If an RTP payload spans more than two packets, the dissector needs to
save the previous fragment info.
Bug: 11413
Change-Id: I62558f40136881d70bf2a9597eabd3697966ac4a
Reviewed-on: https://code.wireshark.org/review/9875
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support decode of tag/value
Only try to decode handshake when sequence number = 1
(Working on function to check if the packet is handshake..)
There is sometimes issue for decode ACK Special Frame Type...
Bug: 11494
Change-Id: If1f4051fc9c11d343acb7f15f94a325d4243a070
Reviewed-on: https://code.wireshark.org/review/8171
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace DSCP/ECT/CE with DSCP/ECN for IPv6.
Introduce short descriptions for DSCP/ECN values.
Formating changes:
- Make IPv4 and IPv6 as similar as possible.
- Display short abbreviations only for "Differentiated Services Field".
- Display DiffServ field as hex for IPv4.
- Elide leading zeros from hex representation from DiffServ field for IPv6.
- Display DSCP/ECN as decimal in subtree (same as "IP DSCP" column format).
Change-Id: Ia69d11dc9c1d752eb2e269314287c885506b5353
Reviewed-on: https://code.wireshark.org/review/10360
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RSA private keys are typically not found in network captures, so let's
just remove it. This removal avoids overloading the pkcs1.modulus
field with the same meaning from two different contexts (RSAPrivateKey
and RSAPublicKey).
Change-Id: I65239718e6fc801fc53fa46c467dc86620aa3b29
Reviewed-on: https://code.wireshark.org/review/10546
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector is doing a lot of unnecessary "manual" operations. Start the process of simplifying that to encourage use of general APIs and put control of the "field name" in the hands of the hf_ entry it belongs with.
Change-Id: I5b048c04858ac4a846a276ba12d61c665deb66f8
Reviewed-on: https://code.wireshark.org/review/10547
Reviewed-by: Michael Mann <mmann78@netscape.net>
in this case, it's enough to exit the switch block and try to continue
with the next element
we might now end up with ie_item==NULL after the switch, so replace the
assertion with a check
Change-Id: Id54346077eb8aa12b22575f3ab6fa80087f240ce
Reviewed-on: https://code.wireshark.org/review/10549
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
replace switch-case with if
remove an initial value that's overwritten immediately
Change-Id: I98487ed08f91416179fcbbbaf80bf1b126a8d1c2
Reviewed-on: https://code.wireshark.org/review/10548
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rane make -C asn1 and found this missing change.
Somehow the unnecessary initialization was not included with the
dissector regeneration in 3243b6f964
("asn1: split off cleanup routines").
Change-Id: I26d6f0ca4e7fa0b791108f016c684556da5d06e8
Reviewed-on: https://code.wireshark.org/review/10538
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
I'm guessing fix-encoding-args.pl doesn't work on packet-ncp2222.inc because the hf_ declarations/definitions aren't in the file itself, so it can't figure out endianness or field type. So to bring the file up to modern coding standards, I did it "manually". In general I think this file has escaped critique because of the "generated" nature of the dissector.
Also removed tvb_ensure_bytes_exist and tvb_get_ptr use as both were superfluous.
Change-Id: I224f0ce15f8eb93c48ecb8eea66d161d98468f23
Reviewed-on: https://code.wireshark.org/review/10502
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modifications to ncp2222.py
Add absolute time values eptime for file/volume info
Add support for 64 bit File Transfer NCP's (22/54, 22/55, 22/56, 22/57, 22/58, 87/70, 87/71, 87/72, 87/73, 89/41, 123/35)
Fix numerous dissection errors in NWInfo and ExtNWInfo structures
Fix some indention (white space) in source
Modifications to packet-ncp2222.inc
Change seq count rollover value to 16 instead of 255 to make it more robust
Add ncp 87,72 reply
Add ncp 8x20 request
Fix ncp 8x20 reply
Change-Id: I80bdcc5854c02edd4ea51c74aa0bbc9c0e062bc1
Reviewed-on: https://code.wireshark.org/review/10017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Broken in ge450b9b, when it stopped being static (which fixed other bugs). Conversations still need the fchdr "address" data to remain in scope.
Bug:11457
Change-Id: I17a3814bf76d2940124a2700fb6b12c6d7d834c1
Reviewed-on: https://code.wireshark.org/review/10518
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A few calls in the epan directory and comments in the ui directory
Change-Id: Ia8f8830ac6909ab94d3a03283bfd173456bc9718
Reviewed-on: https://code.wireshark.org/review/10492
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
After some analysis, update the dissector
Display only VC IP when type = 3, 4, 5 or 7
Change-Id: I53214125eebe978f67f6503072638ce3521cd155
Reviewed-on: https://code.wireshark.org/review/10441
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add 34 attributes.
All attributes for this day should be supported now.
Expect 3:
0x2906 - Valid Range
0x2A2A - IEEE 11073-20601 Regulatory Certification Data List
0x2A4D - Report
The first is hard to implement now, the second needs to buy
specification, the last one will be implemented later - when USB HID
implementation will be full.
Please note that FLOAT/SFLOAT types are now supported right now.
Change-Id: I0499e17257aa8cb831fbd0cf1524d8e59c98cac7
Reviewed-on: https://code.wireshark.org/review/10526
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Finally we have FT_UINT40, so used it in Bluetooth ATT and
HDP dissectors.
