ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-commits: [Wireshark-commits] rev 41583: /trunk-1.6/ /trunk-1.6/epan/dissectors/: packet-d

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: gerald@xxxxxxxxxxxxx
Date: Thu, 15 Mar 2012 23:44:31 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=41583

User: gerald
Date: 2012/03/15 04:44 PM

Log:
 Copy over revisions from the trunk:
 
   ------------------------------------------------------------------------
   r41025 | guy | 2012-02-13 22:00:14 -0800 (Mon, 13 Feb 2012) | 49 lines
   Changed paths:
      M /trunk/epan/dissectors/packet-http.c
 
   To quote section "7.2.1 Type" of RFC 2068, "Hypertext Transfer Protocol
   -- HTTP/1.1":
 
      Any HTTP/1.1 message containing an entity-body SHOULD include a
      Content-Type header field defining the media type of that body. If
      and only if the media type is not given by a Content-Type field, the
      recipient MAY attempt to guess the media type via inspection of its
      content and/or the name extension(s) of the URL used to identify the
      resource. If the media type remains unknown, the recipient SHOULD
      treat it as type "application/octet-stream".
 
   To quote section "4. Encoding of Transport Layer" of RFC 2565, "Internet
   Printing Protocol/1.0: Encoding and Transport":
 
      HTTP/1.1 [RFC2068] is the transport layer for this protocol.
 
   	...
 
      Note: even though port 631 is the IPP default, port 80 remains the
      default for an HTTP URI.  Thus a URI for a printer using port 631
      MUST contain an explicit port, e.g. "http://forest:631/pinetree";.  An
      HTTP URI for IPP with no explicit port implicitly reference port 80,
      which is consistent with the rules for HTTP/1.1. Each HTTP operation
      MUST use the POST method where the request-URI is the object target
      of the operation, and where the "Content-Type" of the message-body in
      each request and response MUST be "application/ipp". The message-body
      MUST contain the operation layer and MUST have the syntax described
      in section 3.2 "Syntax of Encoding". A client implementation MUST
      adhere to the rules for a client described for HTTP1.1 [RFC2068]. A
      printer (server) implementation MUST adhere the rules for an origin
      server described for HTTP1.1 [RFC2068].
 
   So, when choosing a subdissector for HTTP request bodies, search based
   on the media type first, and only if we *don't* find a dissector for the
   media type, do other stuff such as heuristics or choosing a subdissector
   based on the port number.
 
   This fixes a number of problems; in particular, it fixes bug 6765
   "non-IPP packets to or from port 631 are dissected as IPP" without
   requiring the IPP dissector to attempt to determine whether an entity
   body looks like IPP.  It also ensures that the default dissector for
   HTTP entity bodies, the "media" dissector, will get the media type
   passed to it in pinfo->match_string.
 
   Don't use "!str*cmp()" while we're at it - it's valid C, but the "!" can
   make it look as if it's checking for something not being the case when,
   in fact, you're checking for equality rather than inequality.  (The
   str*cmp() routines don't return Boolean results.)
   ------------------------------------------------------------------------
   r41040 | morriss | 2012-02-16 08:31:09 -0800 (Thu, 16 Feb 2012) | 6 lines
   Changed paths:
      M /trunk/packaging/macosx/Makefile.am
      D /trunk/packaging/macosx/Wireshark package.pmdoc
      A /trunk/packaging/macosx/Wireshark_package.pmdoc (from /trunk/packaging/macosx/Wireshark package.pmdoc:41039)
      M /trunk/packaging/macosx/osx-dmg.sh
 
   As suggested on the -dev list today, add Wireshark_package.pmdoc to the source
   distribution.
 
   To do this, however, requires renaming that directory because automake can't
   handle files with spaces in their names.
   ------------------------------------------------------------------------
   r41045 | morriss | 2012-02-16 19:02:32 -0800 (Thu, 16 Feb 2012) | 7 lines
   Changed paths:
      M /trunk/epan/dissectors/packet-ntp.c
 
   Fix part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6703 :
 
   r35887 added ntp_to_nstime() to packet-ntp since a couple of dissectors had
   their own versions.  The version used was from packet-netflow; switch to the
   version from packet-zep because that one's math works better: the fractional
   time is actually shown.
   ------------------------------------------------------------------------
 
 
 Copy over by hand:
 
   ------------------------------------------------------------------------
   r41030 | guy | 2012-02-14 14:31:33 -0800 (Tue, 14 Feb 2012) | 3 lines
   Changed paths:
      M /trunk/wiretap/erf.c
 
   TYPE_PAD records can have zero bytes of payload; don't treat them as
   errors.
   ------------------------------------------------------------------------
   r41036 | etxrab | 2012-02-15 21:21:09 -0800 (Wed, 15 Feb 2012) | 4 lines
   Changed paths:
      M /trunk/AUTHORS
      M /trunk/epan/dissectors/packet-dtls.c
      M /trunk/epan/dissectors/packet-ssl-utils.c
 
   From Naoyoshi Ueda:
   Patch to fix DTLS decryption.
 
   https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6847
   ------------------------------------------------------------------------
   r41041 | guy | 2012-02-16 10:58:40 -0800 (Thu, 16 Feb 2012) | 16 lines
   Changed paths:
      M /trunk/file.c
      M /trunk/tshark.c
      M /trunk/wiretap/pcapng.c
 
   With the WTAP_ERR_UNSUPPORTED error, Wiretap supplies a string giving
   the details of what in particular is unsupported; report it in TShark
   and Wireshark.
 
   Handle WTAP_ERR_RANDOM_OPEN_PIPE in TShark.
 
   Handle WTAP_ERR_COMPRESSION_NOT_SUPPORTED in TShark, and have its error
   message in Wireshark not speak of gzip, in case we support compressed
   output in other formats in the future.
 
   If we see a second section header block in a pcap-NG file, don't report
   it as "the file is corrupted", report it as "the file uses a feature we
   don't support", as that's the case - and don't free up the interface
   data array, as the file remains open, and Wireshark might still try to
   access the packets we were able to read.
   ------------------------------------------------------------------------
 
 
 Update the release notes.

Directory: /trunk-1.6/epan/dissectors/
  Changes    Path                  Action
  +56 -47    packet-dtls.c         Modified
  +17 -7     packet-http.c         Modified
  +1 -1      packet-ntp.c          Modified
  +20 -10    packet-ssl-utils.c    Modified

Directory: /trunk-1.6/docbook/
  Changes    Path                 Action
  +21 -1     release-notes.xml    Modified

Directory: /trunk-1.6/packaging/macosx/
  Changes    Path           Action
  +9 -1      Makefile.am    Modified
  +1 -1      osx-dmg.sh     Modified

Directory: /trunk-1.6/
  Changes    Path          Action
  +1 -0      AUTHORS       Modified
  +9 -1      file.c        Modified
  +15 -0     tshark.c      Modified


(2 files not shown)
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube