was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
Support AES-GCM ipsec encryption using CTR (since libgcrypt doesn't support
GCM). Using CTR instead gets us decryption, but does not verify authentication.
svn path=/trunk/; revision=47886
tvbuff and runs to the end of the tvbuff? Let me count the ways....
Replace a bunch of different ways of doing that (some incorrect, in that
they're not properly handling tvbuffs where the captured and reported
lengths are different) with tvb_new_subset_remaining().
svn path=/trunk/; revision=47751
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
IPsec ESP: allow filtering by ICV verification result
Add hf_esp_icv_good and hf_esp_icv_bad (similar to IP checksums), to allow
filtering based on the ICV check results.
svn path=/trunk/; revision=45483
implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
a fix for the SPI the src and dst IP address strings needs fixing too.
I'll look into that tomorrow if no one beats me too it.
svn path=/trunk/; revision=39621
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
- get_full_XXX functions are unused in the code
- A case statement which handles only 2 of the many enum elements
creates another warning promoted to error
- The patch removed usage of a variable but not the variable declaration
itself.
svn path=/trunk/; revision=37517
UATification of ESP
UATification of ESP SA keys. Some notes:
1. Trimmed a lot of fat removing the code that parsed (and reparsed) ESP SA
keys, since UATs can take care of all that.
2. There was no validation on the src/dest, so that was carried through (ie
there is still no validation of src/dest fields)
3. Formatting of the source was a little off, so I attempted to fix the
functions I needed to deal with. I know that's frowned upon, but the braces
were such that I couldn't tell if/else blocks to understand the code. If
somebody wanted to run an indent program on the file, that would be
appreciated.
Added some casts to make it compile on win64.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1123
svn path=/trunk/; revision=37516
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
When specifying SA keys for AES-CTR, Wireshark expects a key length of 160, 224
or 288 bits, (i.e. 128, 192 or 256 bits, followed by the 32 bit nonce value),
but gcry_cipher_setkey() in packet_ipsec.c fails, as it expects 128, 192 or 256
bits.
Omitting the nonce won't work -- even if Wireshark liked those key lengths,
gcrypt wouldn't be able to decrypt without it.
svn path=/trunk/; revision=33105
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
Errors occur which means decrypted_len - esp_iv len will render a negative value and thus
cause the problem. This patch prevents the crash. Not sure if this is a proper fix. At least it
looks like a sane check to do.
svn path=/trunk/; revision=29979
As for now, Wireshark supports only 96-bit (or 0-bit for NULL authentication)
integrity control values (ICVs) for IPsec ESP. While the autentication field is
of variable length, this may lead to situations where the whole packet is not
parsable.
To solve this, I added generic classes (not checked) for 128, 192 and 256 bit
ICVs to the ESP dissector. I also split the HMAC-SHA-256 autentication
algorithm to HMAC-SHA-256-128 (128 bit as defined in RFC 4868) and
HMAC-SHA-256-96 (from the very first draft, nevertheless unpatched Linux and
BSDs do it this way).
svn path=/trunk/; revision=29121
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
Bill Meier