The preferences change in 2eb7b05b had a typo for the old preference name.
Change-Id: Ie4d85160050f5bea01b59a1803011b49a6c4d748
Reviewed-on: https://code.wireshark.org/review/18213
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Have the packet length be a local variable, and pass it to routines.
Yes, that means we fetch it twice - no great loss.
Change-Id: Id9f95b3d8a19bf235d6b19993165e0f73a2e5732
Reviewed-on: https://code.wireshark.org/review/18211
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It was repeatedly overwriting the first character in the buffer, rather
than appending characters.
Change-Id: Ie34d194d69ac3d685416323c93764aa401d78faa
Reviewed-on: https://code.wireshark.org/review/18209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Parse field frame counter in comm_reply
Fix PAN ID field name in comm_reply
Change-Id: I2f30437fe7eef81af982fb8388ad43341043eb64
Reviewed-on: https://code.wireshark.org/review/18200
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't set `lua_tvb` (or any of the other global variables) to NULL after a
Lua dissector is called: it's possible that the caller is also a Lua dissector
which may want/need that (global) variable to still be set (to the value it
had before the sub-dissector was called).
This fixes the problem reported in:
https://ask.wireshark.org/questions/56110/lua-error-tvbs-can-only-be-created-and-used-in-dissectors
Making these variables not be a globals (as suggested at the top of
init_wslua.c) might be a better solution--for another day.
Change-Id: I14fb8ec35b62abeda3f3471a323b88c80537a06e
Reviewed-on: https://code.wireshark.org/review/18095
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Use proper offsets when getting and presenting option values
for error reports. Limit the use of the error position
highlighting feature to 'field' only.
Bug: 12993
Change-Id: Ie9d6644203cf849dbb8efe15e87249a3aace3b5c
Reviewed-on: https://code.wireshark.org/review/18195
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Integer32 is handled slightly different from other values, but
that doesn't mean its pi_value shouldn't be saved to add to the
varbind later on.
Bug: 13013
Change-Id: I6789a75ffd3bb95b7dd68f9cb356dbd85fc669d4
Reviewed-on: https://code.wireshark.org/review/18189
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Display on hex (like spec)
Add (sub) field for protocol version and direction
Ping-Bug 12818
Change-Id: I6947f82915f54095f86cd0e2125982af42e9bbf9
Reviewed-on: https://code.wireshark.org/review/18188
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new flag and new option
Bug: 12818
Change-Id: I36a49cef407a5049f45ff3746d809a46c2520164
Reviewed-on: https://code.wireshark.org/review/17628
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always display unused/reserved field
5th argument of proto_tree_add_bitmask is ett_ value
add a display field for query flags
Ping-Bug: 12818
Change-Id: I9f906f75c5fe8328bba41e560878dafdb6b6608d
Reviewed-on: https://code.wireshark.org/review/18187
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I94ec94dbd6c81cf6a209e26c132557279d3c6ee2
Reviewed-on: https://code.wireshark.org/review/18182
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It has the same value as the DL SC-MCCH/SC-MTCH CE, so take into account direction
Change-Id: I75848f92342cfc67f2e6aee1f8bc42616e662cdc
Reviewed-on: https://code.wireshark.org/review/18183
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch adds one more Payload Information Element called 6P or sixtop
defined by the IETF 6TiSCH Working Group. Here it is shown the following
6P-sixtop information:
-The 6P-sixtop version.
-The 6P-sixtop code.
-The 6P-sixtop Scheduling Function ID.
Then, depending of the 6P-sixtop code, a specific information is shown.
The supported codes -commands- for this patch are:
-Add.
-Delete.
-Count.
-List.
-Clear.
-Return Code Success.
For more information about the 6P-sixtop protocol, go to:
https://tools.ietf.org/html/draft-ietf-6tisch-6top-protocol-02
Bug 13005
Change-Id: I46b015dd8acd1515bff4090c5b39ad3897606f67
Reviewed-on: https://code.wireshark.org/review/18151
Reviewed-by: Michael Mann <mmann78@netscape.net>
Handle Put Message Option V3
Add various new defines
Fix a typo
Bug: 13006
Change-Id: I022de9f131558bb8a0144d840a6484944f75cffe
Reviewed-on: https://code.wireshark.org/review/18121
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
and add FHOL forget value_string
Change-Id: I0473ca17fba3c277124a46309c4b7d158d1b9f72
Reviewed-on: https://code.wireshark.org/review/18173
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Add support for STRINGI
2. Add File Name attribute that is a STRINGI
3. CCO Get/Set Attr All: Connection Name is STRING2 not ASCII
4. TCP/IP Host Name attribute is not just a STRING. It also needs a pad byte.
5. Minor: Fix byte highlighting for CCO I/O Mapping tree
6. Minor: All back byte highlighting for Get Attr All Rsp individual attributes
Change-Id: Ib10d6f2e86e39e8cd6335dc6b6dbebbd1c4d8e64
Reviewed-on: https://code.wireshark.org/review/18166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
set server_version to TLS 1.3
Change-Id: Id4d3d5d21ae996f447d826e98c0cf60880e7c0ce
Reviewed-on: https://code.wireshark.org/review/18171
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Current decoding of the COPY operation gets a netloc4 instead
of a stateid from the write_response4 structure.
Change-Id: Icde8adde8613d50e7a03ee779aad4c62f6f195f4
Reviewed-on: https://code.wireshark.org/review/18169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
RAKNET_OFFLINE_MESSAGE_DATA_ID starts with 0x0, which means NULL
character. this give a string of length 0 and RakNet heuristic was
wrongly catching all UDP packets.
Let's do a memcmp instead of a strncmp.
Change-Id: I38e98838b114037bf37a218003bade88261a2dd8
Reviewed-on: https://code.wireshark.org/review/18167
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icb3e924f48b8fa00d7a39fcbdc4400ad2c4c2b89
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/18163
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-raknet.c now correctly dissects the following offline messages:
* ID_UNCONNECTED_PING
* ID_UNCONNECTED_PING_OPEN_CONNECTIONS
* ID_OPEN_CONNECTION_REQUEST_1
* ID_OPEN_CONNECTION_REPLY_1
* ID_OPEN_CONNECTION_REQUEST_2
* ID_OPEN_CONNECTION_REPLY_2
* ID_OUT_OF_BAND_INTERNAL
* ID_CONNECTION_ATTEMPT_FAILED
* ID_ALREADY_CONNECTED
* ID_NO_FREE_INCOMING_CONNECTIONS
* ID_CONNECTION_BANNED
* ID_INCOMPATIBLE_PROTOCOL_VERSION
* ID_IP_RECENTLY_CONNECTED
* ID_UNCONNECTED_PONG
packet-raknet.c now correctly dissects the following system messages:
* ID_CONNECTED_PING
* ID_CONNECTED_PONG
* ID_CONNECTION_REQUEST
* ID_CONNECTION_REQUEST_ACCEPTED
* ID_NEW_INCOMING_CONNECTION
packet-raknet.h exports the following functions:
* raknet_add_udp_dissector()
* raknet_delete_udp_dissector()
* raknet_conversation_set_dissector()
packet-raknet.c now dissects message flags, reliability, reliable message number and so on. It now reassembles fragmented packets, supports heuristics, supports dissecting combined packets, and gives up dissecting messages when they are encrypted.
packet-raknet.c now calls subdissectors with a tvbuff buffer only having a message ID and payload. It first tries to locate a subdissector based on the port, and then tries heuristic dissectors if any.
packet-mcpe.c is updated so that it uses the new raknet interface, and it now correctly dissects the following game packets:
* 0x01 Login
* 0x03 Server to Client Handshake
* 0x06 Batch
packet-mcpe.c now supports heuristics, and gives up dissecting packets in a conversation once it sees a "Server to Client Handshake" packet because everything, including packet ID, are encrypted after that.
Change-Id: I92c0b3ff0f18d22d4513bb014aeb4ea6475fb06c
Reviewed-on: https://code.wireshark.org/review/18044
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Fix bug caught by scan build (module not read)
2. Remove range preference call that should have been part of original patch.
Change-Id: I24b1fb253548bffddc4c8ebfc3ede666d8fd9dcd
Reviewed-on: https://code.wireshark.org/review/18143
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure the paths we pass to "cat" and "abi-compliance-checker
-log-path" match.
Change-Id: Ie68b445b9d92d85c0ed1eb508a78c0bcc960d061
Reviewed-on: https://code.wireshark.org/review/18156
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 12985
Change-Id: Iceacd3d122337091380d56bd7fa9875bf7cb4d47
Reviewed-on: https://code.wireshark.org/review/18134
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If18d4797a8ace9f93546cac0d2d6f09bf7086cc3
Reviewed-on: https://code.wireshark.org/review/18145
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12998
Change-Id: I3e9739dd9863e615c2ca0fc91f043c8562e4203e
Reviewed-on: https://code.wireshark.org/review/18142
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 12906
Change-Id: I0dafdd74b21b27189d0a532c679e449c536f76f0
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17725
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Combine various Attribute ID filters into a single one "cip.attribute", so that it's easier to find a certain attribute in any part of the packet. This makes sense because Attributes refer to the same property, but various types of messages can have that field in different locations. This applies to Get/Set Attribute Single, Get/Set Attribute List, Get Attributes All.
2. Connection Manager: Dissect more attributes
3. Port: Display the Port Type name
4. Get/Set Attribute Single: Show unparsed data as raw bytes. Previously, if there were extra bytes they were not displayed.
5. Get/Set Attribute List: Show remaining data for unknown attributes under the main Attribute List tree, instead of under the unknown Attribute ID tree.
6. Display Attribute ID as DEC, since the specification tables are in decimal.
7. Update Class list
8. Minor: Remove some unused variables, typos
Change-Id: I1a65da5f827484a3cd0e49ec944572ea5a166db1
Reviewed-on: https://code.wireshark.org/review/18118
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12967
Change-Id: Ic7a52d4ee5dea896044c1c97b7b48f13e21f2762
Reviewed-on: https://code.wireshark.org/review/18135
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In tshark the UTF8 arrow overlaps the ports.
When pcap file has more than 999 packets the output is
no more aligned.
Bug: 12502
Change-Id: I07f90bbc0d2f065458bc07b7fde8f6a651951b60
Reviewed-on: https://code.wireshark.org/review/18109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Change-Id: I75c0165948325c2e50918706d8a821411761727b
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17734
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add also special case on hello key_share extension
Ping-Bug: 12779
Change-Id: Ib8e2dd060f322c2404a8afa9b8cb70de7c2c65b7
Reviewed-on: https://code.wireshark.org/review/18093
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The preferences subsystem knows/stores the default values for all preferences;
maybe we should use that to show the default values for all preferences.
Change-Id: I562ce9f129c8dfd8378aeb425f70f21b4cf59230
Reviewed-on: https://code.wireshark.org/review/18094
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add Connection ID to tree
2. Remove unused defines
3. Fix Typo
Change-Id: I25b76057d5c482c73f22e45cc38d5dceb68feca6
Reviewed-on: https://code.wireshark.org/review/18099
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP Safety: Exception Detail Alarm and Exception Detail Warning both were not parsing their 3 parts because the offset was not increased. Fixed the offsets and combined the functions because they have the same format.
2. CIP: Forward Open Safety Response had wrong offsets so it was parsing incorrectly. This incorrectly showed as Malformed.
3. CIP Safety: Pass in tvb to proto_tree_add_subtree() instead of NULL. This was causing a Dissector bug (seems only on trunk, not 2.2). This was already done for packet-cip.c under https://code.wireshark.org/review/#/c/16748/
4. Some minor typos
Change-Id: I63e8d200cd3408c16ca0a1edbc483c3bb8298d3b
Reviewed-on: https://code.wireshark.org/review/18100
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I667c00a8093896984dbf75fa20bec86304706886
Reviewed-on: https://code.wireshark.org/review/18101
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12984
Change-Id: Ie7d74a99807cfc77b0c444d79e21b64e1612ac90
Reviewed-on: https://code.wireshark.org/review/18088
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12982
Change-Id: Iaf816247d49b2f869dc19f64cb0a24247fb38169
Reviewed-on: https://code.wireshark.org/review/18087
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Both 29.060 and 29.274 reference to 24.008 for TFT filter.
Remove redundant part and switch to common TFT encoder.
Second reason: decode_gtp_tft didn't encoder all correct,
missed direction and filter index.
Change-Id: I9691dcb5a9d151f181a3531145ac339fcc7ba245
Reviewed-on: https://code.wireshark.org/review/18082
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Derive the dissection functions from
dissect_ike_attribute() and dissect_ipsec_attribute():
* Add dedicated header fields.
* Remove attribute types not applicable in Responder Lifetime context.
Clean up the field name "isakmp.ipsec.attr.type".
Bug: 12963
Change-Id: I486380836d915255812098be2190bcc77ec13c00
Reviewed-on: https://code.wireshark.org/review/17970
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_malloc() may abort(3) the program when the comprlen is insanely large so use tvb_memdup() instead.
Change-Id: I23fbdc2362900030c41da1c297ab0c787de7c5ca
Reviewed-on: https://code.wireshark.org/review/18043
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I077c21eb213435e7ed0e9ac0b9a8f95aa9dd6f3d
Reviewed-on: https://code.wireshark.org/review/18075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7846dd04c45d0398ded8345b6a2794d6f851cb64
Ping-Bug: 12979
Reviewed-on: https://code.wireshark.org/review/18065
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic9923d93d74a40da2a4009f8b27d8a5ae9803833
Reviewed-on: https://code.wireshark.org/review/18064
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As an FT_NONE field, you can't filter/use the message it contains.
Bug: 12960
Change-Id: Icaa9a260195711f1bd90f5ed14797c0d0c46de9c
Reviewed-on: https://code.wireshark.org/review/18063
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure temp_dfilter is initialized so that we don't end up freeing
invalid memory.
Change-Id: Id31969573690574846422b67c950188fd6ee4ef3
Reviewed-on: https://code.wireshark.org/review/18066
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The PT_TXTMOD_HEXBYTES comment was misleading, edit it to reflect the
actual implementation in GTK+/Qt.
Change-Id: I1506ad9189296dcc09cc20eafb0d65eaf291d79f
Reviewed-on: https://code.wireshark.org/review/18058
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The retured-content is defined as IMPLICIT Content (octet string),
so ensure we handle this correctly.
Bug: 12976
Change-Id: I4bcce67cea97142bf3312e1a5c2aeb169c7a69d2
Reviewed-on: https://code.wireshark.org/review/18054
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Move the modification of the content item (which adds the length)
inside the check for a valid tvb to avoid calling tvb_reported_length()
with a NULL parameter.
Bug: 12976
Change-Id: I54368584b7c00f7a2937eaec772533ae73d98f80
Reviewed-on: https://code.wireshark.org/review/18050
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
In ColoringRulesDialog:
Only check a rule's display filter if that rule is enabled. This keeps
us from disabling the OK button when we shouldn't.
Adjust the "Your coloring rules file contains unknown rules" dialog text
and buttons for accuracy.
In color_filters.c:
Don't try to compile disabled filters in color_filters_apply. Don't warn
about disabled and invalid filters in read_filters_file.
Bug: 12814
Change-Id: I7143bf8e7a6162d296f1e93769344b69763195c8
Reviewed-on: https://code.wireshark.org/review/17823
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I947dc83e3b1b853873b5158f234e44ef933c3bcc
Reviewed-on: https://code.wireshark.org/review/17982
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ia8d4d74a7f0f5795790f930fc1e894a7ee202da7 didn't have proper bit comparison.
Change-Id: I5b7e431745aff7ca895b6b83500bd7e8f1039fde
Reviewed-on: https://code.wireshark.org/review/18038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Support collection values
- Support out-of-band values
- Support unknown values
- Support detail for octetString/collection values
- Support symbolic enum keywords for member attributes
- Update detail format to be more compact, normalize format to match IPP
syntax descriptions
Change-Id: I76295221901fa88250a2e9ef099eca2c53b20132
Reviewed-on: https://code.wireshark.org/review/17693
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also get rid of two global variables
Change-Id: I8c20decb76f5c1773f58efd24d2e1e7d1177d358
Reviewed-on: https://code.wireshark.org/review/18029
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Lua 5.2.4 built with -DLUA_USE_APICHECK detected a stack issue:
tshark: lapi.c:175: lua_settop: Assertion `(-(idx+1) <= (L->top - (func + 1))) && "invalid new top"' failed.
Function File_read always assumes that File_read_line pushes a value on
the stack (which clearly did not happen). On read failure, it would then
pop the stack (tripping the assertion) to push nil.
The other user (File_lines) is also affected by this change, but the Lua
5.2.4 documentation says that it should also return nil on EOF, fitting
this implementation.
Change-Id: I9cc8a5319523b2b56f4ae4735bbdbc1196387386
Reviewed-on: https://code.wireshark.org/review/18016
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I874314ac736ad94bfaf15665ee7b030382e9bdf3
Reviewed-on: https://code.wireshark.org/review/18015
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This changes the underlying model of the main interface tree.
Because of that, we can resort to a view/model approach, enlisting
the global interfaces list as only data source.
The interface list works identical to the old list, but allows
for filtering of the displayed interfaces by type. Only types, which
are present and whose interfaces are not hidden, are being displayed
for selection.
Change-Id: If8475b227daa026dc0ad3d25bc7fe050d5bf2ac3
Reviewed-on: https://code.wireshark.org/review/17940
Reviewed-by: Roland Knall <rknall@gmail.com>
Add expert info when conversion fails.
Change-Id: Ic13cb90abddd08218a957cd771bd5a4fab5a413e
Reviewed-on: https://code.wireshark.org/review/17839
Reviewed-by: Michael Mann <mmann78@netscape.net>
This should make drag-and-drop support (reordering) in Qt easier. It
also ensures that memcpy is used as fallback if copy_cb does not exist.
Change-Id: Iefe358890c49dcda4727054f7a2cee05614a36f6
Reviewed-on: https://code.wireshark.org/review/17992
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
for avoid conflit with heimdal lib
Bug:12831
Change-Id: Ic244b6b8dc4f68a0f782b88984ad7857ceb02e25
Reviewed-on: https://code.wireshark.org/review/17989
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and for heimdal lib add the value
Bug:12831
Change-Id: Ibf04560867acfe2a430034248ce2a386ea89b668
Reviewed-on: https://code.wireshark.org/review/17988
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP: dissect_cip_set_attribute_list_req - Too many bytes highlighted. Could cause malformed packet
2. CIP: dissect_cip_cco_all_attribute_common - Too many bytes highlighted
3. CIP Motion: dissect_cntr_service - Wrong size passed in which tried to highlight too many bytes. Would cause malformed packet.
4. CIP: Some minor formatting/whitespace changes.
Change-Id: I5899888a3e58452945c8546cf635768cdd3cf738
Reviewed-on: https://code.wireshark.org/review/18000
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The libjsmn was imported into the tree and enhanced with a new
function. This change splits it into the "original" libjsmn and
an addictional module wsjsmn that contains the new function.
This will make easier to port within the tree future versions
of the library.
Change-Id: I3f1caa91bee462e0767e5e18d0b6a10f0b1cad32
Reviewed-on: https://code.wireshark.org/review/17963
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Instead of checking for the boolean "FALSE", just set an empty string.
This avoids the need to check for WERROR_COMMON_FLAGS before using it.
The transformation is the same for all files, remove
"if (WERROR_COMMON_FLAGS)" and "endif()", reindent and add quotes (since
we have a string here and not a list).
Modelines have been added where missing.
Change-Id: I0ab05ae507c51fa77336d49a99a226399cc81b92
Reviewed-on: https://code.wireshark.org/review/17997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Fix the warning:
packet-kismet.c: In function 'dissect_kismet':
packet-kismet.c:242:58: error: passing argument 3 of 'ws_strtou64' from incompatible pointer type [-Werror]
if (ws_strtou64(format_text(line, tokenlen), NULL, &t.secs)) {
^
In file included from packet-kismet.c:34:0:
../../wsutil/strtoi.h:49:24: note: expected 'guint64 *' but argument is of type 'time_t *'
WS_DLL_PUBLIC gboolean ws_strtou64(const gchar* str, const gchar** endptr, guint64* cint);
Change-Id: Ifd31de22db22f39f78359cc9432eb7da187f73a6
Reviewed-on: https://code.wireshark.org/review/17990
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The Osmux protocol bundles multiple AMR frames inside one UDP packet to avoid
the overhead of having one IP/UDP/RTP packet per AMR frame. It is used by the
osmocom project.
Sponsored-by: On-Waves ehf
Change-Id: I8fb21e54adec8d8bd7ac5ebd2154100a73ab71c9
Reviewed-on: https://code.wireshark.org/review/16996
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Column information of LLDP frames should be updated according to PROFINET
requirements without changing the default behavior of column information.
Therefore, a new protocol setting is added.
This setting is used to display PROFINET specialized column information:
Edit-> Preferences -> Protocols -> Select LLDP
Bug: 12937
Change-Id: I48b78d0a3f6b3425f6f9c1d4be20dc24b143346d
Reviewed-on: https://code.wireshark.org/review/17081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add also an expert info when the time is invalid.
Change-Id: I8b3639aade41574cf1bda38f3ae1d02b09d0711c
Reviewed-on: https://code.wireshark.org/review/17678
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Bug: 12942
Change-Id: I69ab22caa9938167db421ca2f0346ca086280823
Reviewed-on: https://code.wireshark.org/review/17890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The next sequence number is off by one when there is TCP payload
in a SYN or FIN packet (e.g. when using TCP FastOpen).
Bug: 12579
Bug: 12838
Change-Id: Idb68cea4b4dcba39461019c08db09367cbfc6d68
Reviewed-on: https://code.wireshark.org/review/16239
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icbadcc83b5fedea4373d4c65a11700d73b3dc32e
Reviewed-on: https://code.wireshark.org/review/17972
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Updated PCEP-ERROR Object Error Types and Values base on Path Computation Element Protocol (PCEP) Numbers 2016-08-09 version
Change-Id: Ife0b49119a2b634279e33ab8f699a5dc57ecb34b
Reviewed-on: https://code.wireshark.org/review/17957
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new taps.
Change-Id: Ida5ad2375c95664ee1b911d265cb69672db2be2d
Reviewed-on: https://code.wireshark.org/review/17964
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apply mask and bit shift on the returned value.
Change-Id: I00aebc854756f01a25199a259d6d5252abea4349
Reviewed-on: https://code.wireshark.org/review/17958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If ssl_association_add is passed a NULL app_handle argument, it will
trigger DISSECTOR_ASSERT which fails due to the bad wmem scope
(wmem_packet_scope). Arguably DISSECTOR_ASSERT should not be used there,
but its alternative is g_warning/g_assert are not much different...
Fix the crash (assertion failure) by checking that the UAT-supplied
protocol is really valid. Normally the post_update_cb should not be
invoked if any of the fields are invalid, but that requires larger
changes in the Qt UAT dialog code.
Change-Id: Ie245213b650b1de9640db8dadd08f3ed2bff335f
Reviewed-on: https://code.wireshark.org/review/17906
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added display Object-Type number in string.
Change-Id: Icbb44aae2379f308f49bef7355e8c8c901889c15
Reviewed-on: https://code.wireshark.org/review/17910
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename identifiers and change item labels to reflect their purpose:
* ISAKMP Phase 1 = IKE
* ISAKMP Phase 2 = IPsec
* IKEv2 Attribute = Transform Attribute
Remove "transform" and "type" where they do not apply.
External users of isakmp.tf.* field names, such as display filters,
have to be updated after this commit to use isakmp.ipsec.* instead.
old new
--------------------------------------------------------------------
dissect_transform_attribute() dissect_ipsec_attribute()
dissect_transform_ike_attribute() dissect_ike_attribute()
ISAKMP_ IPSEC_
hf_isakmp_tf_attr hf_isakmp_ipsec_attr
isakmp.tf. isakmp.ipsec.
transform_ike_attr_type ike_attr_type
transform_isakmp_attr_type ipsec_attr_type
transform_attr_sa_life_type attr_life_type
transform_dh_group_type dh_group
transform_attr_encap_type ipsec_attr_encap_mode
transform_attr_auth_type ipsec_attr_auth_algo
transform_attr_ecn_type ipsec_attr_ecn_tunnel
transform_attr_ext_seq_nbr_type ipsec_attr_ext_seq_nbr
transform_attr_addr_preservation_type ipsec_attr_addr_preservation
transform_attr_sa_direction_type ipsec_attr_sa_direction
transform_attr_enc_type ike_attr_enc_algo
transform_attr_hash_type ike_attr_hash_algo
transform_attr_authmeth_type ike_attr_authmeth
transform_attr_grp_type ike_attr_grp_type
Type Payload Payload
Transform IKE Attribute Type IKE Attribute
Transform Attribute Type IPsec Attribute
Transform IKE2 Attribute Type Transform Attribute
Config Attribute Type Config Attribute
ISAKMP (v1) IKEv1
ISAKMP (v2) IKEv2
--------------------------------------------------------------------
Change-Id: Ib02a0bad100f932a290cae35ea4bd75b191f797b
Reviewed-on: https://code.wireshark.org/review/17914
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the different classes of generated dissectors, have
CLEAN_xxx_DISSECTOR_SRC with the ones that compile without warnings,
DIRTY_xxx_DISSECTOR_SRC for the ones that get warnings, and
xxx_DISSECTOR_SRC which is the combination of the two.
Add a new NCP2222_DISSECTOR_SRC for the packet-ncp2222.c dissector
generated by tools/ncp2222.py. Add a new source group for it.
Move register.c to DISSECTOR_SUPPORT_SRC. Get rid of
DISSECTOR_GENERATED_FILES; it's kind of a "none of the above" category,
and we now have an "above" for all files.
Include NCP2222_DISSECTOR_SRC in DISSECTOR_FILES.
Add an ALL_DISSECTOR_SRC that includes DISSECTOR_FILES and
CORBA_IDL_DISSECTOR_SRC (why are those kept separate?). Use it for the
list of files we use to generate register.c.
Add NCP2222_DISSECTOR_SRC to CLEAN_FILES.
(Hopefully this makes it less likely that we'll forget to use -Werror
for clean dissector files or forget to use them to generate register.c.)
Change-Id: Ib9a7d10e1b9045516ef1f014046c6ff777c42be2
Reviewed-on: https://code.wireshark.org/review/17944
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise a lot of ncp fields are missing.
Bug: 12945
Fixes: v2.1.0rc0-2918-g2e23b50 ("Add checkAPI calls to CMake.")
Change-Id: Ic46dc12c9a98b38d78ef988c0ce71f38e3163549
Reviewed-on: https://code.wireshark.org/review/17941
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 12891
Change-Id: I70ed7f8a08122c559128b8df4d65e03be8201e1a
Reviewed-on: https://code.wireshark.org/review/17683
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Palúch <Peter.Paluch@fri.uniza.sk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The BT spec does not specify a bitmask for Subversion Number.
Change-Id: If6f384badc4228ea1e1c30ec8156f382ca5959e0
Reviewed-on: https://code.wireshark.org/review/17936
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The NCP dissector relies on those filters being compiled, and we end up
doing a g_assert() anyway; use g_error() to make sure the error gets
printed.
Change-Id: Ibc20407c1c08f0baaa626f269e9552ae11b36083
Ping-Bug: 12945
Reviewed-on: https://code.wireshark.org/review/17921
Reviewed-by: Guy Harris <guy@alum.mit.edu>
conversion from 'size_t' to 'guint', possible loss of data"
Change-Id: I63ddf1384acdebc176a052489891d55d7a1b21ce
Reviewed-on: https://code.wireshark.org/review/17920
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia8d4d74a7f0f5795790f930fc1e894a7ee202da7
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17550
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixed short command 0 short address,
command 0 that has less bytes,
command 9 byte count,
command 48 parse first 6 bytes instead of 5 and
the command may has less bytes, pass correct byte count into the
dissect_parse_hart_cmds() function.
Added support HART published and NAK message types and more HART commands.
Bug: 12817
Change-Id: I4a9e7f9b342346ff4ecdcd06a73238c1a08d00fc
Reviewed-on: https://code.wireshark.org/review/17325
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info for failed conversion.
Change-Id: I03d5e2db791f81d43384bb047c268d07709a6099
Reviewed-on: https://code.wireshark.org/review/17863
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The C/D control flag was integrated in the subtype field of 1722 after
draft 6. These changes are now added to the 1722-1 and MAAP protocol.
Change-Id: I19b2e8237fb87d42ec7bcb6f9f53e8cc8605731d
Reviewed-on: https://code.wireshark.org/review/17664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "name_length >= alpn_proto->proto_name_len" condition always failed
to match for short names (like "h2" where the reported length is 2, but
the proto_name_len would be 3).
This fixes recognition of HTTP/2 traffic, without this patch it would be
interpreted as http-over-tls as reported on
https://ask.wireshark.org/questions/55720/how-to-install-http2-dissector-plugin
Change-Id: Idc3eae0b6d593c8f3c435230ef76da90a4b1e7fc
Reviewed-on: https://code.wireshark.org/review/17907
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A dissector bug was reported:
epan/dissectors/packet-ssl-utils.c:1615: failed assertion "data"
and fair enough, the MAC Key is indeed NULL because of our special
handling for NULL ciphers. Just ignore the MAC key then.
Change-Id: I12d2be5e84520badb44a99fc965c48c3afa89346
Fixes: v2.3.0rc0-697-gb1d36fe ("ssl-utils: remove block and key sizes from cipher suites table")
Reviewed-on: https://code.wireshark.org/review/17903
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Added capability to expand Private Enterprise Number to string.
Change-Id: Id3df604a47c3067febb878caf89087aa00ecf038
Reviewed-on: https://code.wireshark.org/review/17770
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
and also move on the top and not too far from ssl_version_short value_string
Change-Id: I9012d0d0839fd29da500a7f37a83ecc982f0fb5b
Reviewed-on: https://code.wireshark.org/review/17887
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
EAP identities can be of different kind. This change adds a sort
of heuristic that dissects the wlan identity in the form of
<imsi>@wlan.mnc<mnc>.mcc<mcc>.3gppnetwork.org. A general purpose
dissection function, acting as a proxy, has been created to make
room for other specific dissections.
Bug: 12921
Change-Id: Ic48aee004fa7df5ee4dbeca091ed31616d155890
Reviewed-on: https://code.wireshark.org/review/17796
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As all this information belongs together I'm moving it into a subtree.
Change-Id: I839a5a6294360976a78b4b43f219e30381b4f516
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17878
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d7ebc6dd46e0d6494d412653ec423b8c0fde9c8
Reviewed-on: https://code.wireshark.org/review/17203
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2a9806026413c5971e5ecad17cd80787130cb9ed
Reviewed-on: https://code.wireshark.org/review/17803
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some sub protocols do not register fields
Follow-up of gf4a521e
Change-Id: Iec3165d6204cc6acc0ec31a7266f860012463cd0
Reviewed-on: https://code.wireshark.org/review/17868
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
to allocate the arry to hold them. This should be more efficient.
Change-Id: I84b1095b6eb110fdcc1b2630949c76b51f3a47b6
Reviewed-on: https://code.wireshark.org/review/17866
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto = -1
Change-Id: I60f899ad748b5d3e17f237552af7d2dbc8f27bd2
Reviewed-on: https://code.wireshark.org/review/17864
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These APIs can insert or remove a single value into a range structure.
Adding a value may extend an existing range or create a new one.
Removing a value may remove a range item.
Change-Id: Ia6995ecf7760aca1fb7fd9b4c53972298a57675f
Reviewed-on: https://code.wireshark.org/review/17836
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug:12928
Change-Id: Id3f9e41a62a90e36f19e1d55226826e7f9ffa3f4
Reviewed-on: https://code.wireshark.org/review/17855
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
commit b5aa0ff1a4
nfs: Add NFSv4.2 ops OFFLOAD_CANCEL and OFFLOAD_STATUS
As coded, the reply of the OFFLOAD_STATUS decodes a stateid.
However, in the spec, the reply is count and an array of
statuses. I propose the following fix to match the spec
for the OFFLOAD_STATUS.
Change-Id: Ibaddba96446b8d9b520ca977f0b1ed66749d3388
Reviewed-on: https://code.wireshark.org/review/17805
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The "Checksum incorrect" note in COL_INFO was inadvertently
broken in gad6fc87d6.
Change-Id: I064c3c79aa3e1ae72d3a8167538e709d0b5fe94a
Reviewed-on: https://code.wireshark.org/review/17842
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
also remove padding function (don't needed)
Bug: 12922
Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
Reviewed-on: https://code.wireshark.org/review/17825
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise a string shorter than 7 characters will trigger an out of bounds access
Bug: 12825
Change-Id: I54a7909d74838dcb56583374e5753f877ff74fe2
Reviewed-on: https://code.wireshark.org/review/17826
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: I758ff81bdfcb9c18810baad12554d7f7f0e7705f
Reviewed-on: https://code.wireshark.org/review/17707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always give the netlink data struct to dissect_netlink_attributes() so
we can extract which endianness we should use. This fixes the netlink
dissector on big endian.
Change-Id: Ia485a29035c947908c29a9e30d0aba8d4fc94093
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no field which indicates which endianness is used for netlink
data, try to guess it by checking if the length in little or big endian
fits better.
Change-Id: I02884763931f3f3589b7ac5bff2781797c1d0f87
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17635
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I35db77ee05c3c873577b4f40c41f283e5666a4e2
Reviewed-on: https://code.wireshark.org/review/17701
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28325d655ccd5d363aac89e49e5333b3d75f68a2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17810
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ieeb9de0f54a22afc3adcd52d8af2c45e8b82b0ab
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17808
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I951a317da795c94ac6518be73cb2c836e7afb836
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17807
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not found in any specification, but it appears to be implemented by
kubernetes (using "SPDY/3.1" value).
Ping-Bug: 12874
Change-Id: I9fc7ad2f657a739b415f6801fe0f43f6ef75ca70
Reviewed-on: https://code.wireshark.org/review/17786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
as defined in RFC6925
Bug: 12907
Change-Id: I546d243f4b188025d8c96a1eaa0798b70a847a25
Reviewed-on: https://code.wireshark.org/review/17775
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add decoding of the upcall->flags value. This mask currently used do
give hints about the cache-invalidation structures.
Change-Id: I4a3ab03bec6e2a2c9f8c7bbf17babb2bc93c9d7b
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Equalize attribute dissecting functions:
* Convert all attribute type names to range_string.
Add "Unassigned" and "Private use" ranges while we are at it.
* Swap the order of format and type fields for config attributes.
Move common code into the new function dissect_attribute_header().
Try to keep the parameter list short:
* Group the hfindex values for attribute details into a struct.
* Merge attribute subtree types.
Add a colon in the main attribute item label for visual separation.
Skip dissection of config attributes for unknown IKE versions.
Change-Id: I6e6286f3d4cf16f3cd16a23aca540c4af72f3442
Reviewed-on: https://code.wireshark.org/review/17663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In one of the two cases where we treat the first byte of an identity as
a prefix, we know it's EAP-AKA. (In the other, we do *not* know that!)
Change-Id: I16625f7193eb3ab0840739ec37dbd64e2a5a0fb5
Reviewed-on: https://code.wireshark.org/review/17767
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no guarantee that the identity is a string whose first character
is a prefix indicating the type of identity; only display it as a prefix
if it's one of the known types. We really may need some other mechanism
to determine how to parse the identity, perhaps based on what the
protocol layers below it are.
Put back the display of the full string in one case where that was
inadvertently removed.
Change-Id: I2e3324f964fa25ebd7065ddb0de82ffae6597509
Reviewed-on: https://code.wireshark.org/review/17764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This used to be string item, its value was not 0-terminated. This
resulted in out-of-bounds mem acceess when eap_identity_prefix was used
by proto_tree_add_string_format().
==14744== Conditional jump or move depends on uninitialised value(s)
==14744== at 0x4C294F8: strlen (mc_replace_strmem.c:390)
==14744== by 0xC19C97F: g_strdup (gstrfuncs.c:355)
==14744== by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
==14744== by 0x67136A9: proto_tree_add_string (proto.c:3515)
==14744== by 0x6713870: proto_tree_add_string_format (proto.c:3547)
==14744== by 0x69BB494: dissect_eap (packet-eap.c:838)
==14744== by 0x66FD0B4: call_dissector_work (packet.c:649)
As the content is a number anyway, the simplest solution is to make
eap_identity_prefix a numeric item and use
proto_tree_add_uint_format_value().
Bug: 12913
Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
Reviewed-on: https://code.wireshark.org/review/17760
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those are the only ones meaningful. Let's convert the buggy dissectors
and add an assert to avoid the misuse of the pool parameter in the future
Change-Id: I65f470b757f163f11a25cd352ffe168d1f8a86d3
Reviewed-on: https://code.wireshark.org/review/17748
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
with TLS 1.3, there is a new 'Hello' type (Hello Retry Request)
Change-Id: If7a11b70a5b0a69044126c50e1d6ab4e1d443f77
Reviewed-on: https://code.wireshark.org/review/17573
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no session_id and compression method with TLS 1.3 Server Hello
Also no time on first bytes of random field
Bug: 12779
Change-Id: Id79221c2ad50695cf6d46cd5c9255deab99e2d2c
Reviewed-on: https://code.wireshark.org/review/17225
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There are a number of dissectors who are subdissectors of TPKT (and OSITP) that are
not called by TCP dissector directly, yet can possibly register a TCP port "on the
behalf" of TPKT. Just allow TPKT to support a range of ports to possibly include
these protocols.
Remove the preferences from these dissectors, but add backwards compatibility for
the preferences by hooking into set_prefs and have the preferences just hook into
Decode As functionality directly.
Change-Id: Ic1b4959d39607f2b6b20fa6508da8d87d04cf098
Reviewed-on: https://code.wireshark.org/review/17476
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The unsigned variable num_blocks was initialized to -1. Which caused the
dissector to set the total length to 4294967295 fragments when the second
fragment was processed. This made the dissector unable to reassemble data
made of more than two fragments.
Change-Id: I120af090ed29ac73a1fa699bea2bfc91798ef92b
Reviewed-on: https://code.wireshark.org/review/17712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gcry_cipher_get_algo_keylen() returns a size_t, which is bigger than a
guint on most if not all 64-bit platforms; however, if the key is bigger
than 2^32 bytes, we have bigger problems, so just cast it down.
Change-Id: Ia7c97d2742686daf2e42f634c6e349cb580fa9df
Reviewed-on: https://code.wireshark.org/review/17731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ensure that Libgcrypt and zlib memory are freed when closing a pcap.
Change-Id: I420f9950911d95d59ff046fee57900ca6f7e9621
Reviewed-on: https://code.wireshark.org/review/17718
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There was an implicit dependency between the block size in the cipher
suites table and the size expected by Libgcrypt. Just remove the block
size from the table and rely on the value from Libgcrypt to avoid the
risk of mismatching values (which could lead to a buffer overflow).
While at it, remove the size of the key ("bits") and the size of key
material ("eff_bits") too. Move the key material sizes for export
ciphers away from the table and use byte quantities instead of bits.
Additionally, this fixes an issue where 8 bytes of uninitialized stack
memory is written to the SSL debug log for stream ciphers like RC4.
The size of the Write Key is also corrected for export ciphers, now it
prints the actual (restricted) number of bytes that are used.
Change-Id: I71d3c83ece0f02b2e11e45455dc08c41740836be
Reviewed-on: https://code.wireshark.org/review/17714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ssl_cipher_init should only set the IV for CBC cipher suites. NULL
cipher suites will not invoke gcry_cipher_setiv and AEAD ciphers will
set the nonce in a different place anyway.
Fixes a buffer overrun (read) by 12 bytes for any AES-CCM and AES-GCM
cipher suite because the "block size" is set to 4 bytes while the
reported block size for AES is 16 bytes (128 bit). (The four bytes are
the "salt" part of the nonce that is extracted from the "client/server
write IV" part of the key block.)
Observed with the DTLS packet capture from
https://ask.wireshark.org/questions/55487/decrypt-application-data-pending-dtls-abbreviated-handshake-using-psk
Change-Id: I4cc7216f2d77cbd1eac9a40dca3fdfde7e7b3680
Reviewed-on: https://code.wireshark.org/review/17713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To do so, memorize whether a given eNB UE S1AP ID belongs to a NB-IoT
TAI or not.
Also add a preference allowing to force dissection as legacy LTE or
NB-IoT if automatic mode fails.
While we are at it, let's remove the global variables and introduce
a S1AP private data info stored in pinfo.
Change-Id: I7e30b3d59d909684e5cfe13510293ed38ad52574
Reviewed-on: https://code.wireshark.org/review/17709
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use new heuristics based on the EAP Code field to determine whether a
field originates from the client or server. This is more reliable than
using "pinfo->match_uint" for two reasons: (1) the heuristics dissector
does not set "match_uint" (resulting in an arbitrary match on the
previous value) and (2) with EAP over EAPOL, there is no matching port
number (resulting in two conversations with different addresses and port
number zero).
To fix TLS decryption, make sure to create a single conversation for
both direction and allow the port type to be PT_NONE (to avoid reporting
all packets as originating from the server).
Bug: 12879
Change-Id: I7b4267a27ffcf68bf9d3f6a90d6e6e2093733f51
Reviewed-on: https://code.wireshark.org/review/17703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change prevents to accept netmasks as /24x. The
mask must be an clean integer.
Change-Id: I46aeb089dd6538b5cc4bde7efd4dc317621a5245
Reviewed-on: https://code.wireshark.org/review/17612
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change based on BlueZ code on the same license that Wireshark is.
It seems that a lot of commands/events are incomplete or unknown,
however better to have them.
Also rename variables (etc.) of the first dissector to contain
vendor name like new one, to distinguish them.
Change-Id: I2db3ed73d477699032a44bac2d3c88a9230b0095
Reviewed-on: https://code.wireshark.org/review/17657
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The structured id handling is not in use by anyone.
Change-Id: I643fb03f642a5c1900aaec7d41e2b66dba5a2b05
Reviewed-on: https://code.wireshark.org/review/17655
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
length of the PDU is not known(length is exluding escape bytes).
Change-Id: I762419f12ca80f6597163e232c4b853819927b65
Reviewed-on: https://code.wireshark.org/review/17302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>