Use proto_tree_add_item_ret_display_string() routines to add strings if
we want to display the string's value in a column, and just use
proto_tree_add_item() if we don't need the string's value. That way,
all strings are fetched using an encoding value, to properly map to
UTF-8, and, if necessary, are formatted for display.
Add comments about fields that have type VisibleString, asking whether
that means "ASCII" or "just the "Basic" part of ISO 646", where the
latter is ENC_ISO_646_BASIC.
Add a comment about fields using "The definition of IETF RFC 5890" -
that means "Punycode", but I don't think we map Punycode to Unicode;
perhaps we should. Also ask whether that also implies RFC 1035's
encoding of domain names as sequences of counted strings.
Change-Id: Ie8d5bc18d2846f8d723019b22f69a50ce55f9a9b
Reviewed-on: https://code.wireshark.org/review/33986
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The timeout value was removed from the DCP PREPARE
message as it was never used (and will never occur
in a released version of Couchbase)
Change-Id: I95f5bb3a0878237bf0339da48476fda437740c25
Reviewed-on: https://code.wireshark.org/review/33984
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Jim Walker <jim@couchbase.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Use tvb_get_string_enc() routines to fetch strings; all strings must
have an encoding value, to properly map to UTF-8.
Use format_text() when displaying string values in columns.
Show the interpretation of "character set" values.
Choose the encoding value based on the "character set" value.
While we're at it, use the XDLC_S_U_MASK #define, rather than a raw hex
value, when testing for S frames vs. U frames.
Change-Id: Idf9d6302473bbffdfa67341c381575aa525a6d84
Reviewed-on: https://code.wireshark.org/review/33982
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Supported since GLib 2.20, we require at least 2.32.
Change-Id: I0bdeaaaf11dad5352aa2f6e4dc9e23be9dc93e3a
Reviewed-on: https://code.wireshark.org/review/33977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simplify timing code by relying on g_get_monotonic_time which has the
additional benefit that it is unaffected by clock jumps.
Change-Id: Ib61b848eb5e20d68d486a07e3528ccafb03f8814
Reviewed-on: https://code.wireshark.org/review/33976
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace g_get_current_time by g_get_monotonic_time (since GLib 2.28, we
require 2.32) to simplify code and ignore time jumps. Qt does not need
the elapsed time, so remove the parameter from the progress callback.
Change-Id: Icaad4b909b9cb4bb07d28fcdf3d383d64aa00127
Reviewed-on: https://code.wireshark.org/review/33975
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tvb_get_string_enc() to fetch strings. That way, all strings are
fetched using an encoding value, to properly map to UTF-8.
While we're at it, add the RFC for the final version of the protocol.
Change-Id: If103d9464a313bd61948b931291a3763ea85d01b
Reviewed-on: https://code.wireshark.org/review/33981
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use tvb_get_string_enc() routines to fetch them; all strings must have
an encoding value, to properly map to UTF-8.
While we're at it, fix heuristic test to make sure we have a full TALI
header in the *captured* data.
Change-Id: Ia572707f8d7da89d3fe31e839e1cbe4dc5e23c43
Reviewed-on: https://code.wireshark.org/review/33980
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use proto_tree_add_item_ret_display_string() routines to add strings if
we want to display the string's value in a column. That way, all
strings are fetched using an encoding value, to properly map to UTF-8,
and are formatted for display.
Change-Id: I4acd9ed7cfad3342be84a4773187dd531949f47b
Reviewed-on: https://code.wireshark.org/review/33974
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's an unsigned int, as per the protocol spec. Treat it as such. (Add
a URL for the protocol spec while we're at it.)
Convert it from a string of ASCII hex digits to a number using
ws_hexstrtou32(); that routine does the appropriate checks.
Clean up blank lines while we're at it - add some and remove some.
Change-Id: I2c0832c4a57c121e2e64de49a8678b747025f35e
Reviewed-on: https://code.wireshark.org/review/33972
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
clang errs about the stack frame size being too big.
