(Why does a call to proto_tree_add_item_ret_uint(), passing a a pointer
to a gint32, rather than a guint32, as the last argument, not cause a
compiler error?)
Change-Id: Id1a0dfb62694bfe5147f53938bf1c9c8972efb70
Reviewed-on: https://code.wireshark.org/review/33234
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can, and, in at least one capture, it does.
Change-Id: Id3540e6551db5d63427f09c6ccc521958ecccac6
Reviewed-on: https://code.wireshark.org/review/33231
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the local one *only* while we're trying to determine whether we have
a pcapng file or not; once we know we have a pcapng file, and have
allocated a pcapng_t and attached it to the wtap structure, pass *that*
one to pcapng_read_block(), so if it changes anything in the pcapng_t,
it changes the one we're using.
Change-Id: I53b32595276be97957a0b6056171471878fa40c4
Reviewed-on: https://code.wireshark.org/review/33226
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Embed the git commit hash as well as the tag information for tarballs
produced by 'git archive' (this includes the Github tarball). Example:
TShark (Wireshark) 3.0.1 (Git commit ea351cd80516)
Note that the embedded git ref names can include branch information, see
for example `git log -n1 -s --format=%D v3.0.1`:
tag: wireshark-3.0.1, tag: v3.0.1
HEAD -> bug/15544, tag: v99.99
HEAD, origin/master, origin/HEAD, master
Thus, when creating release tarballs, I would recommend using the above
command to see whether unnecessary branch information is present. If so,
create a new post-release commit first on the same branch. This way, the
release tarballs should be reproducible.
While at it, increase the commit abbreviation length from 8 to 12.
Currently git describe abbreviates to 10 by default. The default length
is at minimum 7 and is dependent on the number of objects:
git count-objects -v | perl -lne 'print int(log($1)/log(2)/2)+1 if /^in-pack: (\d+)/'
Bug: 15544
Change-Id: Ifd1ed636b69f7687a7272775686f51387040a596
Reviewed-on: https://code.wireshark.org/review/33214
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add NCP 98
Fix NDSrequestprotocolflags not being captured on request so that reply
would offset correctly with CRC flag.
Change-Id: Ie45a1017326dd38393baf3f005f3ec9195438565
Reviewed-on: https://code.wireshark.org/review/33146
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wth has been already checked in line 315.
Change-Id: Ib620e0b1e9262e5344feb934b024f7817cfda6fd
Reviewed-on: https://code.wireshark.org/review/33178
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is no FCS length information for a pcapng file; there's FCS length
information for each interface.
Change-Id: I3abb1a35b28475aa3ad6f126060140d0a524bbca
Reviewed-on: https://code.wireshark.org/review/33215
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In handling the capture preferences frame, the preference to not load
interfaces on startup is handled incorrectly. Instead of using the
preference value itself, the validity of the pointer to the preference is
used. This leads to some confusing logic.
Replacing this code with proper preference retrieval.
This was introduced with commit 7a07832712
CID 1439697
Change-Id: I9bf3df413d89f8df55553a7218f34d425eb103de
Reviewed-on: https://code.wireshark.org/review/33187
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When checksum calculations are performed (irrespective of type) the
calculation is assumed to be possible on at least a common header and
optionally a payload. This assumption was not checked, which could
lead to out of bound access of packet buffer data.
Simply adding the assurance that enough buffer data is available avoids
this out of bound access.
CID 1439698
Change-Id: I5fec69b96b1064ffdda11f51b882fe5775844475
Reviewed-on: https://code.wireshark.org/review/33185
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When decrypt_ssl3_record is called with a record length of zero, it will
pass NULL to ssl_data_set because tvb_get_ptr(..., 0) yields NULL. That
triggers a DISSECTOR_ASSERT. Fix this and add expert info while at it.
Bug: 15780
Change-Id: I727b511aa48b6e1aeb20a441d1eb9d3627a74413
Reviewed-on: https://code.wireshark.org/review/33203
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Prior to this change the extcap option dialog destructor was called only
when the main Wireshark window closed.
Besides that, fix the NULL pointer dereference that would happen if
device name was not a valid extcap device.
Change-Id: I84334e3a83c66557d961771f74c39447d30a6875
Reviewed-on: https://code.wireshark.org/review/33197
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bits named according to IEEE 802.11-2016, p.836, Figure 9-192
Change-Id: I4e0a6c90796d80ebbdc31c32a3ea2d9da4db8885
Reviewed-on: https://code.wireshark.org/review/33193
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default chk callbacks for individual fields only catches basic
errors such as invalid, too large numbers. Many dissectors perform
additional validation in the update_cb which is invoked for a record as
a whole. If this check fails, then the UAT must not be marked as valid
or else invalid records (like NULL pointers) could be exposed.
Thanks to Uli Heilmeier for noticing this.
Bug: 15709
Change-Id: I1cc4c6925322011a561ad6df840fbac67796e5b2
Fixes: v2.3.0rc0-1002-g1cd22559a8 ("Qt: convert UatDialog to model/view pattern, improve UX")
Reviewed-on: https://code.wireshark.org/review/33157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check the return value of fscanf() instead of relying on feof(). This
should help ensure that we exit correctly.
Bug: 15777
Change-Id: I8b5985f6015cb6a85378db5135b29bb2c3de1e90
Reviewed-on: https://code.wireshark.org/review/33196
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For type B cards, the PCD assigns a card identifier (CID)
in the attrib message it sends to the card. The card sends
the assigned CID back in its response.
We already dissect the CID in the response. Dissect it in the
attrib message as well.
Change-Id: Ic0bd200f0e40496d8fe3121aa9ad601a269de36c
Reviewed-on: https://code.wireshark.org/review/33183
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Ber choice called with a non FT_UINT hf variable. Work around by
duplicating ASN1 code.
Change-Id: I71b38e25288f222058793110eb43c122c012dcca
Reviewed-on: https://code.wireshark.org/review/33191
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, not every machine on which Wireshark is built, run, and tested is
little-endian. See bugs 15772 and 15754.
Change-Id: Ice1d012e1a788f6a7bb031bdf0e2f01f523a91ec
Reviewed-on: https://code.wireshark.org/review/33192
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert the host-endian session ID passed to seskey_find_sid_key()
before comparing it with the little-endian session IDs in the UAT.
While we're at it, tag session ID fields in various structures with the
byte order.
Bug: 15772
Change-Id: Ib1e7323bad1dfdb1ac24a08998205650f2744097
Reviewed-on: https://code.wireshark.org/review/33188
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Controlled by a preference (off by default).
Change-Id: If2fafb1d0b94faf4e42c3e9bb4bef010f1a9be0b
Reviewed-on: https://code.wireshark.org/review/33056
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Dissect version 1 and 2 of Audio Streaming General Endpoint descriptor.
Ping-Bug: 15503
Change-Id: I2b9dfdc22db0c75a0e736738c2d6ca72e7f8d9af
Reviewed-on: https://code.wireshark.org/review/33172
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is the new standard in recent Elastic versions.
Fix point (3) of the linked bug.
Bug: 15763
Change-Id: I64ef085c2a8ad9d25ced30a337287c8cb77903e4
Reviewed-on: https://code.wireshark.org/review/33112
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Elastic integer fields are:
integer: signed 32 bit
long: signed 64 bit
Fix values in mapping. uint64 is not handled by elastic, but still
mapped on 'long'.
Fix point (2) of the linked bug.
Bug: 15763
Change-Id: I14afa1cb7fcb6ad98d44707a8b506420e29ceb83
Reviewed-on: https://code.wireshark.org/review/33109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Each MIDI Event creates its own protocol tree and thus the generic USB
Audio tree is not needed.
Ping-Bug: 15503
Change-Id: I83ab01e340fce72e8ab824a2ee77ae37c033daae
Reviewed-on: https://code.wireshark.org/review/33160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is especially useful when there are multiple USB Midi Events in frame.
Ping-Bug: 15503
Change-Id: I92ab73d5ff33f5a227f4433ba22792ca791e38e7
Reviewed-on: https://code.wireshark.org/review/33159
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extend audio conversation info to include the major version of USB MIDI.
The major version in Audio Control header can be different than the
major version in MIDI Streaming header.
Ping-Bug: 15503
Change-Id: I7ef7c15b4fcab21cfaf380f46085a1a3a13021b5
Reviewed-on: https://code.wireshark.org/review/33168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prior to this change the MIDI Streaming descriptors were labeled as
UNKNOWN DESCRIPTOR.
Actual contents of MIDI Streaming descriptors are not dissected yet.
Ping-Bug: 15503
Change-Id: Ie55431bd89a09770ed832d7d0838eb8c2268d531
Reviewed-on: https://code.wireshark.org/review/33161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Internal support of libspeexdsp has been removed in favour of system
one in g186f985793. Add it to the list of optional debian packages.
Change-Id: Ie15c367c2a113349614351da8bbcc26ef6353028
Reviewed-on: https://code.wireshark.org/review/33180
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Have separate expert info items for the PDU length field being too
short, the PDU length field being too long, a CLV being too short, and a
CLV being too long.
Do the PDU length checks when we add the PDU length field, and add the
expert infos to the length item; remember the results of the checks for
future use.
Use DISSECTOR_ASSERT for the tests in osi_check_and_get_checksum() that
make sure the checksum field is contained within the data to be
checksummed, so that's reported as a dissector bug to the user.
That means that osi_check_and_get_checksum() only returns FALSE if we
don't have all the data available to checksum; that already gets
reported as an indication that the checksum is unverified, so we don't
need to put confusing and misleading expert infos about the PDU
length - whatever PDU length errors need to be reported have already
been reported, as per the above.
Make expert info names more consistent, and fix one expert info variable
name.
Make the length argument to isis_dissect_clvs() unsigned.
Clean up white space.
Change-Id: I0ce799c766dc427602d155c5b48099df8bf51c67
Reviewed-on: https://code.wireshark.org/review/33179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris