The provider ID appears to be the hook into dissecting NetMon Event
user data.
Since capture file with USB data was provided, that was used as the
example for how to hook into the provider ID dissector table.
Bug: 6520
Change-Id: Ie41719b6a28826869cd1672619949ea1f6981268
Reviewed-on: https://code.wireshark.org/review/23377
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Optimize code and open possibility for enriching IPv6 tap data.
Change-Id: I5a204d7464cde32123d5bfe664cc9b6bcf08dbe1
Reviewed-on: https://code.wireshark.org/review/23340
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
They're not used anywhere other than inside the dissectors, so make them
private to the dissectors.
Change-Id: I9946713f34f95a8173fd7748055fd4aa2e870f70
Reviewed-on: https://code.wireshark.org/review/23357
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Including attributes in Public Action frames and those that can appear in GAS
frames.
Change-Id: I8d2a717984295592952b8fff82879197ace2a4b2
Reviewed-on: https://code.wireshark.org/review/22615
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Currently the UMTS FP & MAC dissector's are named packet-umts_X.
This commit renames the UMTS RLC's files to show their relation.
Change-Id: I9e37be95f7c7d08278075a49b8abc2b480a13d64
Reviewed-on: https://code.wireshark.org/review/22188
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The convention of returning negative errno codes from the Linux kernel
is not just limited to usb/usbip, it is also needed by netlink. Now
netlink error codes are properly dissected.
Also add ERFKILL and EHWPOISON (since 2009 and 2011) and change ESTALE
and ENOSYS to match the current description as of Linux 4.7. Fixed
header paths in comments too.
Used this command to generate the table (with fixups for gaps):
cpp -dM -CC include/uapi/asm-generic/errno.h |
perl -ne '/^#define (E[A-Z0-9]+) ([0-9]+) \/\* (.+) \*\// &&
printf " { -%-4s \"%s (-%s)\" },\n", "$2,", $3, $1' | sort -k2
Change-Id: I16fa41a42bd4201a8383ea8e70a0aa8a597b311d
Reviewed-on: https://code.wireshark.org/review/16952
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial implementation of LoRaWAN dissector based on LoRa Alliance specification.
Features:
- Frame dissection for fields as per documentation
- Payload decryption
- MIC verification
Not implemented:
- Region specific information (frequencies etc)
- Statistics
Bug: 13775
Change-Id: I6031755dfd582dd78ed7c2566cdb390c577c9078
Reviewed-on: https://code.wireshark.org/review/22017
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
taken from the timing analysis done in the wlan_radio dissector. QT only.
The timeline background is light gray, white for packets displayed in the packetlist,
and blue for the currently selected packet. Packets are coloured according to the
colouring rules foreground colour. The timeline can be zoomed with controls on the
toolbar.
At higher zoom levels the duration (NAV) field is plotted as a horizontal line to the
right of a packet.
The height of a packet in the timeline is proportional to the RSSI.
The bottom half of the packet is only shown if it matches the display filter.
Todo:
Auto detect TSF timing reference point (start/end of packet)
Add a scrollbar
Add a ruler showing time
Improve handling of focus.
Do not display NAV for packets with bad FCS.
Show related packets graphically
Different Y axis modes
- bandwidth/channel use display
- different transmitters per line
- background color from coloring rules
Live capture support
Change-Id: Ic31fffb0d6854966361ade7abb5c0be50db9a247
Reviewed-on: https://code.wireshark.org/review/20043
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This may not be the only Netgear protocol, so make a distinction.
Change-Id: I68f460f44ac9345863468cfb407cec205a392d54
Reviewed-on: https://code.wireshark.org/review/21900
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Charlie Lenahan <clenahan@sonicbison.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5262b3b1ac5a6f5bc6ac932eedbb889847131d9c
Reviewed-on: https://code.wireshark.org/review/21601
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A sorted array keyed by intervals
You keep inserting items, then sort the array.
sorting also compacts items that compare equal into one and adjusts
the interval accordingly. find uses binary search to find the item
This is particularly useful, if you got many similar items,
e.g. ObjectMapping subindices in the XDD. XDDs can be upward of
25k lines long with much duplication (253 subindices having the same
content).
Interval Trees wouldn't work, because they didn't allow expanding
existing intervals. Using an array instead of a tree, additionally offers
a possible performance advantage, but it's not that critical here,
as finding should only happen in the async frames
There's room for optimization in the creation process of the array,
but it doesn't matter much, as they aren't created frequently.
Finding speed is what matters for the use case of parsing EDS
and XDD files
Change-Id: Iaaddc90059f0e49b456774a111d8d42452b90cf9
Reviewed-on: https://code.wireshark.org/review/21111
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The B4 Frame Format is used on the downlink SACCH and has no length
field.
While the comment on top of packet-lapdm.c claimed ever since its
introduction in 2009 that B4 was a supported format, in fact it was not
supported yet. This patch makes handling the length field conditional
to a frame format that has a length field, and introduces lapdm_data_t
that can be passed using call_dissector_with_data().
The GSMTAP dissector is updated to use this mechanism to specify the
frame format based on the channel type.
