Since g2a80fe283c (2005-10-06!) length initialization was moved, and
the message length is no more correct (previously tvb_length_remaining()
was called with offset equal to 0, which is no more the case after the
change).
Bug: 14410
Change-Id: I2f00be83fa17ad7344d0d75f4a899f169d7a622b
Reviewed-on: https://code.wireshark.org/review/25735
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
These were initially coded incorrectly. The problem was found by
George Baltatanu and a fix supplied by him.
Change-Id: I1de86ca7c5428efbcdd0fb39244a1cafbbcd32ab
Reviewed-on: https://code.wireshark.org/review/25724
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp
set lengths at different levels of the packet. In some cases, this would
cause a malformed packet when the data length was zero. This fixes the
malformed error by explicitly setting the length, instead of using -1.
The length of the service data set is not the data paylod for both
cases. Previously, for requests, it attempted to highlight the whole CIP
layer, but this was already covered by the full CIP protocol layer
length.
Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c
Reviewed-on: https://code.wireshark.org/review/25672
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Add Decode Options for 4 Safety I/O types. Previously, you could only decode as "CIP Safety", which only showed as a generic data block (because all important things for parsing are in the FwdOpen).
2. Change some timestamp display formatting to match other related timestamp fields (now all Dec)
3. Don't create connections for Null Forward Opens.
Change-Id: Ia1031b3887739a864a453b9e566ebe6f29fa5b8b
Reviewed-on: https://code.wireshark.org/review/25664
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
They were used by the now-removed draft-07 support.
Change-Id: I4762d2a6bb81e231010f1fd4b2b51278bb3c4329
Reviewed-on: https://code.wireshark.org/review/25695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
of Quick UDP Internet Connection
Change-Id: Ibe18191fca6495d817f6bc10ec4b5df552548396
Reviewed-on: https://code.wireshark.org/review/25690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting an if_tsresol option in an IDB, calculate the resolution
from the base and the offset. If the result overflows, mark it as an
overflow; otherwise, mark it with the units for more values than 1
microsecond. Store the calculated resolution, which we initialize to
the default of 1 microsecond.
When displaying time stamps in blocks, use the calculated resolution,
rather than re-calculating it. If it's 0, it means the resolution is
too high, so don't calculate it and end up dividing by zero.
Bug: 14402
Change-Id: Idc34ededb4f7250b3604b14d4468c32f6592793f
Reviewed-on: https://code.wireshark.org/review/25673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not check reported length but captured length, otherwise it can
can trigger an exception when trying to fetch at offset 4.
Once the (very basic heuristic) is verified, cann the right dissection
function.
Bug: 14399
Change-Id: Ie09d80e04f2501c940693a2ea9ecbd2f84d1e22f
Reviewed-on: https://code.wireshark.org/review/25666
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The main benefit of this feature is that it enables users to see the
succession of HTTP requests that led to a specific request.
A sample PCAP is available here:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16085
Change-Id: I7c521315b848fbce659fdc01e43f261d804a3a48
Reviewed-on: https://code.wireshark.org/review/25319
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They changed when the spec was updated. This seems to be the last change
needed here.
Change-Id: Id47c1de5b5890bffa0842c33ae02033ddf6c8325
Reviewed-on: https://code.wireshark.org/review/25656
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fragmented FCP may not be called on the first pass, so add a NULL
check for proto_data that may not be there.
Bug: 14374
Change-Id: Icbbee8f0eb3a33655323283dbb5a01c350d784dc
Reviewed-on: https://code.wireshark.org/review/25649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Sgement -> Segment
Change-Id: Ibf4aa2db14fd87c854a65da0de979ad4772243d8
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-on: https://code.wireshark.org/review/25648
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will be restored after the 2.5.0 release is complete.
This reverts commit 61cc769169.
Change-Id: I0b7d2435fe010070aaced5f395c75a1cd65b3f83
Reviewed-on: https://code.wireshark.org/review/25645
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sgement -> Segment
Change-Id: I275495fafdf76308ca36083256d6fcd2bed35203
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pinfo->pkt_encap is jsut a copy of pinfo->phdr->pkt_encap; no need for
the copy.
Expand a comment while we're at it.
Change-Id: I5fcfe694ecba42507f1d629d01440da0a0989501
Reviewed-on: https://code.wireshark.org/review/25643
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the address type of the link-layer source address, rather than the
encapsulation of the outermost packet layer, to determine the type of
the physical client address in a Dead Station frame. That should, for
example, handle cases where the actual Ethernet packets are being
carried within packets on some non-Ethernet network, or where the
packets aren't Ethernet packets but are packets on some other network
using MAC-48 addresses.
Change-Id: Ibd2e2322b03e81aa52c71b080f3c91d2f83fc3b4
Reviewed-on: https://code.wireshark.org/review/25642
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That obviates the need to check pinfo->pkt_encap.
Change-Id: I038e065932282ce9d3362fbc9ba6ea653a63f399
Reviewed-on: https://code.wireshark.org/review/25627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Let's add an expert info, and set offset to the end of the current tvb.
Bug: 14379
Change-Id: Iaccf862c451eef58aaed11b26fceebf26bc2c818
Reviewed-on: https://code.wireshark.org/review/25619
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fixed an offset error for mqmo in gmo
Added value in comment when defining val_str
Change-Id: Ie29f65f96d2ffb96c0cc0623346432f1f8380168
Reviewed-on: https://code.wireshark.org/review/25604
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add support for collection commands
* SET/GET manifest
* DCP changes (mutation/deletion/system_event)
Add support for DCP delete_time, a new format for DCP deletion
Change-Id: Iec2000a40da37dcb1edf665a157dc7ab30d4c9d0
Reviewed-on: https://code.wireshark.org/review/25612
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining
Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.
Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134== by 0xA94E405: g_malloc (gmem.c:97)
==15134== by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134== by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134== by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134== by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)
Found by oss-fuzz.
Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
See Volume 9, version 1.2, sections "6-2.7.1.1" and "7-1.1"
1. Pass Connection Point from FwdOpen to Motion dissector, since that is now needed to parse I/O payload.
2. Move Run/Idle Header function to CIP dissector, since it's a CIP feature, not ENIP.
3. Add a protocol so that Format Revision 3 can be dissected without the Forward Open in the capture.
4. Minor: Highlight more bytes in some EPATH parsing.
5. Minor: Renaming some things to match spec wording.
Change-Id: I93626a6492be2675206d38c04fa1c7ce534c04ca
Reviewed-on: https://code.wireshark.org/review/25570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Valgrind report:
==642== 14 bytes in 1 blocks are definitely lost in loss record 5,705 of 49,814
==642== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==642== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==642== by 0x6D523F4: dissect_object_mapping (packet-epl.c:4216)
==642== by 0x6D56394: dissect_epl_sdo_command (packet-epl.c:3862)
==642== by 0x6D56394: dissect_epl_asnd_sdo (packet-epl.c:3572)
==642== by 0x6D59BC5: dissect_epl_asnd (packet-epl.c:3053)
==642== by 0x6D59BC5: dissect_eplpdu.part.21 (packet-epl.c:2627)
Found by oss-fuzz/5907.
Change-Id: I6f4d2cea761581260af396c848ab1fded5641b44
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5907
Reviewed-on: https://code.wireshark.org/review/25573
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Added support for IMS, TM, TMC2 Struct
Improve display some Flags in ID Struct
Fix display for FCNO Struct
Fix error in get_mq_pdu_len
Code reformat (VS2017)
Moved DEFINE to header file
More struct display fixed
Fix for IMS Msg len display
Change-Id: I80bfd25a5079598fc44124dc2c7b850640a38b00
Reviewed-on: https://code.wireshark.org/review/25295
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in the #if 0ed out comments, It's not valid for a
soupbintcp subdissector to call conversation_set_dissector(), so
it shouldn't call try_conversation_dissector. Just remove the
call entirely so it doesn't look like the removal is temporary.
Change-Id: I68d9b72360b52002692c369d7b202a8a215c0a96
Reviewed-on: https://code.wireshark.org/review/25555
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>