This finalizes the transformation for dissectors.
Change-Id: Ie5986b72bb69a6e8779ca3f5e20a80357c9e6fea
Reviewed-on: https://code.wireshark.org/review/12122
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
After updating next_in (to remove the gzip header), avail_in must also
be updated. Failing to do makes zlib read past the input buffer. In
theory this would resukt in a buffer overrun of at most double the input
length, in practice zlib returns as soon as the compression fails (after
reading a few bytes).
Bug: 11548
Change-Id: If71691a2846338f46d866964a77cc4e74a9b61dd
Reviewed-on: https://code.wireshark.org/review/12038
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no guarantee that they will be long's, and thus no guarantee
that they can be printed with "%lu".
Change-Id: I5c2ff844a1024332f01dec58489a2d304ba4e7ce
Reviewed-on: https://code.wireshark.org/review/12135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Lua reference has been moved from User's Guide to Developer's Guide.
Change-Id: I3489d774e54310ce49997e33d5318adf5e0bb2bc
Reviewed-on: https://code.wireshark.org/review/12128
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Presumably the intent was to check for either of the two "CRC dropped"
event types.
(CID 1340186.)
Change-Id: Ieea8f5ab80bebbdbb683998a6747e5130d46b92d
Reviewed-on: https://code.wireshark.org/review/12127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a much cleaner way of determining whether you found no matchin
bluetooth_uuid_vals_ext than checking whether val_to_str_ext_const()
returned the "use this if unknown" value.
It also lets us avoid a wmem_strdup().
Make print_numeric_uuid() and print_uuid() return const gchar *; there's
no reason for them *not* to be const, and that means we don't have to
throw away constness.
Change-Id: I62fb0b81c64c107dfea6c16ca8c5b9593f8f2a9d
Reviewed-on: https://code.wireshark.org/review/12126
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert the if-chain to a switch() statement while we're at it; if it
had been one originally, the compiler would have reported that there
were duplicate cases and failed.
(CID 1340190.)
Change-Id: I297ab32c51842af889bd6bebe764c0e45d57cea0
Reviewed-on: https://code.wireshark.org/review/12125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We crank up pedantic warnings enough that this provokes "warning: ISO
C90 forbids mixed declarations and code" on the OS X 10.5 buildbot.
Change-Id: Ic3962f20d85e3ed003b84b298f83d12c3ae25ea1
Reviewed-on: https://code.wireshark.org/review/12120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most of it wasn't used in current Wireshark source anyway.
Change-Id: If395e4e940adc76a2701d226ba4f7c9b17cb795d
Reviewed-on: https://code.wireshark.org/review/12108
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interval trees (wmem_itree_t) are implemented as an extension of wmem_tree with a
guint64-based range as the key.
This is useful for instance in MPTCP analysis, to look for packets
matching a range defined by a mapping across TCP subflows.
Change-Id: Iea706d44fe975e390a4191ad0257ef37d5c71525
Reviewed-on: https://code.wireshark.org/review/11714
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
new_register_dissector will eventually take its place, but that search/replace should be done when all "old style" APIs have been removed.
Change-Id: Ic3fdec67d5761fd72beeca7355f9de617562bb77
Reviewed-on: https://code.wireshark.org/review/12095
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I307ee31562a5a84bc62691f367e3b8df3cb3f244
Reviewed-on: https://code.wireshark.org/review/12097
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This seems like an unnecessary encapsulation of registering a dissector, but it can be used at runtime and not just a handoff function.
Change-Id: Ic13e34b5cecf493115f27a984bb886f2f76bc7de
Reviewed-on: https://code.wireshark.org/review/12096
Reviewed-by: Michael Mann <mmann78@netscape.net>
Wasn't sure if the absence/disabling of the XML dissector should prevent this dissector from doing anything, but left the current implementation that allows it mostly because XMPP has an IANA registered TCP port.
Change-Id: Ie08b262d611e4d9add9566f440e3d825d6b0b55c
Reviewed-on: https://code.wireshark.org/review/12094
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also add some expert info and don't stop dissection based on version.
Change-Id: Ia471cb3d517008a486ec9ad8aaf11d06fa55a72d
Reviewed-on: https://code.wireshark.org/review/12082
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also convert packet-mp4ves.c to use only "new style" dissectors.
Change-Id: I949dd1300a66039906abffef5cc019f2b49cf414
Reviewed-on: https://code.wireshark.org/review/12074
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The D-Bus Specifications states that all basic types have alignment
constraints. Padding must be added before the value and not after.
Bug: 11758
Change-Id: I3c56689f47e1e385880dcea04506fe33b60670d3
Reviewed-on: https://code.wireshark.org/review/11994
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
https://tools.ietf.org/html/draft-ietf-dnsop-edns-chain-query
Bug:11759
Change-Id: I631bf381dbfed956285855083a00a91f54a3c39c
Reviewed-on: https://code.wireshark.org/review/12064
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BGP: add the ability to decode Opaque extented community and in particular tunnel type
Change-Id: Ife53a267a2311397123a4e670924c673904bccbd
Ping-Bug: 11650
Reviewed-on: https://code.wireshark.org/review/12076
Reviewed-by: Michael Mann <mmann78@netscape.net>
no previous prototype for 'proto_register_pcap_pktdata' [-Wmissing-prototypes]
no previous prototype for 'proto_reg_handoff_pcap_pktdata' [-Wmissing-prototypes]
Change-Id: Id9c89b7217b4f0a0d1e1ca186ccfd8dfe1bcd2d9
Reviewed-on: https://code.wireshark.org/review/12067
Reviewed-by: Michael Mann <mmann78@netscape.net>
It should not be used for request/response tracking
Change-Id: Ic93884cad5bcea40e082081097575908011871c8
Ping-Bug: 11752
Reviewed-on: https://code.wireshark.org/review/12063
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add space (before and after) equal (=)
Change-Id: I3bc09cbd6b0524b6ebecb02bfdb245a394642a58
Reviewed-on: https://code.wireshark.org/review/12061
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic368dd8e83cf39e0c934da0ae2744778e2d54ce6
Reviewed-on: https://code.wireshark.org/review/12050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Only work for IPv4 (Missing length of IPv6)
Bug:11630
Change-Id: I5436aa8dc66897472466ca9399c34457f1afa851
Reviewed-on: https://code.wireshark.org/review/12057
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Header names are typically not case-sensitive (like X-Powered-By).
Become consistent with headers such as User-Agent and match custom
headers case-insensitively.
Change-Id: Icde2dc32b5020cc8c68d631667c7c79dfc58435a
Reviewed-on: https://code.wireshark.org/review/11965
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added get_column_tooltip() to use common code in GTK and Qt.
Change-Id: I2f6ce95e2e129752bbb958a28aec6f42aa81be3d
Reviewed-on: https://code.wireshark.org/review/12047
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's an ancient obsolete option with a confusing name.
Change-Id: Ib10330cf859cdea18fed2077c6539e56350ef380
Reviewed-on: https://code.wireshark.org/review/11967
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0476519c02ffdd426b4fdfe8a206d61b728c327a
Reviewed-on: https://code.wireshark.org/review/12026
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check if description (protocol name) and short_name are used before
registering the protocol. This because proto_register_protocol() makes
sure there's not already a protocol with any of the names registered
and duplicates will be reported with a g_error() which terminates the
Wireshark unexpectedly.
Also check if short_name contains valid characters.
Give appropriate error messages.
Bug: 11739
Change-Id: Ib9776a2a3406ae5278ce744defd61864ebed0282
Reviewed-on: https://code.wireshark.org/review/11995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Name and the Type Name of the sample by consulting a hash table
that relates GUIDs and this information.
This information is very useful to any analysis performed to RTPS
data. It can be disabled using a checkbox so it doesn't impact
performance when capturing (default = disabled).
Bug: 11729
Change-Id: Ic9fa3a777dfed3cb46166b8e7c9783a12c161e7d
Reviewed-on: https://code.wireshark.org/review/11602
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The SET_CUR request does not have an extended pseudo-header, the logic
likely refers to the extra bytes in the usmon packet header. Remove it
since the function handles the payload after that header.
Tested with arkmicro_webcam.pcap (from bug 8414) and
usb-malformed-error.pcapng.gz (from bug 11736).
Bug: 11736
Change-Id: I61c71bb06c37a626260447f703a5cc4db2a6fc80
Reviewed-on: https://code.wireshark.org/review/11990
Reviewed-by: Tim Ansell <mithro@mithis.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And use the value_string table for LINKTYPE_ values for the link-layer
header type.
Yes, this means that the "default link-layer header" preference is now a
LINKTYPE_ value rather than a WTAP_ENCAP_ value. Both of those were raw
numbers rather than friendly strings, but at least the most of the
LINKTYPE_ values are documented on the tcpdump.org Web site, and don't
change over time, unlike WTAP_ENCAP_ values which can change from
Wireshark release to release.
Change-Id: Ib752ba2163c6857c9681dc0e07598c96d1e7234f
Reviewed-on: https://code.wireshark.org/review/12001
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put that dissector into its own file, and get handles for it from the
pcap and pcapng file dissectors. Put the value_string of pcap/pcapng
LINKTYPE_ values there, and have the pcap and pcapng file dissectors
import it.
Expand that table to include all LINKTYPE_ values in the current
libpcap.
Change-Id: I9397035efa5711e8a18a26e056d3b54494fd3148
Reviewed-on: https://code.wireshark.org/review/12000
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Assign numbers for LinkTypes on webpage
http://www.tcpdump.org/linktypes.html were changed, so update
it for file dissector for PCAP/PCAPNG.
Change-Id: Icb52c2a8f19bd056723de155700b83497d5fded4
Reviewed-on: https://code.wireshark.org/review/11983
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
ACL and L2CAP payload contain its length field.
Of course it may be broken for many reasons, so
there is need to check it and show expert info warning.
Bug: 11677
Change-Id: I1988faec9faef70c95161513049ec16ceb8fcf45
Reviewed-on: https://code.wireshark.org/review/11982
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add some Broadcom commands found in BlueZ.
Change-Id: I6b5c6ca2a55142550c2e901443d548a5a686bc90
Reviewed-on: https://code.wireshark.org/review/11981
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
In CSSv6 there is one new item: URI (UTF-8)
Change-Id: Iafa7b563aa96a016c7178eceef28edd3a1df5dc4
Reviewed-on: https://code.wireshark.org/review/11980
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Update company IDs and Member/SDO UUIDs to latest Assign Number.
Change-Id: Ia543ab1bcf43cf5283658cbe0971c8bc9877426d
Reviewed-on: https://code.wireshark.org/review/11979
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add HTTP Proxy Service attributes and UUID.
Change-Id: If0ab490f2df0930d2b80687ac4c9a1d7e4d463e4
Reviewed-on: https://code.wireshark.org/review/11978
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add Connect in frame/Disconnect in frame jump-fields or Service/PSM
is possible to know what current channel payload is.
Change-Id: I6a06baaec50c5e54a1990ec8f29cf386910acc28
Reviewed-on: https://code.wireshark.org/review/11977
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Some vendors use UUID128 as own services/attributes.
Sometimes they use UUID16 for it too. Support both cases.
Change-Id: I001692b94fcc2f86eafa81012790e9134b0f2a36
Reviewed-on: https://code.wireshark.org/review/11976
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Always initialize prefs.col_list in pre_init_prefs.
When switching to a profile without a saved 'preferences' file we
have to initialize prefs.col_list to default values to avoid reusing
settings from the profile we leave.
This was introduced in 5012cf84e6
Emit columnsChanged() before preferencesChanged().
This because columnsChanged() rebuilds cap_file_->cinfo which is used
in preferencesChanged() to align columns (and possible other actions).
Doing this in the wrong order will give an inconsistency and a
heap-buffer-overflow if having different number of columns.
Bug: 11493
Change-Id: I5792dfc0ede11b9457b96f092af8da00453787b1
Reviewed-on: https://code.wireshark.org/review/11971
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: Id218dec9e5a721d6c63fd34962ffe50b6ab8dd56
Reviewed-on: https://code.wireshark.org/review/11946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Diederik de Groot <dkgroot@talon.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
add DLT_ISO14443 to pcap_to_wtap_map[]
define WTAP_ENCAP_ISO14443, link it to the iso14443 dissector
Change-Id: Id837197c4d66071094f9336d60db36a371424807
Reviewed-on: https://code.wireshark.org/review/11959
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As indicated in column-utils.h, col_set_str should only be used for const strings
Bug: 11726
Change-Id: I4774aac7dfba3c0f27ed90f8a4634fa19595eacb
Reviewed-on: https://code.wireshark.org/review/11958
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Current Lldp dissector column information just shows the "System Description" information.