* use indexes instead of pointers
* use guint8 instead of gboolean (== int)
* remplace hard coded 512 with #define
Change-Id: Idae70677f20e88ac8bba93899573e0137b9a3d7e
Fixes: 0db39ae59a ("smb2: add support for decompression")
Reviewed-on: https://code.wireshark.org/review/33965
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use proto_tree_add_item...() routines to add strings; use
tvb_get_string_enc() to extract strings. That way, all strings are
fetched using an encoding value, to properly map to UTF-8.
Change-Id: I2118e812965cfad5d8c288ea40fa50aca9c67fa8
Reviewed-on: https://code.wireshark.org/review/33970
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Added the full GigE Vision 2.2 feature set including
GenDC, extended bootstrap registers and new
capability and configuration bits
- Fixed typos
- Added all the latest pixel formats as defined by the
PFNC standard document to the gvcp, gvsp and u3v
dissector
Change-Id: Ic60f0252caef99b222262e96e3f2296c9fccccad
Reviewed-on: https://code.wireshark.org/review/33898
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for draft-ietf-bess-evpn-igmp-mld-proxy-03
Bug: 15911
Change-Id: I42c0cf4551a7669742457691cc820a4057faf697
Reviewed-on: https://code.wireshark.org/review/33951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Application and Transport Error Codes field has changed from 16-bit
to variable-length. Update fields accordingly. Remove the "STOPPING"
application code, this was removed in draft -17.
Bug: 13881
Change-Id: I1007ec614923331650b63a3b1502676db349c9cb
Reviewed-on: https://code.wireshark.org/review/33960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update decryption salt, add new transport parameter
(active_connection_id_limit), add new Retire Prior To field to NCI.
Due to the salt change, this drops support for draft -20 and older.
Bug: 13881
Change-Id: I99c25575af596193b96521abe81dca2fed0f8082
Reviewed-on: https://code.wireshark.org/review/33959
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update all comments to the latest draft version (draft -22) and remove
support for draft -18 and older.
Bug: 13881
Change-Id: Ide3a5b8f94ffbfa8281415f3cebdecd84346bc48
Reviewed-on: https://code.wireshark.org/review/33958
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Clang 8 emits a false positive when the first subobject of a structure
within another structure is not a signed integer. As workaround, shuffle
the struct member such that the first subobject is not a structure. See
https://bugs.llvm.org/show_bug.cgi?id=39931
Change-Id: Ic49413c202abb60a5782f9dbe99921e766b0153e
Reviewed-on: https://code.wireshark.org/review/33956
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Aurélien Aptel <aaptel@suse.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
They're used in display strings (columns, higher-level protocol tree
items, hostnames in Export Objects tables), so get display strings.
That means they're not guaranteed to be 16 octets long, so allocate them
as file-scope strings (the structure containing pointers to them is
allocated with file scope), with leading and trailing blanks stripped.
Change-Id: I291884be39557d861927020e682b0bdadfe41dbb
Reviewed-on: https://code.wireshark.org/review/33955
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The latest iteration of Microsoft updates to SMB3 added compression to
the protocol. This commit implements decompressing and dissecting
compressed payloads.
The compression algorithms that can be used are "Plain LZ77",
"LZ77+Huffman" and "LZNT1" which you can read more about in the
[MS-XCA] documentation. This set of algorithm is sometimes referred to
as XPRESS.
This commit reuses the existing uncompression API scheme already in
place with zlib and brotli and adds 3 tvb_uncompress_*() function
implemented in:
* epan/tvbuff_lz77.c
* epan/tvbuff_lz77huff.c
* epan/tvbuff_lznt1.c
A new function wmem_array_try_index() was added to the wmem_array API
to make bound checked reads that fail gracefully. New tests for it
have been added as well.
Since both reads (tvb) and writes (wmem_array) are bound checked the
risk for buffer overruns is drastically reduced. LZ77+Huffman has
decoding tables and special care was taken to bound check these.
Simplified versions of the implementations were succesfully tested
against AFL (American Fuzzy Lop) for ~150 millions executions each.
The SMB2/3 dissector was changed to deal with the new transform header
for compressed packets (new protocol_id value) and READ request
flags (COMPRESSED). Badly compressed or encrypted packets are now
reported as such, and the decryption test suite was changed to reflect
that.
