Wireshark-commits: [Wireshark-commits] rev 29833: /trunk/epan/dissectors/ /trunk/epan/dissectors/:

Date: Thu, 10 Sep 2009 02:40:20 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=29833

User: morriss
Date: 2009/09/09 07:40 PM

Log:
 From Chris Maynard via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3950 :
 
 The attached patch improves NHRP dissection and encompasses the following
 changes:
 1) Now displays Request ID and CIE Reply code or Error code in Info column.
 
 2) Added support for RFC 2520 and RFC 2735 extensions and error codes.
    References:
        -> http://www.ietf.org/rfc/rfc2520.txt?number=2520
        -> http://www.ietf.org/rfc/rfc2735.txt?number=2735
    Note: Cisco's NAT Address Extension conflicts with RFC 2735's published
 Device Capabilities Extension.  Both are assigned type 9.  As such, I have had
 to add some heuristics to differentiate between them.  It should be reliable
 though since the former carries a CIE with length > 8 bytes, and the latter a
 fixed-length payload of 8 bytes.
 
 3) A few fields previously not filterable now are: hf_nhrp_hdr_op_type,
 hf_nhrp_hdr_version and hf_nhrp_error_code.
 
 4) Added support for authentication and vendor-private extension header decode.
    NOTE: The authentication extension has been added according to RFC 2332.  In
 practice, it seems that at least with certain Cisco equipment (I tested with
 cisco 2851 IOS version 12.4(15)T), they use their own non-standard
 authentication extension format.  Because of this, Cisco's version of the
 extension will likely either be displayed a little differently than one may
 expect or be indicated as being mal-formed ... because in reality, it is.
 
 5) Utilizes expert info in a couple more places to indicate mal-formed packets.
  Cisco's Error Indication packet, for example, violates RFC 2332 Section 5.2.7
 by including extensions in the Error Indication packet as well as by including
 erroneous data following the End Extension.  Both cases are reported via expert
 info now.  Previously, at least with the case of the erroneous data following
 the End Extension, the packet would almost certainly have been marked
 mal-formed anyway.  I now just prevent Wireshark from even attempting to decode
 the non-sensical mess.

Directory: /trunk/epan/dissectors/
  Changes    Path             Action
  +267 -88   packet-nhrp.c    Modified