In Profinet applications, Chassis Id and Port Id gives much more information for the application.
Therefore, Lldp Dissector Column Info is updated for frames that contains Profinet tlvs.
Change-Id: I30856d4471fd38ed07f3b9a6a25ef49b2d04f047
Reviewed-on: https://code.wireshark.org/review/11940
Reviewed-by: Anders Broman <a.broman58@gmail.com>
an S-block has no block number, fix this while at it
Change-Id: I16113fde5f78d77d7db6b7cec8d4dfa46f0187aa
Reviewed-on: https://code.wireshark.org/review/11944
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I9c7d1c092bbae896ec0c2832617891346927f2e1
Reviewed-on: https://code.wireshark.org/review/11932
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 11650
Change-Id: I1e6418afe1d02da9f30c429c0220932d74344b8d
Reviewed-on: https://code.wireshark.org/review/11775
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_real_data() will leak memory.
Also fix endianness because use of GUINT64_SWAP_LE_BE() assumes
platform is little endian.
Change-Id: Ic90d568e585e08674638519c11bd5deb4358bff1
Reviewed-on: https://code.wireshark.org/review/11540
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id0c583eacbef01d9dbdb54c27893d44cc32d9a31
Reviewed-on: https://code.wireshark.org/review/11680
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Listeners should not be deregistered in __gc because they will go out
of scope while in use. Instead free allocated data when deregistering
the Listener (Listener.remove() and Reload Lua Plugins).
Bug: 11722
Change-Id: Iadf6506757df06e476ac3cac38c05f1d1d497dc4
Reviewed-on: https://code.wireshark.org/review/11924
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
S-blocks have a block number exactly like I-blocks,
give the hf variable a more generic name
Change-Id: I25774496f88bd27b1978662e4a781ddeb5e44b45
Reviewed-on: https://code.wireshark.org/review/11920
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
make sure that we don't treat an S-block as a uid command
Change-Id: Ibe001cd346eff462040df5259c7a88fa7f94bf78
Reviewed-on: https://code.wireshark.org/review/11918
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
handle the ..._CRC_DROPPED events
use pinfo->p2p_dir to store the direction
pass a boolean 'crc_dropped' to the sub-dissectors for message types
subtree for an ISO1443 message
dissect most components of most messages
Change-Id: I2570dd4d941e5db7fa541723b70ccad6ce70ab49
Reviewed-on: https://code.wireshark.org/review/11912
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
HS20 Release 1 and Release have added some new fields. Decode them
properly.
Change-Id: Ia9bdaa3422d3f10119d42ec53ad6c9e4915578b8
Reviewed-on: https://code.wireshark.org/review/11870
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I96aa9cf53533cbb07105aa400d42922baf3016b3
Reviewed-on: https://code.wireshark.org/review/11860
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Until now, it is not possible to use the IANA-assigned protocol values in a Wireshark plugin.
This commit exports them for use on Windows machines.
As discussed on http://seclists.org/wireshark/2015/Nov/88
Change-Id: I22adc33accf5d776bd3e5cc0899d3c5b9e9d531c
Reviewed-on: https://code.wireshark.org/review/11874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a
(patched?) BouncyCastle 1.51.0 exposed the odd behavior where the
ProtocolVersion from the record layer was always fixed to DTLSv1.2 while
the server agrees to use DTLSv1.0.
This resulted in a Malformed packet dissection of the ServerKeyExchange
message which mistakenly expects a SignatureAndHash field. Fix this
by using the protocol version from the ServerHello. Keep the fallback
in case a capture starts in the middle of a SSL conversation.
(Also display "DTLS" instead of "SSL" when the version is not yet
determined for DTLS packets.)
Bug: 11709
Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6
Reviewed-on: https://code.wireshark.org/review/11821
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The SslSession struct contains a "version" field for displaying
purposes in the protocol column while the SslDecryptSession struct
has a "version_netorder" field for use in TLS hash functions (for
secrets calculations).
As these are strongly associated with each other, remove the
version_netorder field and its associated constants, let the SslSession
version field store this value instead. All SSL_VER_* are renamed to
appropriate *_VERSION macros (via search & replace), SSL_VER_UNKNOWN
is kept though.
The PCT and SSLv2 protocols had no wire value (*_VERSION), so
SSL_VER_PCT and SSL_VER_SSLv2 are assigned with some arbitrary values.
Warning: external plugins using the ssl_set_master_secret function
must now pass the wire version (TLSV1_VERSION) instead of the (now
removed) internal macros (SSL_VER_TLSv1).
Change-Id: Icd8ef15adae9c62eb21eab1c3b812166e451936f
Reviewed-on: https://code.wireshark.org/review/11820
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A similar issue was discussed and fixed for IP Flags in d051e79a
(svn revision 33264).
Change-Id: I532f51e813aee707b9573537cb8fbdb823158a61
Reviewed-on: https://code.wireshark.org/review/11817
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Added a check for nil valuestring for all ProtoField integer types
to avoid lookup when argument is not set.
Change-Id: Ib4c016b69ee77dbea4bb83ac93c0d9ae9f48f236
Reviewed-on: https://code.wireshark.org/review/11845
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A zero checksum is not illegal in IPv6/UDP when in a ICMPv6 packet.
Change-Id: I07acc874d2385992089ef3ebc7a82e853904ecfc
Ping-Bug: 6232
Reviewed-on: https://code.wireshark.org/review/11808
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Picking off "easy" dissectors that only have one or two exit points at most.
This concludes a "first pass" over the dissector directory.
Change-Id: If5ce5484214be50fe541cba478da1de62e354297
Reviewed-on: https://code.wireshark.org/review/11830
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A ProtField type FRAMENUM cannot fetch value from a Tvb.
Change-Id: Iff0f6df8b00445855c9030dcfa753daa62262171
Reviewed-on: https://code.wireshark.org/review/11832
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I25fe6a0aac93980333217d007702799d16946563
Reviewed-on: https://code.wireshark.org/review/11816
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The ack symbol is for the Address PDU beeing acked.
Also use the DUP_ACK symbol for P_Mul's Ack-Ack.
Change-Id: I3da616e95e9c2cf889b1e4e4c0570ab0c276a2d2
Reviewed-on: https://code.wireshark.org/review/11819
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The ack symbol is for the Message, Report or Notification beeing acked.
Change-Id: I5ef99b9e7830f437278af18e681f8200fab6c3d4
Reviewed-on: https://code.wireshark.org/review/11818
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0d0c1a3dde14d9817aef28352081dfbfbac6c9fb
Reviewed-on: https://code.wireshark.org/review/11774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
CMake's Visual C++ generator creates projects that compile with the
Debug configuration by default, which defines _DEBUG. Fix DEBUG_DUMP's
declaration so that we compile in that case.
While we're here note that the "airpd" prefix isn't limited to AirPcap,
so we might want to change it accordingly.
Change-Id: I5476f28c63020f0f66ee9128731bc4b3dc720765
Reviewed-on: https://code.wireshark.org/review/11787
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we encounter the wrong ftype, print its name.
Change-Id: I7405ccdd3e099f533c6a8aaf81b60faf4093741a
Reviewed-on: https://code.wireshark.org/review/11790
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
also sets the last_field flag to true if it's the end of the buffer.
Change-Id: I135d052fce04807ce61b5feb9af121ff4528f595
Reviewed-on: https://code.wireshark.org/review/11731
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a dissector for the ISO14443 protocols between a contactless
smartcard and a card reader.
The overall approach is similar to DVB-CI. We have a pseudo-header in
front of the captured data that has information about the type of the
captured data and the direction.
For now, the dissector registers itself by name so it can be linked to a
user-DLT. I am applying for an official DLT.
Change-Id: I9c4a28ef5b220f205baf58381bf1962996887a9d
Reviewed-on: https://code.wireshark.org/review/11663
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
format_text() is specifically intended to handle strings when displaying
them to the user; code such as AirPDCap, which doesn't display strings
to the user, should be handed the raw SSID.
Put in a comment indicating what we probably *should* be doing here.
Bug: 11685
Change-Id: Ic30114c35d1d8f3d791ae904e33a4d81ddc215ec
Reviewed-on: https://code.wireshark.org/review/11757
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug:11685
Change-Id: Ibe7a2909f0aed33fa35685ac5c8e0e1a8a626742
Reviewed-on: https://code.wireshark.org/review/11652
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The functions str_to_ip() and str_to_ip6() are not yet exposed to plugins so
they cannot be used there.
Now they are added to the plugin API.
Change-Id: I9df267934ad43887a6326c8c9a1a666f263c08a2
Reviewed-on: https://code.wireshark.org/review/11728
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7f5724e263ab81d42421d0cfcb1fc4b63a55d79e
Reviewed-on: https://code.wireshark.org/review/11590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
accept the node key as a first parameter.
wmem_tree accepts all sort of keys (strings, integers, soon ranges),
thus it is of interest for various purposes (testing, greedy search) to
know the key of the node.
Change-Id: Ie748b917bef91f0b1ba8cce15bd1b471922641dc
Reviewed-on: https://code.wireshark.org/review/11683
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I24185128e664a0f7cc2b59d5d653582cddd04df1
Reviewed-on: https://code.wireshark.org/review/11686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Added IP address and port number to the comp_req_list_entry so
get_mfn_from_fn_and_reqid can check for matching IP and port number
when searching for the reply to a request.
Change-Id: Iad00bca5c1104cf8c335001f84264fe55d2e45fc
Reviewed-on: https://code.wireshark.org/review/11599
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Checking WIRESHARK_ABORT_ON_DISSECTOR_BUG here looks somewhat redundant but it's not:
it's needed to prevent REPORT_DISSECTOR_BUG() from throwing an exception when
we're not dissecting (when nobody's going to catch the exception).
Change-Id: I4dfc484bdf13bca236bfff1388d4399e26880ad7
Reviewed-on: https://code.wireshark.org/review/11272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib9719ac893288b9f26acabb81158ed42b2351fb5
Reviewed-on: https://code.wireshark.org/review/11572
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I28ce51f3c06f78b85792bce4a13ef39eb75d7890
Reviewed-on: https://code.wireshark.org/review/11648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The only file system operations it does are printing of debugging output
to the standard output, so it doesn't need <wsutil/file_util.h>.
Change-Id: Ia5caf62a3aab418f039669aa0b54e163e54d0d21
Reviewed-on: https://code.wireshark.org/review/11635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also allow displaying the IPv6 header (correctly) as exactly 40 bytes long in
the bytes pane.
Ping-Bug: 10705
Change-Id: I1b4ea74202d519e7faf86c1c0f4f3c23403c2b2a
Reviewed-on: https://code.wireshark.org/review/11608
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is intentionally broken off of SSL to avoid confusion when UDP is involved.
Change-Id: Icfd3054be6aed2ebbd850a608efbc24f1a8f3831
Reviewed-on: https://code.wireshark.org/review/11612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info to the Change Cipher Spec tree when session resumption
is detected. This can be used as hint that decryption using a RSA key
file will not succeed because of missing key material.
The name of this expert info is "ssl.resumed" or "dtls.resumed" and the
expert info message is "This session reuses previously negotiated keys
(Session resumption)".
Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878
Reviewed-on: https://code.wireshark.org/review/11583
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a floating-point operation, so just use 4294967296.0.
Change-Id: I97258c8058821b6d46d740668271c0803617cdc1
Reviewed-on: https://code.wireshark.org/review/11615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I guess it's not at risk of being clobbered by a longjmp() in a way that
affects the behavior of the code, but the older GCC on that buildbot
doesn't do the dataflow analysis to figure it out.
Change-Id: I770380e2a22d00aeccf5937203bc70968712d37f
Reviewed-on: https://code.wireshark.org/review/11611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The field that uses it is also "#if 0"'ed out.
"#if 0" out, rather than commenting out, the variable for that field, for
consistency.
Change-Id: If3c6ba6c780f41b35d3f28adcf4d8a29117c4652
Reviewed-on: https://code.wireshark.org/review/11609
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Id4d8d9a2d2befee7b82ac4e0e6f2f1b8f03b4532
Reviewed-on: https://code.wireshark.org/review/11603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A change-list is as follows:
- Removed un-necessary dissector revision updates from the file header since GIT tracks these nicely.
- Added proper size detection of Modbus RTU messages (including exception responses), when dealing with partial TCP segment reassembly.
- Moved the 'register' decode preferences to the Modbus dissector as TCP vs. RTU granularity isn't needed in this case.
- Obsoleted un-unused 'address type format' user preferences
- Cleaned up dissect_modbus_data to remove proto_tree_set_text instances.
- For decoded register tree objects, use register 'address' instead of 'value' for the filter field to provide a more useful filter.
- Added in conversation support, to attempt to track responses back to matching requests.
