Fragment offset unit is 8-octet, not bytes.
Reverts regression introduced in 232cb9a2dd.
Change-Id: Id015209b45e15cd630f42ed2c3bbf342094b8ba6
Reviewed-on: https://code.wireshark.org/review/19307
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Otherwise, we get complaints when generating the value_string_ext from
it.
Change-Id: I2b4fc4c57b1f0c47706fe73187192c155593da84
Reviewed-on: https://code.wireshark.org/review/19306
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Applications can also use GSMTAP framing to convey log messages
which would traditionally be printed on stderr or on log files. This
allows the ordered/interspersed display of protocol messages with log
lines from the applications that send or received those messages.
The osmocom logging framework (part of libosmocore) implements this in
libosmocore.git Change-Id I9a7e72b8c9c6f6f2d76d1ea2332dcdee12394625
Change-Id: I0de723445e5b5ce0199a4081808111240a9ed047
Reviewed-on: https://code.wireshark.org/review/19183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
1. Generically handle/display all unparsed data. Any unparsed data can be found with cip.data
2. This now shows at least some unparsed data that was not previously displayed. Previously, extra data sent with Get Attribute List requests was not displayed. It was difficult to tell why devices were returning errors, without knowing there was extra data.
3. Make most functions return the number of bytes processed to support the above points.
Change-Id: I290c09d76e74c18facaef99c8903e7937fbdd710
Reviewed-on: https://code.wireshark.org/review/19263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I152a388db2f3b8c035c80bd06dfbb9a18f10c031
Reviewed-on: https://code.wireshark.org/review/19284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variables are removed
Change-Id: I54bb00a74255625c7ce487cfd31794fcdb9fa979
Reviewed-on: https://code.wireshark.org/review/19295
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many proto_item_append_text calls were just adding a unit string to a field.
There's a better way to do that now.
Change-Id: Id18d5ac1ea4d8ecdc4cbe7ebaec07fbd2eab6e78
Reviewed-on: https://code.wireshark.org/review/19289
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_uint_format_value had the most use of unit strings, this
patch handles all of the other proto_tree_add_xxx_format_value calls that
could be better served using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added more "common" unit string values to unit_strings.[ch]
Change-Id: I0fb680be781e10037eb7bd40dd21a9ee20c1fb1c
Reviewed-on: https://code.wireshark.org/review/19288
Reviewed-by: Michael Mann <mmann78@netscape.net>
As per glib manual, GSLists need to be NULL initialized.
Change-Id: If78904b900f6ddd7a0afaf3a1c480ec7626f2027
Reviewed-on: https://code.wireshark.org/review/19281
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those sizes are limited by the packet sizes we support, and we only
support a maximum packet size of 2^32.
This squelches some compiler warnings.
Remove some casts that this renders unnecessary.
Change-Id: Id9a7bcf8c2ce30bbed7be6c0e28deb9cf38002e0
Reviewed-on: https://code.wireshark.org/review/19279
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch modifies the homeplug-av dissector to better decode sniffer data according to the IEEE 1901-2010 standard.
The dissector now decodes MPDU variant fields correctly based on delimiter type, and decodes beacon MPDU payloads.
There are some variable-length fields it doesn't handle yet.
This patch should have no effect on how non-sniffer-data packets are decoded.
These changes are based on Andrew Margolis' pull request to faifa at https://github.com/ffainelli/faifa/pull/11
Change-Id: Ia60ac7affa99a68b38f04ab66373ac715c761328
Reviewed-on: https://code.wireshark.org/review/19156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See 8.4a.2 from 802.11ad-2012(.pdf)
Issue reported by Hany ASSASA
Ping-Bug: 13244
Change-Id: I6e22de3009b722e61b30ce2dd93596c4f51bb2fe
Reviewed-on: https://code.wireshark.org/review/19243
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3161 Appendix A. The ASN.1 elements it defines are not
officially part of any module, so just stick them into PKIXTSP.
Change-Id: I728505cb305b924465b62eb442288edea7f916a7
Reviewed-on: https://code.wireshark.org/review/19272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In some messages (observed in Oracle 12c) packet length has 4 bytes
instead of 2.
Tested with oracle12-example.pcapng from SampleCaptures wiki.
Also small datatype fix.
Change-Id: I35490ade8cf0dee6392f4fa1b51d8dc7cff85400
Reviewed-on: https://code.wireshark.org/review/19264
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added back legacy version (<= 0.9.7) support after restructuring
for dissector completeness.
Change-Id: I5355bf8faa1b9fd8ee9056254048fe5c314b6efb
Reviewed-on: https://code.wireshark.org/review/19271
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This clears up the diff between the local copy of the CMS module and
upstream, making it easier to determine what modifications were made.
Change-Id: I466cb97e6505ea8075d01663e1ede95b85468898
Reviewed-on: https://code.wireshark.org/review/19269
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Added header fields in a new subtree.
- Restructured to use fewer functions and to use offset
counting instead of offset defines.
- Removed support for legacy version 0.9.7.
- Removed unused code.
