There is no way to iterate through the contents. For a future patch to
the SDP dissector (where the session-level info is copied to the
media-level), it would be nice to duplicate the dynamic payload info.
Change-Id: I79b8349e5e157298a28fc608e20c2c2e03e76400
Reviewed-on: https://code.wireshark.org/review/19106
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.
Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Observe that some code in setup_sdp_transport is effectively the same
code as a part from dissect_sdp with these differences:
- Removal of these two conditions (setup_sdp_transport already returns
early when a packet is visited):
(!pinfo->fd->flags.visited) && (transport_info == &local_transport_info)
- "establish_frame" in setup_sdp_transport is replaced by "pinfo->num"
in dissect_sdp.
dissect_sdp further has two additional blocks that add information to
the VoIP calls dialog. This is preserved.
Freeing of the RTP payload information has also been simplified. Instead
of checking it inside the main loop that adds addresses (now moved to a
new function, "apply_sdp_transport"), let the caller do it outside the
loop.
The transformation in this patch is rather mechanical:
0. Add a comment on what the new function is supposed to do.
1. Move code from setup_sdp_transport into a new function,
apply_sdp_transport and reduce indentation level.
2. Copy all variables to the new function and populate the parameter
list.
3. Compile result, remove unused variables that the compiler warns for.
4. Move freeing of unused media outside the loop to the caller.
5. Create a new conditional statement before the duplicated loop, which
checks whether setup_sdp_transport has been used before. (SIP first
calls setup_sdp_transport, then it invokes the media type dissector
which calls dissect_sdp to populate the tree.)
6. Remove the duplicated code from the dissect_sdp loop until only the
VoIP Calls dialog info remains.
There is no functional change intended.
Change-Id: I928379466af56ef1729cccbf4a5b60895ddb3227
Reviewed-on: https://code.wireshark.org/review/19047
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissect the first, fixed part of a=candidate. The candidate type is also
unabbreviated for easier understanding. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.
Change-Id: I9950c8f066becea86f1fe8e9ffab2dc07ae0f425
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. ENIP: Display the CIP Forward Open Request packet number for connected data
2. CIP: Extended Network: Display expert info when the expected bytes does not match actual bytes
3. CIP: Look up more data fields as CIP service or Device Type
4. CIP: Display data as Dec/Hex, depending on how the spec shows things
5. Minor: Pull out common code into load_cip_request_data()
6. Minor: Text corrections
Change-Id: I184ac3899786f650e4d4643a5dfe68bba785d6e0
Reviewed-on: https://code.wireshark.org/review/19092
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Display the Reply chunk as a tree, using the same code that the
Write list dissector now uses. Fix up the selection size of the
Reply chunk.
Bug: 13197
Change-Id: Ie861b7721b2c2dd9a5839986488ee22f39f81d1e
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19101
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Write list as a list of RDMA segments (it's a
list of counted arrays).
Bug: 13197
Change-Id: I6f8e788d66eefd17d6c1995e238a9ff9fa1e81f2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19100
Reviewed-by: Michael Mann <mmann78@netscape.net>
The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Read list as a counted array (it's a list).
Part of this confusion arises because RFC 5666 uses the term "chunk"
to mean "chunk", "read segment", and "rdma segment". Re-organize
the dissector logic to make this distinction properly.
Bug: 13197
Change-Id: Iad517804dbcf8b30de795af03af7a71a6f231231
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19099
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Rather than pass a boolean that has to be continually evaluated, just pass the
necessary encoding (ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN)
2. Incorporate more use of proto_tree_add_item_ret_[u]int
3. Remove NEXT_guint16 and NEXT_guint32 because we now have tvb_get_guint16 and
tvb_get_guint32
Change-Id: Ib1c3488450b4e727d2c1943ba4e577faf2350dcc
Reviewed-on: https://code.wireshark.org/review/19103
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- support rest of api keys
- dissect kafka.required_acks with constants
- dissect kafka.message_timestamp_type
- add expert info about missing request
Change-Id: I3d18936adac6702a61f545385bdec1b75b564bd9
Reviewed-on: https://code.wireshark.org/review/18954
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I3a3a51de76286800992b1445c332c50059112c54
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19098
Reviewed-by: Michael Mann <mmann78@netscape.net>
When tshark displays each frame in default mode (without -V):
- NFS on TCP is dissected and displayed
- NFS on RPC/RDMA is displayed as only an RPC/RDMA frame
NFS on RPC/RDMA should be dissected and displayed just like NFS on
TCP. Make passing along the RPC payload to the RPC dissector
unconditional.
