Stream Specification: https://www.ilda.com/resources/StandardsDocs/ILDA_IDN-Stream_rev001.pdf
The stream specification only defines IDN messages. The other packet commands
like ping request, ping response, etc. (see line 25 - 31 in packet-idn.c)
are part of the hello specification which is not released yet. We were still
able to implement some hello packets since we received a preliminary version
of the hello specification, because we need the hello packets for our work.
related to #16707
Stream Specification: https://www.ilda.com/resources/StandardsDocs/ILDA_IDN-Stream_rev001.pdf
The stream specification only defines IDN messages. The other packet commands
like ping request, ping response, etc. (see line 25 - 31 in packet-idn.c)
are part of the hello specification which is not released yet. We were still
able to implement some hello packets since we received a preliminary version
of the hello specification, because we need the hello packets for our work.
related to #16707
This adds a protocol post-dissector for Community ID support to
Wireshark/tshark: https://github.com/corelight/community-id-spec
The protocol is disabled by default. It establishes one new filter
value, "communityid".
Includes test cases and baselines to verify correct Community ID
strings based on similar testsuites in the existing Zeek and Python
implementations.
Define a bew type name type-name="OctetStringOrUTF8" type-parent="OctetString"
to be used with OctetStrings that CAN be strings. This is a Wireshark
unique addition to the xml dixtionarys and makes use of BASE_SHOW_ASCII_PRINTABLE.
If a time field uses a standard enconding, we can call proto_tree_add_item()
to add it to the tree. There's no need to parse the time field ourselves.
Update two places in the afs dissector where the manual parsing can
easily be replaced with a proto_tree_add_item() call.
Replace bugs.wireshark.org links with their equivalent
gitlab.com/wireshark/wireshark/issues links in the AsciiDoctor buglink
macro and the please_report_bug function. Update the bug URLs in
comments in the tools and test directories.
Move the pre-commit and validate-commit checks to their own job. This
lets us quickly re-run validate-commit in case the submitter forgets to
check "Allow commits from members who can merge to the target branch"
Shorten the "merge-request" prefix to "merge-req" in order to make it
easier to distinguish between each job in the GitLab UI.
Remove the old posix_v1 code which no clients ever implemented and add
code to dissect current version of the POSIX extensions as implemented
by the Linux kernel client (cifs.ko).
Gap items have a null field_info pointer, so set "Unknown" as the
default representation string and fill it in after we've established
that field_info is valid. Closes#16851.
Pass the value of the NDS class definition type to process_multivalues()
as the vflags, rather than the NDS flags, as that's what the
MVTYPE_CLASS_NAMES case in process_multivalues() is expecting.
That way, the class definitions will be dissected correctly.
FT_NONE items all have the name "Text Item" which makes it look
poor in the packet diagram.
For these fields, switch to use ->representation insead of ->name
to make these fields look more meaningful.
SMB2 is a protocol that consists of two FT_NONE expansions,
one for the Header and a second for the actual Command.
This makes packet diagram show this much nicer.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
FieldInformationGraphicsItem's constructor allocates a FieldInformation
which is never freed.
Opening MTP3 statistics for any capture file causes memory leaks.
Indirect leak of 1120 byte(s) in 10 object(s) allocated from:
#0 0x55e32cf19a42 in operator new(unsigned long)
#1 0x7f4cca598661 in QObject::QObject(QObject*)
#2 0x55e32d5f397f in PacketDiagram::addDiagram(_proto_node*)
...
Indirect leak of 400 byte(s) in 10 object(s) allocated from:
#0 0x55e32cf19a42 in operator new(unsigned long) ...
#1 0x55e32d5fce04 in FieldInformationGraphicsItem::FieldInformationGraphicsItem(...)
#2 0x55e32d5f397f in PacketDiagram::addDiagram(_proto_node*)
...
Add a FieldInformationGraphicsItem destructor and delete FieldInformation there.
Even if Q046 is an old version, it is still used by the current QUICHE
implementation.
In this way, the latest Wireshark is able to dissect all GQUIC versions
supported by recent Chrome (Q043,46,50 and T050,51), i.e. all GQUIC versions
that you can find in live traffic right now.
Pcap examples are available in #15984 and in the attachment.
Some Q046 information are available in:
https://docs.google.com/document/d/1FcpCJGTDEMblAs-Bm5TYuqhHyUqeWpqrItw2vkMFsdY/edit#heading=h.32qkkficm7zaClose#15984
FT_STRINGZPAD is for null-*padded* strings, where the field is in an
area of specified length, and, if the string is shorter than that
length, all bytes past the end of the string are NULs.
FT_STRINGZTRUNC is for null-*truncated* strings, where the field is in
an area of specified length and, if the string is shorter than that
length, there's a null character (which might be more than one byte, for
UCS-2, UTF-16, or UTF-32), and anything after that is not guaranteed to
have any particular value.
Use IS_FT_STRING() in some places rather than enumerating all the string
types, so that those places get automatically changed if the set of
string types changes.