Change-Id: I9eb6c8b3b450ddb95fb0f4bdd9f9717dafa687b0
Reviewed-on: https://code.wireshark.org/review/19260
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a manual attempt at what proto_tree_add_bitmask can do anyway.
Change-Id: If551e8afa346a33b8e15dc441aae75ba0752ab46
Reviewed-on: https://code.wireshark.org/review/19257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also use proto_tree_add_item_ret_length for string handling.
Change-Id: Id1eae2e51460a3b7f4c3385b9b1fd7f12398a227
Reviewed-on: https://code.wireshark.org/review/19255
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove functionality that was replaced by a proto_tree_add_bitmask
2. Remove use of nbdgm_header structure which is just a useless placeholder
3. Remove some if (tree) over single fields.
Change-Id: I0879043685686eb5b861cf77ec38bbf25ed6044e
Reviewed-on: https://code.wireshark.org/review/19254
Reviewed-by: Michael Mann <mmann78@netscape.net>
IMG_JFIF was trying to be a macro for all display and expert info filters.
This messed with the pre-commit scripts ability to ensure protocol
filter name was being used as the prefix for display and expert info
filters. So replaced IMG_JFIF with the proper prefix - "image-jfif"
Change-Id: I1fe3dc8797529c9d17f75c511bc279824e7e69b0
Reviewed-on: https://code.wireshark.org/review/19253
Reviewed-by: Michael Mann <mmann78@netscape.net>
The file list contains semicolon-separated list of files to check.
When merging the lists we need to separate them properly.
Error:
No such file: "packet-ncp2222.cpacket-coseventcomm.c" at wireshark/tools/checkAPIs.pl line 2050.
Change-Id: I19702ab85408caf69ed922732fce74c3058be640
Reviewed-on: https://code.wireshark.org/review/19237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set all addresses before we do reassembly because sub-dissectors may set
their own addresses, and we don't want to override them again.
This fixes "Follow TCP Stream" and shows the correct IP addresses in the
Source and Destination columns when transporting IP packets.
Allocate the addresses in pinfo pool to avoid possible stack buffer overflow.
Bug: 13230
Change-Id: I3b81ccb02b38331add4773d9bb3d5e0f6dcf025e
Reviewed-on: https://code.wireshark.org/review/19201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.
Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Parameters" and
"LE Set Extended Advertising Parameters" commands parsing.
Change-Id: Ibcc9f145694e54710da3a11ade237f7132674366
Reviewed-on: https://code.wireshark.org/review/19234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissectors above infiniband (such as RPC dissector)
performs exact lookup on saddr, daddr, sport, dport. They are unaware
that underlying transport is infiniband which doesn't have src_qp in
packets. Due to which srcport remains uninitialized and exact lookup
fails.
In order to get them work seemlessly, this fix updates the sport
to src_qp (similar to destport to dest_qp). With this upper level
dissectors can perform direct lookup similar to TCP. Those which need to
access private data of unidirectional CM messages, can still continue to
perform unidirectional lookup as before.
It also fixes the issue where req_qp and resp_qp were swapped during
bidirectional conversation creation. This was caught during testing with
packet-rpc.c by Chuck Lever.
Tested protocols:
1. nfs-rdma over Infiniband with trace of Bug 13213
2. ICMP packets over Infiniband
3. NVMe fabrics over RDMA
Tested with trace of Bug 13201 for Nvme.
Bug: 13202
Bug: 13213
Change-Id: Ica1b6aae3ccaa6642dc3b3edfa9a5a4c335cc5da
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the dynamic payload type defined. If so set the dynamic
payload_type_string to that dissectors name.
This is for RTP analysis to work if there is no setup information in the
file.
Change-Id: I7ae7b957cfa9eb6013f7d32d50563e2034210af6
Reviewed-on: https://code.wireshark.org/review/19220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".
Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode. Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037. Add ENC_EBCDIC_CP037 for code page 037.
Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* kex_first_packet_follows -> first_kex_packet_follows
That's the name the spec (RFC 4253) uses.
* DH H signature -> H signature, DH host key -> host key
Neither the host key nor the H signature have much to do
with Diffie-Hellman. They're used in the same way in
every key exchange method that I know of, so their names
should be more generic.
* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
This is to make all key exchange method-specific fields follow
a consistent pattern with all names/abbrevs being prepended
by the method name.
Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All the pseudo-headers encode the endpoint as per a bEndpointAddress in
sections 9.6.6 "Endpoint" of the USB 2.0 spec and the USB 3.1 spec, with
a 4-bit endpoint number at the bottom and a 1-bit direction at the top
with 0 = OUT and 1 = IN.
Show the FreeBSD endpoint address the same way the other endpoint
addresses are shown; the FreeBSD one is shown as a 4-byte little-endian
value, but only the low-order (first) byte is used, so just show that
byte.
Call that field the "endpoint address", with the lower 4 bits being the
"endpoint number" and the uppermost bit the "endpoint direction".
Change-Id: Ic7358c7fb6b6df2502315b590eb5178cecb321d9
Reviewed-on: https://code.wireshark.org/review/19200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.
Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>