- Use conversation support to attempt to populate proper register address offsets in the response messages. Currently each request is saved and each response looks for the last prior request that matches the function code.
- Re-factored Modbus dissector to split apart request vs. response decoding. This has led to cleaner code paths, but some duplication where replies and requests are identical format.
Change-Id: I0c86ae85b8ae4cc59b037e5f68f408833205fadd
Reviewed-on: https://code.wireshark.org/review/9914
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes memleak in reassemble.c
480 bytes in 60 blocks are definitely lost in loss record 3,010 of 3,059
at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xADA3328: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0xADBA512: g_slice_alloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0x6575C7D: fragment_reassembled (reassemble.c:804)
by 0x6577785: fragment_add_seq_check_work (reassemble.c:2027)
by 0x6577880: fragment_add_seq_next (reassemble.c:2068)
by 0x6E614E6: dissect_sccp_message (packet-sccp.c:2875)
by 0x6E63641: dissect_sccp (packet-sccp.c:3401)
by 0x6546CF7: call_dissector_through_handle (packet.c:620)
by 0x6546EA1: call_dissector_work (packet.c:706)
by 0x6547A04: dissector_try_uint_new (packet.c:1163)
by 0x6547A65: dissector_try_uint (packet.c:1189)
Change-Id: I0117b48e1e5d5688c49f264f24387dd6de1d6e08
Reviewed-on: https://code.wireshark.org/review/11541
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't have any Flex scanners that support an interactive command-line
interface, so none of our scanners are, or need to be, interactive.
Mark text2pcap's scanner as not interactive.
That means none of our scanners should call isatty(), so they don't have
any need to include <io.h> on Windows; remove that include from the
Lucent/Ascent text capture scanner.
Update a comment to reflect that what matters isn't whether we can read
from a terminal or whether we actually do so, what matters is whether
they read *interactively* from a terminal (if you want to run text2pcap
reading from the standard input and type at it, be my guest).
Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd
Reviewed-on: https://code.wireshark.org/review/11587
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by clang analyzer.
Change-Id: Idb2e80edbb5b264fd257a7b4208ff75bd543df88
Reviewed-on: https://code.wireshark.org/review/10970
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
not including the padding and auth data.
Change-Id: Ib883fcb44def8d6fbdde19729519b40b32d78577
Reviewed-on: https://code.wireshark.org/review/11563
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a regression in commit e0e574d167.
Change-Id: I447001a84e17a76ec77c48f736bbfcd8cc6324a1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11574
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This fixes a regression in commit e0e574d167.
Change-Id: Iccdeeb488ec70727fc637ca548637e5a5e54ef1c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11573
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by clang analyzer.
Change-Id: I1c5cb13e174df588c8834508b10790d3fd5b272a
Reviewed-on: https://code.wireshark.org/review/11564
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clean up indentation while we're at it.
Change-Id: If2068fe17664d78c8fc9747b0ee63bac0213d174
Reviewed-on: https://code.wireshark.org/review/11567
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "placeholders" in Profinet dissector to make that possible.
Change-Id: I000069ec72b5810c5675a30df1c121aa179000b3
Reviewed-on: https://code.wireshark.org/review/11557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is hopefully just the first step in getting DCE/RPC dissection to use "standard" APIs instead of homegrown ones.
For starters, it allows Decode As functionality to be less hacky (although incomplete in Qt)
Change-Id: Ia0923a3d8d514ab7acce32e26ee7e08f6e24feca
Reviewed-on: https://code.wireshark.org/review/11468
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This can hopefully lead to the removal of the GSS-API specific members of the packet_info structure.
Change-Id: I7622d66e9f02c6e4cb76adcf0737b35c6ec88cdd
Reviewed-on: https://code.wireshark.org/review/11509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the definitions of hashipv4_t and hashipv6_t to wiretap/wtap.h, as
that's the main place they're used. Change them a bit not to depend on
other stuff from libwireshark, and change the code as required by those
changes.
This should fix the Solaris build; apparently, the Sun^WOracle compiler
is generating code for static inline functions even if they're never
called, so that libwiretap ends up including code that calls tvbuff and
wmem functions.
There's probably further cleanup that could be done here, but this
should at least fix the build, as well as getting rid of a dependency
between two libraries that are at least somewhat independent (libwiretap
should *not* depend on libwireshark, as some programs use libwiretap but
not libwireshark, and, ultimately, we probably want it to be possible to
use libwireshark without libwiretap but that'd be more work).