This commit also adds a test capture with 1 packet compressed with
each algorithm as returned by Windows Server 2019, along with 3
matching tests in test/suite_dissection.py
Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7
Reviewed-on: https://code.wireshark.org/review/33855
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Don't just grab raw string data with tvb_memcpy(); all strings must be
fetched using an encoding value, to properly map to UTF-8.
Use the newly-added ENC_ISO_646_BASIC encoding, as that's what the 2003
DICOM spec says is used.
Change-Id: Idaae45a304c746c163b214e2d08e00870c69e9d6
Reviewed-on: https://code.wireshark.org/review/33952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "Basic code table" in ISO 646 is mostly ASCII, but some code points
either 1) have more than one glyph that can be assigned to them or 2)
have no glyph assigned to them. National versions choose one of the two
glyphs for the code points in group 1) and assign specific glyphs to the
code points in group 2); the International Reference Version assigns the
same glyphs to those code points as does ASCII.
For the "Basic code table" encoding, we map the code points in groups 1)
and 2) to a REPLACEMENT CHARACTER; additional encodings can be added for
the national versions.
Add ENC_ISO_646_IRV (International Reference Version) as an alias for
ENC_ASCII.
Expand some comments, and add some comments, while we're at it.
Change-Id: I4f1b5e426ec193775e919731c5cae1224dc65115
Reviewed-on: https://code.wireshark.org/review/33941
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up some comments while we're at it.
Change-Id: I0cd014bf1d1e7dc740eac1721d5466377938655f
Reviewed-on: https://code.wireshark.org/review/33939
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Comment is about CME error, should be in ZPAS dissection func.
Change-Id: Iad2bc3de564374b23ca60053d227e02219c2a8c4
Reviewed-on: https://code.wireshark.org/review/33926
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Allow decoding of LoRaWAN in UDP payload.
Change-Id: I23df8587b08423dd1c75a060edf87f41b675057b
Reviewed-on: https://code.wireshark.org/review/33924
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is effectively reverting I88ddc2aec6805a77fcb3f3d547efda4d513ec919
The dissection logic is now generated into the dissector
following the changes I2f4258e2f4fd11c26bdc101e1375d0b5708610b7
and Iec2cb22e61e235a749c7d0f976bae8ad52e6c08f
Change-Id: I871c2b00d7a72103da83d6e64091886a8e2b12ed
Reviewed-on: https://code.wireshark.org/review/33923
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implemented packet reassembly of userdata telegrams.
Modified existing functions which before had shown only raw data on
fragmented telegrams.
Change-Id: Ia8d02928c08ad5228da28ac6a4b4df7ed99ab47e
Reviewed-on: https://code.wireshark.org/review/33920
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When creating a pixmap for a template icon, don't bother setting its
device pixel ratio. Otherwise it will interfere with QIcon's size
calculations.
Change-Id: I8c89ce49c57d558ae48baf9c31227898c0f7f9ca
Reviewed-on: https://code.wireshark.org/review/33919
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's filled in, and modified, but never used after that.
Change-Id: Id5e1e9e5bc3223b04bd77f94117388ec8aa274d6
Reviewed-on: https://code.wireshark.org/review/33922
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
After gca694eb078, no manual decoding is required
Change-Id: Ic23daf75c317df8b022e2e9911a6ad025dceaae8
Reviewed-on: https://code.wireshark.org/review/33916
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
After gca694eb078, no manual decoding is required
Change-Id: Ibe83becaea2f3587e770f6346ec71e775d25cf75
Reviewed-on: https://code.wireshark.org/review/33915
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Previous logic worked for bitmaps of 8 (and maybe less)
bits. For maps crossing 2 or more bytes all fields were
parsed incorrectly by the lower 8 bits values.
Change-Id: Iec2cb22e61e235a749c7d0f976bae8ad52e6c08f
Reviewed-on: https://code.wireshark.org/review/33904
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
- register RR dissector
- a string added to a column must be in pinfo scope
Change-Id: I2eb0f91c7e505094b87193d277c55ce8a3c4483b
Reviewed-on: https://code.wireshark.org/review/33913
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Guy Harris