Bug: 13198
Change-Id: Ia86f3abcfcbc65a860d4ff7bac19a5f3af44a0b0
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19027
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13204
Change-Id: Iaad562aafe3a4f0300398fc45927ac810814ee75
Reviewed-on: https://code.wireshark.org/review/18990
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissect SC, Keypress and Reserved bits.
Up to Bluetooth Core 4 specification.
Change-Id: Id7ac75bd917786abe9aada433a1343887a32234d
Reviewed-on: https://code.wireshark.org/review/19079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
SMP occurs very rare, because of it nature - it is just pairing
procedure. It is better to distinguish it from L2CAP by assigned to it
another yellow colour.
Change-Id: I71e8641b717581253cd86cc867fa71241e7650b7
Reviewed-on: https://code.wireshark.org/review/19082
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix unexpected Direction flag pass to BTLE dissector
what caused reassemble of L2CAP not working correctly
(it based on Source/Destination addresses/columns).
Change-Id: I10fb17c29b020f6ca746f7bbccb7527e0ba04624
Reviewed-on: https://code.wireshark.org/review/19084
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now "ps" command does not support process name as parameter,
use grep instead.
Change-Id: I0c35bc7d560e237e4140000e67af097744cb2c1b
Reviewed-on: https://code.wireshark.org/review/19087
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Most of the file offset fields are 32-bit, but the algorithms use gsize
variables, which can vary between 32 and 64 bit builds. The 64-bit
builds are the ones with the problem with "garbage" data comes from
(effectively) invalid 32-bit offsets.
Bug: 11133
Change-Id: I20b8cafb75fc021594159ab092c18c24f3e257e3
Reviewed-on: https://code.wireshark.org/review/19073
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the init_progfile_dir() call unconditionally, even if plugins
aren't supported, as that doesn't necessarily mean nobody uses the
directory containing the executable.
Report the error the same way in all programs, and free the error string
after we're finished with it.
Make the error - and the comment before the code - reflect what
init_progfile_dir() is actually doing (the goal is to get the full
pathname of the directory *containing* the executable; that's generally
done by getting the pathname of the executable and stripping off the
name of the executable, but that's won't necessarily always be the
case). Also note for TShark that we won't be able to capture traffic,
just as we do for Wireshark (if we don't have the pathname of the
program file, we don't have a pathname to use to find dumpcap).
Have the plugin scanner just fail silently if we weren't able to get the
plugin directory path, so we don't have to worry about calling it if
init_progfile_dir() fails.
Clean up white space while we're at it.
Change-Id: I8e580c719aab6fbf74a764bf6629962394fff7c8
Reviewed-on: https://code.wireshark.org/review/19076
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When Lua is enabled, scripts can still be loaded from the plugin dir
(filesystem.c uses PLUGIN_INSTALL_DIR), so be sure to set it or the
cmake build fails.
Change-Id: I87d2d705434052220f9619438c90905c24b2a3a6
Reviewed-on: https://code.wireshark.org/review/18976
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().
Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.
Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Show codec libraries in About dialog, this should give the user a clue
of what codecs are available.
SBC is already supported, Spandsp (for G.722/G.726) is work in progress.
Change-Id: Iebc4d9c9fae619a442e06c8afc780a420aa3971b
Reviewed-on: https://code.wireshark.org/review/18978
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Not all codecs require the plugin infrastructure. For example, G.711U/A
is a built-in codec. Allow such functionality to be registered even if
plugin support is disabled.
Change-Id: I2505cc9955e7953268ec0739531278921f70a771
Reviewed-on: https://code.wireshark.org/review/18977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The tap reset callback should not just invoke the reset callback of the
dissector, but also clear the previous list of objects in the dialog.
Otherwise duplicate entries will be created every time retapping occurs
(e.g. on changing the display filter).
Bug: 12230
Change-Id: I75f25db0652dcc9c0ac59ab0e536c06874aedb9c
Reviewed-on: https://code.wireshark.org/review/19055
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
size_str points to a dash, so the result of calling ws_strtoi32 on it is
a negative number, which becomes a huge positive number, because size is
a guint32.