Change-Id: Iab0e71345f031bca972b1eee20d7e95e193b2aef
Reviewed-on: https://code.wireshark.org/review/10527
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
"GN" does not seems to be really useful, but "PAN GN" is reasonable.
Change-Id: Ia04aa20e4b95743c7db46e87606e3843a124d7e4
Reviewed-on: https://code.wireshark.org/review/10524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add error codes from AVDTP, GAVDTP and A2DP 1.3.1.
Change-Id: Ida7c8041bafcd954d9939c165808347f16c542a8
Reviewed-on: https://code.wireshark.org/review/10523
Reviewed-by: Michael Mann <mmann78@netscape.net>
The comment was valid, the private key is already looked during the
ClientHello message (using ssl_find_private_key) and since the key is
only used during the key exchange, it is not needed to look it up that
early.
Verified with the test suite (DTLS Decryption).
Change-Id: Ia084a40d98cd74c77e9f1659ac57eeb8d44e59b6
Reviewed-on: https://code.wireshark.org/review/10529
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Those lengths had better fit in an int if they're added to packet offsets.
(BTW, gsize is the spawn of Satan; it should never be used except when
you're dealing with GLib. It *should* have just been another name for
size_t, but it's 32 bits on 64-bit Windows, which means it's narrower
than size_t, which causes us some pain with g_snprintf().)
Change-Id: Icd8f0632242303dbea0d80e0dad45b317097daaa
Reviewed-on: https://code.wireshark.org/review/10516
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only make one pass through the parameter list, adding fields as we go. Use a
wmem_strbuf to simplify string construction. Extract the "add a param" switch
into its own function so it can be called from two different places.
Should be far easier to reason about, and much more efficient.
Change-Id: I0818e0b98cbc6d2025c776bce82e56fb72e8753a
Reviewed-on: https://code.wireshark.org/review/10505
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Evan Huus <eapache@gmail.com>
ServerRes message does not follow other message when it comes to
provinding the list of ip-addresses. The type of ip-address (IPv4
or IPv6 does not depend on the protocol version but the length of
the message.
Fix: ipv4 address displayed as ip-address
Change-Id: Ie16f81c9482b30a80da37b9327b09e933d7808f8
Reviewed-on: https://code.wireshark.org/review/10513
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit adds handling for option 242 to bootp.
The value of the Avaya option 242 is a string containing a list of
several suboptions seperated by a ",".
However some suboptions may have multiple values also seperated by
a comma. The values may be enclosed in quotes.
A real-life string e.g. looks like:
MCIPADD=10.1.1.2,10.1.1.3,TLSSRVR=10.1.1.5,VLANTEST=60,L2Q=1,L2QVLAN=77
Documentation can be found here:
https://downloads.avaya.com/elmodocs2/one-X_Deskphone_Edition/R1.5/output/16_300698_4/admn054.html and
http://downloads.avaya.com/css/P8/documents/100068659
A set of crafted packets is attached to the bug.
Bug: 11021
Change-Id: I99b557a952fd34c0fcab6d0a5311440969316973
Reviewed-on: https://code.wireshark.org/review/7443
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some new firmware has come out for sccp devices which contains the use of
1 new message and some extended enums
Fix: UserToDeviceData was reusing the hf_skinny_data flag which had a side effect of showing the label as 'Statistics' which was incorrect.
Change-Id: I84f31f5f170dee075df64b5e7187f8742b6768af
Reviewed-on: https://code.wireshark.org/review/10483
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
I.e., the calculations (thanks to the masking etc.) will result in
values that fit into a guint, so there's no loss of data in converting
to a guint.
Change-Id: I3dacce93ab87c625a45d22090b27774b9a63ba21
Reviewed-on: https://code.wireshark.org/review/10496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not in C, but in C++, and we check to make sure our C code can be
compiled by a C++ compiler.
Change-Id: Ib77fac1abf1c583ebbf4465e4bd681b9db71123c
Reviewed-on: https://code.wireshark.org/review/10495
Reviewed-by: Guy Harris <guy@alum.mit.edu>
tvb_get_string_enc() treats the FH as an an ASCII string and thus stops
reading at the first zero (0) it encounters.
Replace 'tvb_get_string_enc()' with 'tvb_memdup()' in dissect_fhandle_data().
Change-Id: Ifc30ec41590e9cab5666d0988fab1f66040ce0c7
Reviewed-on: https://code.wireshark.org/review/10493
Reviewed-by: Cal Turney <cturney@charter.net>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
It prevents proper update of Info column, and various other things
Change-Id: I355c46e6f6b3f923250d6b5bf720ea052ef3b646
Reviewed-on: https://code.wireshark.org/review/10488
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit fixes bug that I have encountred in the Flow graphs of VoIP calls.
Where the RTP communication is shown only in one direction. This happens
because the packet-sip.c dissector is unable to find SIP/SDP setup frame from
the recivers side and sets the setup frame to 0. Now if no frame is found the
number of current frame is used. I have checked the previous versions and in
ver 1.8.12 it worked properly (same as after this change).
Note: I am not sure if the 1.8.12 is the last version where this was working
properly.
Change-Id: Ibb3cf85cbce03f80a2492eeae6cf64acddc439f5
Reviewed-on: https://code.wireshark.org/review/10440
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>