implicitly by the #define name and string they were defined to; not all
UATs neatly fit into any of the categories, so some of them were put
into categories that weren't obviously correct for them, and one - the
display filter macro UAT - wasn't put into any category at all (which
caused crashes when editing them, as the GUI code that handled UAT
changes from a dialog assumed the category field was non-null).
The category was, in practice, used only to decide, in the
aforementioned GUI code, whether the packet summary pane needed to be
updated or not. It also offered no option of "don't update the packet
summary pane *and* don't redissect anything", which is what would be
appropriate for the display filter macro UAT.
Replace the category with a set of fields indicating what the UAT
affects; we currently offer "dissection", which applies to most UATs
(any UAT in libwireshark presumably affects dissection at a minimum) and
"the set of named fields that exist". Changing any UAT that affects
dissection requires a redissection; changing any UAT that affects the
set of named fields that exist requires a redissection *and* rebuilding
the packet summary pane.
Perhaps we also need "filtering", so that if you change a display filter
macro, we re-filter, in case the display is currently filtered with a
display filter that uses a macro that changed.
svn path=/trunk/; revision=43603
a fix for the SPI the src and dst IP address strings needs fixing too.
I'll look into that tomorrow if no one beats me too it.
svn path=/trunk/; revision=39621
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
- get_full_XXX functions are unused in the code
- A case statement which handles only 2 of the many enum elements
creates another warning promoted to error
- The patch removed usage of a variable but not the variable declaration
itself.
svn path=/trunk/; revision=37517
UATification of ESP
UATification of ESP SA keys. Some notes:
1. Trimmed a lot of fat removing the code that parsed (and reparsed) ESP SA
keys, since UATs can take care of all that.
2. There was no validation on the src/dest, so that was carried through (ie
there is still no validation of src/dest fields)
3. Formatting of the source was a little off, so I attempted to fix the
functions I needed to deal with. I know that's frowned upon, but the braces
were such that I couldn't tell if/else blocks to understand the code. If
somebody wanted to run an indent program on the file, that would be
appreciated.
Added some casts to make it compile on win64.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1123
svn path=/trunk/; revision=37516
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
When specifying SA keys for AES-CTR, Wireshark expects a key length of 160, 224
or 288 bits, (i.e. 128, 192 or 256 bits, followed by the 32 bit nonce value),
but gcry_cipher_setkey() in packet_ipsec.c fails, as it expects 128, 192 or 256
bits.
Omitting the nonce won't work -- even if Wireshark liked those key lengths,
gcrypt wouldn't be able to decrypt without it.
svn path=/trunk/; revision=33105
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
Errors occur which means decrypted_len - esp_iv len will render a negative value and thus
cause the problem. This patch prevents the crash. Not sure if this is a proper fix. At least it
looks like a sane check to do.
svn path=/trunk/; revision=29979
As for now, Wireshark supports only 96-bit (or 0-bit for NULL authentication)
integrity control values (ICVs) for IPsec ESP. While the autentication field is
of variable length, this may lead to situations where the whole packet is not
parsable.
To solve this, I added generic classes (not checked) for 128, 192 and 256 bit
ICVs to the ESP dissector. I also split the HMAC-SHA-256 autentication
algorithm to HMAC-SHA-256-128 (128 bit as defined in RFC 4868) and
HMAC-SHA-256-96 (from the very first draft, nevertheless unpatched Linux and
BSDs do it this way).
svn path=/trunk/; revision=29121
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
the increments a bit closer to the point of use.
(XXX - is there more than one place where we turn a sequence of hex
digits into a string? If so, we should make it a common utility.)
svn path=/trunk/; revision=25268
digits into a string of characters; use g_ascii_xdigit_value() to
convert individual hex digit characters to their hex value - and check
whether it succeeds or not, so we catch invalid hex digits! - and just
append the resulting byte value to the string.
Handle the case where compute_ascii_key() fails.
svn path=/trunk/; revision=25265
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
since source/dest/protocol/info is updated by the content of the payload it doesnt make sense to hide the actual payload inside esp/ah
it just would look confusing
svn path=/trunk/; revision=19206
Guy Harris