Change-Id: I52cb1cedbc8c7baf65e70d3e050e8932573647aa
Reviewed-on: https://code.wireshark.org/review/21767
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0974f13a032a908bcc27f583c3e059f57959881f
Reviewed-on: https://code.wireshark.org/review/21552
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Change-Id: Ib6f0bcd1bec9a1fc5cbcd797a1f418270ae74a0e
Reviewed-on: https://code.wireshark.org/review/21537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13689
Change-Id: I9573d0106a1639cfc2d416a4146f558047cfd67e
Reviewed-on: https://code.wireshark.org/review/21524
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
UDP-NM is an automotive communication protocol as standardized by
AUTOSAR and is specified in AUTOSAR_SWS_UDPNetworkManagement.pdf,
which can be accessed on:
autosar.org -> Classic Platform -> Software Arch -> Comm Stack.
It can run over UDP or CAN, which is why "UDP" is not in any user
exposed strings.
Change-Id: I68adfd941c193588a6c8ef0fe1cb7271f921623e
Reviewed-on: https://code.wireshark.org/review/21437
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I31bd53c49906db24b64fa3f1e3078b0658db3158
Reviewed-on: https://code.wireshark.org/review/21269
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This can be used by dissectors that need to parse out-of-band
configuration.
Change-Id: I13c0a2f408fb5c21bad7ab3d7971e0fa8ed7d783
Reviewed-on: https://code.wireshark.org/review/20912
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: Id8be2a37f99f4ac9d531a694273c7d5d3f843cc1
Reviewed-on: https://code.wireshark.org/review/21163
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Only commands and top-level attributes are recognized, no specialization
is done (yet?) since it is a large protocol.
Fields are extracted from Linux v4.10-rc4-749-g8585989d146c using the
"tools/generate-nl80211-fields.py --update" command.
Depends on the Generic Netlink (genl) dissector.
Change-Id: I7f81b91e3beacca8ebcb853137212406004f65e8
Ping-Bug: 13561
Reviewed-on: https://code.wireshark.org/review/20914
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
register.c, and the plugin.c for various plugins, are generated by tools
that must be available to do a build, and aren't distributed as part of
the source tarball. That means "make distclean" should remove them. Do
so.
Change-Id: I9e37abdafb50234cf1ebb5fb828446e45e605d78
Reviewed-on: https://code.wireshark.org/review/21125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For consistency with other netlink dissectors, the file is named
"netlink-generic", but the short protocol name is "genl" for brevity.
Ping-Bug: 13561
Change-Id: I6f94454f8366467fd833c3e57364c515aee9e86f
Reviewed-on: https://code.wireshark.org/review/20875
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Additional dissectors for Mesh Link Establishment (MLE) and Thread CoAP
TMF messages. MLE is also used in ZigBee IP.
Change-Id: I5b9c224d7df48855b79ccac67dca7661a51d0a9b
Bug: 13495
Reviewed-on: https://code.wireshark.org/review/20594
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13541
Change-Id: Ie8133be9ef7b3943d8cf66c5c4fe024250912253
Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Reviewed-on: https://code.wireshark.org/review/20820
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id574fc20e17333646d615cab415b2d40b4487375
Reviewed-on: https://code.wireshark.org/review/20333
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Conversation recording now uses a hash map instead of a tree. URI
reconstruction for responses has also been added to assist Thread CoAP
decoding.
Change-Id: I83dc0dc48534d5182cf37ba50dad67e1b095188a
Reviewed-on: https://code.wireshark.org/review/20553
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adds support for IndigoCare nursecall protocols
Bug: 13241
Change-Id: I83098c15d467ea42da8301c6b6a5568d9892fc60
Reviewed-on: https://code.wireshark.org/review/19224
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See draft-ietf-opsawg-mud for details. File changes include addition
of new asn1 directory and associated files, as well as edits to various
other files to support the change.
Change-Id: Ib910980e1ddcafaa31aa07cf049562520b61a3aa
Reviewed-on: https://code.wireshark.org/review/19505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at http://www.nvmexpress.org.
Bug: 13201
Change-Id: Id40edaf72838eea9f4087c8ddba9518a9374efab
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19063
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Parav Pandit <paravpandit@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are probably obsolete dissectors anyway, but they are a
bunch of very small files causing unnecessary file pollution.
Change-Id: I03976484996b4bf987d6743ed379534456809c2c
Reviewed-on: https://code.wireshark.org/review/19437
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit introduces a new dissector aimed at decoding the USB
protocol used by X-Rite i1 Display Pro (and derivatives) colorimeter. It
is based on reverse engineering work by Graeme Gill from the ArgyllCMS
project.
Change-Id: Icdfd0c3f75499d0df4360c6eb6856078de30ba56
Reviewed-on: https://code.wireshark.org/review/18901
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This decouples EAPOL from the few dissectors it needs to call based
on packet type and moves registration to the dissectors themselves.
Change-Id: Ia8412fe33370f4aeece52c2c80cda7f140a950cf
Reviewed-on: https://code.wireshark.org/review/19328
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12759
Change-Id: Ic4d47155168978541fb8c3670fcabaf3c35f8aad
Reviewed-on: https://code.wireshark.org/review/19187
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Applications can also use GSMTAP framing to convey log messages
which would traditionally be printed on stderr or on log files. This
allows the ordered/interspersed display of protocol messages with log
lines from the applications that send or received those messages.
The osmocom logging framework (part of libosmocore) implements this in
libosmocore.git Change-Id I9a7e72b8c9c6f6f2d76d1ea2332dcdee12394625
Change-Id: I0de723445e5b5ce0199a4081808111240a9ed047
Reviewed-on: https://code.wireshark.org/review/19183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.
Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>