Change-Id: I91c745282f17d7c8bff7809aa277eab2b3cf47c1
Reviewed-on: https://code.wireshark.org/review/11537
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
when displaying the contents of a RFC5444 message containing an address block
with a tail, the tail's value is incorrectly displayed as:
Head: <value of tail>
while it should say:
Tail: <value of tail>
This commit fixes that.
Bug: 11673
Change-Id: Ibeb921cb712f98c9651970529e5240f871b85c0b
Reviewed-on: https://code.wireshark.org/review/11538
Reviewed-by: Michael Mann <mmann78@netscape.net>
not work with multiple SIP packages in one frame.
Change-Id: Ie142aeea0c6ad28cfdd6206738a6f147094c479f
Reviewed-on: https://code.wireshark.org/review/11516
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See [MS-SWN], https://msdn.microsoft.com/en-us/library/hh536748.aspx
Change-Id: Ie92dad2c229ec08e7f7e31be9422450305b3908a
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/11366
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5fd1f82ff193cfface0b5d1e5be227dfc3e04f9a
Ping-Bug:11630
Reviewed-on: https://code.wireshark.org/review/11292
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For those crazy enough to try to decode PDUs sent in transparent mode ;)
Change-Id: Iab0a1325a6764846e23d8f04bd3147625b970638
Reviewed-on: https://code.wireshark.org/review/11498
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This callback was added by a mistake when adding support for
P3 over RTSE in commit 0a6d1f98.
Change-Id: Ifff0bed3b2a2a0fd2354f9c6b7072de3303dae27
Reviewed-on: https://code.wireshark.org/review/11500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1d3515371f50454acbcbdde75f2f1a3e614a5512
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11495
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From api ref :
warning: argument 'uint_val' of command @param is not found in the argument list of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val)
The following parameters of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val) are not documented:
parameter 'guid_val'
From -Wdocumentation
parameter 'uint_val' not found in the function declaration [-Wdocumentation]
Change-Id: I9c7b82e4ecb5a126cb96c7d6c057440eb5d24bdd
Reviewed-on: https://code.wireshark.org/review/11499
Reviewed-by: Michael Mann <mmann78@netscape.net>
we can #include <wsutils/wsgcrypt.h> without doing the check ourselves
Change-Id: I248431bdb6cfa1bd85b794ec04ce1e4fcd3a7d2d
Reviewed-on: https://code.wireshark.org/review/11483
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following parameters of register_srt_table(const int proto_id, const char *tap_listener, int max_tables, tap_packet_cb srt_packet_func, srt_init_cb init_cb, srt_param_handler_cb param_cb) are not documented:
parameter 'max_tables'
The following parameters of init_srt_table(const char *name, const char *short_name, GArray *srt_array, int num_procs, const char *proc_column_name, const char *filter_string, srt_gui_init_cb gui_callback, void *gui_data, void *table_specific_data) are not documented:
parameter 'table_specific_data'
Change-Id: I7c14a46c89c58985a5000b1760ba088d9f0da293
Reviewed-on: https://code.wireshark.org/review/11491
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following parameters of register_rtd_table(const int proto_id, const char *tap_listener, guint num_tables, guint num_timestats, const value_string *vs_type, tap_packet_cb rtd_packet_func, rtd_filter_check_cb filter_check_cb) are not documented:
parameter 'num_tables'
Change-Id: I93e9297d0755077ad619839c44d2feb7b2a0c18d
Reviewed-on: https://code.wireshark.org/review/11490
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RTPS uses NTP encoding with a BASETIME equal to 0.
Also, changed "magic" by "Magic"
Change-Id: I2512176f2018396edaa6b2a1478facd26118cb13
Reviewed-on: https://code.wireshark.org/review/11184
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add heuristic support
Better documentation
Change-Id: I236c1f4d3613aa58d608aee0e5edc40c3b158d25
Reviewed-on: https://code.wireshark.org/review/10120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ibdc7fec48cef53041c1791fb4f6decb0a4df0c89
Reviewed-on: https://code.wireshark.org/review/11458
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I30095150ea639d773b887f191e0028c765beba12
Reviewed-on: https://code.wireshark.org/review/11457
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann