows?

2007-06-19 Thread Martin Mathieson
Hi, Does anyone know of a free version of od for use with Windows? (I'm trying to create some test captures using text2pcap). I found xd but it doesn't support the -w flag to set the line width Thanks, Martin ___ Wireshark-dev mailing list

Re: [Wireshark-dev] Proper use of proto_tree_add_string?

2007-06-29 Thread Martin Mathieson
there's nothing to highlight in the data (because it's not there). --kan-- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Mathieson Sent: Friday, June 29, 2007 12:39 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Proper

Re: [Wireshark-dev] IMS-Information AVP not correctly parsed

2007-07-05 Thread Martin Mathieson
Assuming you're using xmllib, the quick fix for you would be to remove the IMS-Information entry from diameter/chargecontrol.xml and rely upon the better-looking entry in dictionary.xml. I'm not sure why these AVPs are defined in both places Martin On 7/5/07, cco [EMAIL PROTECTED] wrote:

Re: [Wireshark-dev] IMS-Information AVP not correctly parsed

2007-07-05 Thread Martin Mathieson
[EMAIL PROTECTED] wrote: On Thu, Jul 05, 2007 at 01:40:55PM +0100, Martin Mathieson wrote: Assuming you're using xmllib, the quick fix for you would be to remove the IMS-Information entry from diameter/chargecontrol.xml and rely upon the better-looking entry in dictionary.xml. I'm not sure why

[Wireshark-dev] Run-time error (samr.hnd disappeared)

2007-07-09 Thread Martin Mathieson
I'm seeing this error when starting wireshark (despite tshark below in the error output). Ronnie - will you be adding samr.hnd back again as a field, or should this filter expression (in packet-smb-sidsnooping.c) be changed now? tshark: Couldn't register

Re: [Wireshark-dev] filters diameter

2007-07-10 Thread Martin Mathieson
That expression will match any frame that has at least one avp with code value 829 and at least one avp whose data is uint32 whose value is 1. I suspect that what you want is to match the *same* AVP with both parts of the expression, which I don't think is possible with a simple display filter.

Re: [Wireshark-dev] filters diameter

2007-07-10 Thread Martin Mathieson
There are several ways this could be tackled: (1) A script. Export capture to PDML, parse output and match/check them yourself (2) We could add a new filterable field, diameter.avp, whose type was hex data. You could right-click to create a filter for that AVP, then edit the last word to check

Re: [Wireshark-dev] filters diameter

2007-07-10 Thread Martin Mathieson
OK, I just implemented (2) with change 22284. You should be able to right-click on a whole AVP that matches the code you're interested in, choose 'Prepare as Filter | Selected', edit the last 4 bytes and apply it. Martin On 7/10/07, Martin Mathieson [EMAIL PROTECTED] wrote: There are several

Re: [Wireshark-dev] filters diameter

2007-07-11 Thread Martin Mathieson
On 7/10/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: A year or more ago I abandoned a way towards (3) (similar to what I did for radius dictionary) a while ago, due to a personal lack of diameter use after switching jobs and a stall about how to handle recursion in attribute_groups. I will

Re: [Wireshark-dev] filters diameter

2007-07-11 Thread Martin Mathieson
useful. On 7/11/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: On 7/11/07, Martin Mathieson [EMAIL PROTECTED] wrote: On 7/10/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: I wondered if MATE or the LUA support could make this kind of filtering possible, but dynamically creating filters

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1494] Diameter dissector : the applicationID isn't taken into account when decoding an AVP

2007-07-13 Thread Martin Mathieson
Are there really any cases where AVPs have the same code and the same vendor ID but different meanings under different application IDs? There are plenty of places in the 3GPP specs where an AVP defined in one interface/application id is used in another one. Would you only use the app id to

Re: [Wireshark-dev] [Wireshark-commits] rev 22318: /trunk/epan/ /trunk/epan/dissectors/: packet-diameter.c /trunk/epan/: diam_dict.h diam_dict.l

2007-07-16 Thread Martin Mathieson
This looks pretty good, Luis. I noticed some things that you may well already be aware of: - when you find an unknown AVP, you no longer log it as an expert item - I saw instances where the name shown in diameter.avp.code didn't match the value field of the AVP, e.g. AVPs 17 and 18 (frame 115) in

Re: [Wireshark-dev] [Wireshark-commits] rev 22318: /trunk/epan/ /trunk/epan/dissectors/: packet-diameter.c /trunk/epan/: diam_dict.h diam_dict.l

2007-07-16 Thread Martin Mathieson
No, I Wasn't aware... But that's the rationale in the commit early commit often, the sooner a bug is committed (preferably along with some other code :-) the shorter it takes for it to get noticed the shorter it takes for it to be fixed. It also reminds me of a pirate film I once saw. The

Re: [Wireshark-dev] [Wireshark-commits] rev 22318: /trunk/epan/ /trunk/epan/dissectors/: packet-diameter.c /trunk/epan/: diam_dict.h diam_dict.l

2007-07-16 Thread Martin Mathieson
The old diameter dissector doesn't lie ruined at the botttom of the sea, but hopefully people will help test/finish the new one. On 7/16/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: On 7/16/07, Martin Mathieson [EMAIL PROTECTED] wrote: It also reminds me of a pirate film I once saw. The gung

Re: [Wireshark-dev] [Wireshark-commits] rev 22318: /trunk/epan/ /trunk/epan/dissectors/: packet-diameter.c /trunk/epan/: diam_dict.h diam_dict.l

2007-07-18 Thread Martin Mathieson
- Some of the commands are not matching their entries from the XML files (e.g. 275 which is in dictionary.xml) I found the cause of this problem. When running in RFC mode, it looks up only those commands in no_vnd. What it should be looking up is *all* vendors. The hack below got command

Re: [Wireshark-dev] New WiMAX R6 plug-in

2007-07-19 Thread Martin Mathieson
Hi, Please do send the code, preferably with one or more test captures (I have examples for some of R6, but not all)! Thanks, Martin On 7/19/07, Nitin Naveen [EMAIL PROTECTED] wrote: Hi, I generated dummy packets for WiMAX protocol. Saved the capture to a dummy file wimax_ether.cap. Then

Re: [Wireshark-dev] New WiMAX R6 plug-in

2007-07-24 Thread Martin Mathieson
SYSTIQUE D-8, Infocity-11 Sector-33, Gugaon Haryana, India tel: +91-124-3045400 fax: +91-124-4039301 [EMAIL PROTECTED] www.hsc.com From: Martin Mathieson [EMAIL PROTECTED] Date: Thu, 19 Jul 2007 10:29:46 +0100 Hi, Please do send the code, preferably with one or more test captures (I have

Re: [Wireshark-dev] [Wireshark-commits] rev 22468: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-catapult-dct2000.c

2007-08-08 Thread Martin Mathieson
That's pretty funny. I can't believe someone would take the time to write the DTD for it! On 8/8/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: http://tools.ietf.org/html/rfc3252 ? :-) On 8/8/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

Re: [Wireshark-dev] Support for XCAP

2007-08-08 Thread Martin Mathieson
On 8/8/07, Lampe, Sebastian [EMAIL PROTECTED] wrote: Hi, we're working on XCAP and want to use Wireshark for testing and analyzing network traffic. Will there be any possibility to Wireshark for showing XCAP-Packets respectively planed for future releases? Currently we have to filter for

Re: [Wireshark-dev] register all protocols by name

2007-08-09 Thread Martin Mathieson
On 8/9/07, Luis EG Ontanon [EMAIL PROTECTED] wrote: shouldn't we just be registering by name all dissectors for once and for all? I'd vote for that. I'm sick of (and a little self-conscious about) making individual dissectors findable by name - usually so that the DCT2000 dissector can find

Re: [Wireshark-dev] [PATCH] Adding etsie2e4.xml to Makefile.am

2007-08-13 Thread Martin Mathieson
On 8/13/07, Stig Bjørlykke [EMAIL PROTECTED] wrote: Hi. The etsie2e4.xml is missing from Makefile.am. Should bugzilla be used for such small patches? I don't know what the general answer to this is, but your patch is committed with change 22495. Thanks, Martin

Re: [Wireshark-dev] Query regrading removing header

2007-08-16 Thread Martin Mathieson
On 16-Aug-2007 18:47:37 ZE5B, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, If I have frame like for eg:- 45 60 76 87 23 97 00 Now in this frame starting 2 bit is header of one dissector now I want to pass that frame to other dissector after removing the haeder. If i change the tvb

Re: [Wireshark-dev] [Wireshark-commits] rev 22586: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ip.c

2007-08-24 Thread Martin Mathieson
I think it's much more easy to read the leading text and the value if the details of the bitfields does not start the line. Ofcourse my personal opinion, but mostly I do not care about the bits. After committing this I wondered if it was worth it, i.e. it makes the display less clean

Re: [Wireshark-dev] [Wireshark-commits] rev 22586: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ip.c

2007-08-29 Thread Martin Mathieson
On 8/24/07, Martin Mathieson [EMAIL PROTECTED] wrote: Especially as its such a lower-layer protocol. I think the best thing may be either: - just revert my change, or maybe - add something to the long text indicating that its 13 bits OK, I did the 2nd option (i.e. don't use remove bitmask

Re: [Wireshark-dev] WiMAX ASN Control Protocol dissector submission status?

2007-09-06 Thread Martin Mathieson
as: WS_VAR_IMPORT const value_string sminmpec_values[]; where WS_VAR_IMPORT is defined as extern in my Linux config.h Any ideas? Martin On 9/6/07, Martin Mathieson [EMAIL PROTECTED] wrote: Sorry about the delay on this. I'm just about to pour a cup of tea and do it now. Thanks again for submitting

Re: [Wireshark-dev] WiMAX ASN Control Protocol dissector submission status?

2007-09-06 Thread Martin Mathieson
I also note that the following line appears in epan/libwireshark.def sminmpec_values DATA On 9/6/07, Martin Mathieson [EMAIL PROTECTED] wrote: I checked this in earlier today, but have the following remaining Windows warning/error. packet-wimaxasncp.c(4151) : error C2099

Re: [Wireshark-dev] WiMAX ASN Control Protocol dissector submission status?

2007-09-07 Thread Martin Mathieson
On 9/7/07, Wen Cheng [EMAIL PROTECTED] wrote: Hi all, Great job Stephen. I'm a wimax tester, I really like your tool. But I think the display pattern of TLVs is not very good from a tester point of view. May I help to do some improvment work? This dissector has already been useful to us,

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1848] New WiMAX ASN Protocol (WMXA) Dissector

2007-10-05 Thread Martin Mathieson
Hi, Have you looked at this new submission in detail, or tried it out? Does it handle anything that is missing from the current one we have, or handle something in a better way? I don't actually work with WiMAX, and haven't asked colleagues who do to play with this new submission. I was hoping

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1848] New WiMAX ASN Protocol (WMXA) Dissector

2007-10-09 Thread Martin Mathieson
by then. Thanks On 10/5/07, Martin Mathieson [EMAIL PROTECTED] wrote: Hi, Have you looked at this new submission in detail, or tried it out? Does it handle anything that is missing from the current one we have, or handle something in a better way? I don't actually work with WiMAX

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1903] wimaxasncp: TLVs defined in XML files

2007-10-11 Thread Martin Mathieson
On 10/11/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1903 --- Comment #11 from [EMAIL PROTECTED] 2007-10-11 09:34 GMT --- Just to be clear - I was thinking of people having the flexibility to offer the very latest plugin code

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1903] wimaxasncp: TLVsdefined in XML files

2007-10-12 Thread Martin Mathieson
with Diameter, Radius etc so we don't have to move it later? Regards Anders -- *Från:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *För *Martin Mathieson *Skickat:* den 11 oktober 2007 19:15 *Till:* wireshark-dev@wireshark.org *Ämne:* Re: [Wireshark-dev

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1903] wimaxasncp:TLVsdefined in XML files

2007-10-12 Thread Martin Mathieson
at the moment... On 10/12/07, Maynard, Chris [EMAIL PROTECTED] wrote: Plugin installation is optional. See attached setup.exe snapshot. -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Martin Mathieson *Sent:* Friday, October 12, 2007 6

Re: [Wireshark-dev] [Wireshark-commits] rev 23176: /trunk/packaging/u3/win32/ /trunk/packaging/u3/win32/: makefile.nmake

2007-10-14 Thread Martin Mathieson
Hi Anders, Could you (or anyone else) please add the line: if not exist $(DEVICE)\radius $(MKDIR) $(DEVICE)\wimaxasncp to the device-dirs section? Hopefully the u3 build will then be able to run to completion. Best regards, Martin On 10/14/07, [EMAIL PROTECTED] [EMAIL PROTECTED]

[Wireshark-dev] [Patch] to fix Windows build

2007-10-18 Thread Martin Mathieson
Hi, Could someone please check in this patch to add eth_stdio_open() to libwireshark.def, as its used by the wimaxasncp plugin? (I just did my first ever Windows build :) using the anonymous svn tree :( ). The alternative would be to instead make that dissector a plugin now (which would also

Re: [Wireshark-dev] [Patch] to fix Windows build

2007-10-18 Thread Martin Mathieson
With patch. On 10/18/07, Martin Mathieson [EMAIL PROTECTED] wrote: Hi, Could someone please check in this patch to add eth_stdio_open() to libwireshark.def, as its used by the wimaxasncp plugin? (I just did my first ever Windows build :) using the anonymous svn tree :( ). The alternative

Re: [Wireshark-dev] wimaxintel.dll

2007-10-22 Thread Martin Mathieson
Hi Etay, For the question you are asking - have you looked at the Mac-to-Mac plugin checked in at the same time as the wimax R1 plugin? The source code can be viewed at: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/m2m/packet-m2m.c?view=log If you want to use a different framing,

[Wireshark-dev] Can epan/xmlstub be removed now

2007-10-26 Thread Martin Mathieson
Hi, Diameter no longer uses xmlstub, and there are no other in-tree users of it. Should we delete it now? Martin ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev

Re: [Wireshark-dev] Is there a good way of handling bitfields withdifferent bitmask offsets ?

2007-11-14 Thread Martin Mathieson
I used the not-long-since-added proto_tree_add_bits_ret_val() in packet-umts_fp.c. There is also proto_tree_add_bits_item() which doesn't extract the value for you. Are these functions not suitable for your purpose? It certainly simplified the part of the code I needed it for. Martin On Nov

Re: [Wireshark-dev] Seting up build env. and building from a tarball

2007-11-22 Thread Martin Mathieson
I recently followed the instructions found in http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html#ChSetupMSVC and it worked like a charm. These steps do include installing the platform SDK. Martin On Nov 22, 2007 5:50 PM, Anders Broman [EMAIL PROTECTED] wrote: Hi, I just got

[Wireshark-dev] PDCP/ROHC support

2007-11-23 Thread Martin Mathieson
Hi, I'm toying with the idea of working on a dissector or dissectors that would decode PDCP headers and their embedded RoHC (rfc3095, later) packets. Rather than try to cleverly guess context state without seeing configuration information, I would initially decode these packets using the

Re: [Wireshark-dev] [Wireshark-commits] rev 23765: /trunk/plugins/wimax/ /trunk/plugins/wimax/: packet-wmx.c

2007-12-05 Thread Martin Mathieson
On Dec 5, 2007 10:28 AM, [EMAIL PROTECTED] wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=23765 User: guy Date: 2007/12/05 10:28 AM Log: To generate a session-lifetime string given a format and va_list, use se_strdup_vprintf(). Directory: /trunk/plugins/wimax/

Re: [Wireshark-dev] [Wireshark-commits] rev 23761: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-ms-mms.c

2007-12-05 Thread Martin Mathieson
On Dec 5, 2007 9:31 AM, [EMAIL PROTECTED] wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=23761 User: guy Date: 2007/12/05 09:31 AM Log: Make the protocol field big enough to hold the 3-character null-terminated string that the format item used when scanning says

[Wireshark-dev] RFC: Detecting duplicate IP addresses [PATCH]

2007-12-17 Thread Martin Mathieson
Hi, I want to see an expert item to report when wireshark can see that more than one endpoint is configured with the same IP address. The approach this (not-fully-tested-yet) patch takes is to pick IP/MAC pairs out of ARP requests/reponses and maintain an IP-MAC hash table. Should this work -

Re: [Wireshark-dev] undefined symbol: h225_ReleaseCompleteReason_vals

2007-12-19 Thread Martin Mathieson
A colleague of mine had exactly this problem. A library from a previous (distribution) installation was being picked up instead of the one he was building and trying to run. We never did find out exactly where it was - we just uninstalled the distrubution package and the problem went away. Hope

Re: [Wireshark-dev] RTCP frame length error indication in RTCP with a Bye chunk

2007-12-20 Thread Martin Mathieson
Could you please post this as a capture? Remember that the string is NULL terminated, and that this is part of the length On Dec 20, 2007 2:34 PM, Herculano Antonio Lambert Duarte [EMAIL PROTECTED] wrote: Hi! When the RTCP packet has a BYE chunk included, there is an expert message RTCP

Re: [Wireshark-dev] 3GPP RLC and MAC protocols support

2008-01-08 Thread Martin Mathieson
Hi, I don't know of anyone working on MAC or RLC dissectors. FP is currently only available for Catapult DCT2000 and Tektronix K12 file formats, since those formats include the information needed to interpret the message payloads. This amounts to using Wireshark as a different log viewer, rather

Re: [Wireshark-dev] 3GPP RLC and MAC protocols support

2008-01-08 Thread Martin Mathieson
BTW is anyone planning on hooking RRC NAS message IEs into gsm_a_dtap ? Since RRC is from the ASN.1, I've not tried it yet, but any pointers appreciated. Neil -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Martin Mathieson *Sent:* 08

Re: [Wireshark-dev] 3GPP RLC and MAC protocols support

2008-01-09 Thread Martin Mathieson
? Since RRC is from the ASN.1, I've not tried it yet, but any pointers appreciated. Neil From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Martin Mathieson Sent: 08 January 2008 11:26 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] 3GPP RLC and MAC

Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2226] New: Mismatching /proto element in a PDML explort

2008-01-28 Thread Martin Mathieson
In order to conform to the schema, we'd need to insist that items were always added inside protocol trees, and not directly in to the top-level tree passed to dissectors. The TCP dissector writes unparsed data into the top-level tree. I know that I also added an ARP entry to the top-level tree

Re: [Wireshark-dev] [Wireshark-commits] rev 24762: /trunk/ /trunk/epan/dissectors/: packet-radius.c packet-radius.h /trunk/epan/: proto.c proto.h radius_dict.l /trunk/gtk/: dfilter_expr_dlg.c /trunk/:

2008-04-03 Thread Martin Mathieson
This is nice. Did you measure any improvement to startup time because of radius? I just did the wimaxasncp plugin, and if no-one beats me to it I'll do diameter (most likely tomorrow now). Regards, Martin On Thu, Apr 3, 2008 at 11:13 PM, [EMAIL PROTECTED] wrote:

Re: [Wireshark-dev] Tap preferences

2008-04-23 Thread Martin Mathieson
Hi, On Wed, Apr 23, 2008 at 7:20 AM, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, 1) It would be nice to have a generalized concept. 2) I'm not really happy with the Taps/Statistics moniker on this item. I mean, as a user I don't know what a 'Tap' is. Neither that it's the mechanism to get

Re: [Wireshark-dev] Tap preferences

2008-04-23 Thread Martin Mathieson
be a start. Thanx, Jaap Martin Mathieson wrote: Hi, On Wed, Apr 23, 2008 at 7:20 AM, Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, 1) It would be nice to have a generalized concept. 2) I'm not really happy with the Taps/Statistics moniker

Re: [Wireshark-dev] [Wireshark-commits] rev 25171: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c

2008-04-25 Thread Martin Mathieson
Thanks Bill. Luckily I'm now at home with my Windows build... On Fri, Apr 25, 2008 at 7:48 PM, Bill Meier [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Log: Fixed some old problems found while starting to add R7 support. +186 -33 packet-umts_fp.cModified I expect that

Re: [Wireshark-dev] [Wireshark-commits] rev 25171: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c

2008-04-25 Thread Martin Mathieson
On Fri, Apr 25, 2008 at 8:08 PM, Guy Harris [EMAIL PROTECTED] wrote: Bill Meier wrote: I expect that the next buildbot Windows compile of packet-umts_fp will fail (since it does on my Windows system): packet-umts_fp.c(861) : warning C4244: 'function' : conversion from 'unsigned

Re: [Wireshark-dev] [Wireshark-commits] rev 25350: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-sip.c

2008-05-22 Thread Martin Mathieson
Thanks Stig. Did you see any warnings (on OSX?) ? I built and tested on Linux/GCC and VC 2005 EE. Martin On Thu, May 22, 2008 at 10:36 AM, [EMAIL PROTECTED] wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=25350 User: stig Date: 2008/05/22 02:36 AM Log: Initialize

Re: [Wireshark-dev] sigcomp implementation

2008-05-27 Thread Martin Mathieson
On Mon, May 26, 2008 at 6:55 PM, Claudio Fontana [EMAIL PROTECTED] wrote: Hello, I have seen the wireshark SIGCOMP implementation, and it seems to me that some operations are missing, and many corner cases are not handled as RFCs demand, especially regarding DECOMPRESSION- FAILURE conditions

  1   2   3   4   >