Use the same style of message for too-short block errors ("pcapng: total
block length XXX of {a,an} XXX is too small...").
Add an additional check for the "skip" Netflix cutom block, to make sure
it has enough room for the 4-byte "skipped" value.
Starting with 3.0 there is a new non backwards compatible Web-Sec-Protocol for BLIP, so the plugin should handle both (the differences are irrelevant from Wireshark's standpoint)
Have the IEEE 1722 AVTP dissector call the MP2T dissector when that
is the payload type. Comment out the "if (tree)" statement since
the MP2T dissector needs to be called on the first pass regardless
to handle fragmentation.
Since there is a 4 octet source packet header timestamp before each
MPEG2-TS packet when carried on AVTP, the MP2T dissector has to be
called multiple times per frame. Since the fragmentation data is
indexed by the offset in the tvb passed to the MP2T dissector, create
a table for each MP2T layer in the packet via pinfo->curr_layer_num.
Fix#10702.
A few helpers weren't in exception-throwing paths and can just free
unscoped memory. The macro in proto.c is only used in contexts with a
tree, so just use the tree's scope there.
Re-implement below change but for the legacy ccmp decryption used on
3.2 release track but also on later releases when Wireshark is built
with older versions of libgcrypt:
e5e37add9a 802.11 Decrypt: Fix AAD Calculation when HT-Control present in a QoS Data Frame
Ping #17577.
If a graph is added it should be a single operation, not multiple setData operations
leading to a myriad of dataChanged signals to be fired, which in turn can hinder redissection.
Allocate the root node in the same pool as the list itself, and make
that pool explicit so we can pass the pinfo scope instead of using the
global packet pool.
Fix support for IEEE 1722-2016 Annex J IP Encapsulation.
Dissect extra 4-octet encapsulation_sequence_num field that
is present when carried on UDP/IP. Perform rudimentary sequence
analysis with it. Fix#17389.
When written by hand, it’s difficult to have a fully functional
subdissector for a given command if the structures in it contain at lot
of fields and/or numerous level of sub-structures, making the definition
of all sub-structures mandatory before we have all sub-structures fully
defined before we can dissect anything.
This patch makes it easy not to defined some structure fields and let
the generic Thrift dissector handle them.
If you care only about some fields for your analysis or you have some
obsolete fields that may appear in your captures due to old client but
are no longer defined in the .thrift files, you can still write the sub-
dissector for your protocol just by omitting the obsolete field.
For example:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ &hf_tcustom_data_content, 3, TRUE, DE_THRIFT_T_STRUCT, &ett_tcustom_resource, { .members = tcustom_resource } },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
could become:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ NULL, 3, TRUE, DE_THRIFT_T_GENERIC, TMFILL },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
and avoid the need to define the extremely complex "resource" struct.
In this case, the structured data would be dissected by the generic
dissector while keeping the possibility for the user to filter on the
resource id or name.
wblock->internal is not initialized on pcapng_read_custom_block function
pcapng.c:3747:9: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
This patch adds support to SOME/IP to be dissected on top of DTLS. This
can be used via the Decode As feature of Wireshark.
This extends the existing support for DTLS.
Add an expert info for more protocol issues:
- Thrift protocol exceptions.
- Thrift application exceptions.
- Negative field id that are now prohibited in new interfaces.
- Out-of-order field ids (not prohibited but unusual).
packet-erldp.c:403:13: warning: Although the value stored to 'buf_ptr' is used in the enclosing expression, the value is never actually read from 'buf_ptr' [deadcode.DeadStores]
packet-erldp.c:922:9: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-erldp.c:928:7: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-json.c:365:7: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:371:7: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:383:8: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:389:8: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-rdp.c:1600:3: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-rdp.c:1614:3: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-thrift.c:1382:17: warning: Value stored to 'len_pi' is never read [deadcode.DeadStores]
packet-thrift.c:1388:9: warning: Value stored to 'len_pi' is never read [deadcode.DeadStores]
proto.c:6480:19: warning: Although the value stored to 'hf_str_val' is used in the enclosing expression, the value is never actually read from 'hf_str_val' [deadcode.DeadStores]
proto.c:6524:19: warning: Although the value stored to 'hf_str_val' is used in the enclosing expression, the value is never actually read from 'hf_str_val' [deadcode.DeadStores]
dpauxmon.c:290:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:432:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:437:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:443:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
nettrace_3gpp_32_423.c:256:2: warning: Value stored to 'prev_pos' is never read [deadcode.DeadStores]
nettrace_3gpp_32_423.c:295:2: warning: Value stored to 'next_msg_pos' is never read [deadcode.DeadStores]
nettrace_3gpp_32_423.c:487:4: warning: Value stored to 'port_type_defined' is never read [deadcode.DeadStores]
display on CI build, the text output (and not xml)
store all cppcheck output files on cppcheck folder
(you need to launch cppcheck twice for generate txt and xml)