Parse the number after the dash instead, and use ws_strtou32.
Also, check that size is divisible by 8, since otherwise it's unlikely
to be a bit length.
Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64
Reviewed-on: https://code.wireshark.org/review/19006
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This is similar to what we have for opening a dump file - one API that
uses the file name as specified, one that creates a temporary file and
provides the file name, and one that uses the standard output.
All of those APIs handle closing the output file.
Change-Id: I56beea7be347402773460b9148ab31a8f8bc51e1
Reviewed-on: https://code.wireshark.org/review/19059
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove symbols from plugins; they're not part of libwireshark.
Put all the get_rtd_ symbols together.
Add some new symbols.
Change-Id: I724ca7fd19ad083b7e05526a30974c23fa321e0b
Reviewed-on: https://code.wireshark.org/review/19060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).
Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>
After this, hf_ssh_kexdh_host_key is no longer used, so remove it.
Change-Id: Ie56a086481bbe087b7ba3b17aea394c05986f63d
Reviewed-on: https://code.wireshark.org/review/19052
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Install all optional dependencies as reported by cmake.
Tested on Centos7, openSUSE Leap 41.1, Fedora 24.
Fedora 24 is shipped with lua5.3, that is not compatible
with the current master, then it is not enabled.
Change-Id: Ie4de7ff2849d66371e94d5d7960aab8146337dea
Reviewed-on: https://code.wireshark.org/review/18968
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
1. Fixed find_conversation for PT_IBQP to not lookup in reverse
direction when all searches fail.
This is required, because there could be valid different connection in
reverse direction which mistakenly gets updated for non template cases.
2. Added support for having MAD data for upper level dissectors to process
during RC packet processing.
This is required because connection options are negotiated out of band
using this CM exchanges (unlike in band TCP options).
3. Moved creating unidirectional connections when actually MAD packets
are processed.
Previously client-to-server unidirectional conversation was created when
CM_RSP stage, where MAD Data of CM_REQ packet is inaccessible.
4. Fixed creating multiple conversations with same address property by
eliminating create_conv_and_add_proto_data during RTU stage, which was
incorrect.
Now they are created during REQ and RSP frame processing. (Instead of
RSP and RTU processing).
5. Added support for creating bidirectional connection that ULP can
refer.
This is required to keep track of oustanding transactions on a
connection (requests and responses).
Bug: 11363
Change-Id: I32ea084a581a58efbc16dbb7a3e267c82622c50c
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/18982
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a new tshark feature to generate a folders report. The folders report
is essentially the information presented by Wireshark's About / Folders page
in a TAB delimited format.
Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6
Reviewed-on: https://code.wireshark.org/review/19002
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Maybe this way we can identify which *particular* test is, according to
Valgrind, looking at uninitialized data; there's nothing obvious that
shows up from inspecting the code, and neither of our static analyzers
seem to have found anything.
Change-Id: I80f6bb8e6fa92decfe195c01766330b97e980821
Reviewed-on: https://code.wireshark.org/review/19049
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The current mechanism of detecting RPC-over-RDMA is broken because
it treats the Read list as a counted array (it's a list); and treats
the Write list and Reply chunk identically (one is a list, one is
always a single chunk).
While we're here, refactor pre-detection helper functions so they
can be used during frame dissection as well.
Bug: 13196
Change-Id: I76e210c8d2a9464fed00e7199072d37f4ebbebf2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19025
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since the use of 'Decode as' can result in another port number than the
default port (7) being the service port, this should be checked against.
Change-Id: I93383613115595fff621e2fb9ab7959cd448c01e
Reviewed-on: https://code.wireshark.org/review/18991
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display length fields in decimal, just as they are displayed by the
RDMA RETH dissector.
Display version fields in decimal, just as they are displayed by the
RPC dissector.
RDMA offset fields are left in hexadecimal since they are
essentially addresses, and at least the Linux RPC-over-RDMA
implementation has debugging messages that display these as
hexadecimal values.
Change-Id: I7206970675ca0ca486b3a2837b6dbb1c4d764091
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19028
Reviewed-by: Michael Mann <mmann78@netscape.net>
