This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
As the QString::toLocal8Bit() documentation says,
"On Unix systems this is equivalen to toUtf8(), on Windows the systems
current code page is being used."
This is problematic for the Packet Comments dialog, since the comments
need to be UTF-8 as per the pcapng specification. Use toUtf8() instead
there and in the Import Text dialog.
Remove the toLocal8Bit() calls from the Extcap Options dialog since they
weren'nt needed.
Blind attempt at fixing #18698.
Formerly only the class specific dissectors could be registered for
bulk, control and interrupt endpoints. While this is sufficient for
major classes, there are some classes that only use one or two of
possible class/subclass/protocol triple values. Allow registering
specific triples so appropriate dissector can be automatically selected
based on CONFIGURATION DESCRIPTOR data.
Register DFU Run-Time and DFU Mode triples so user no longer needs to
manually set Decode As for USB DFU.
The expected test output is with the headers decompressed, which
we can't do without Nghttp2. (It outputs the compressed headers
if we don't have it, so we could test for that instead.)
Fix#18707
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
Add support for DTLS Connection ID when using Block Ciphers
with the deprecated extention type (53) from
draft-ietf-tls-dtls-connection-id-07.
Closes#18705
The loopback and unspecified addresses are repeated. Keep
only the "special purpose" field, in accordance with the
IANA registry (and unlike RFC 4291) to remove the redundancy.
Add the "Unique Local Unicast" range to address space field,
also from the IANA registry.
Unique-Local and Link-Local are still repeated in both fields.
Oh well...
Add a safeguard to limit the maximum number of iterations.
Do not allocate a new buffer for every loop iterations in a loop that
depends on the result of the decompression routine.
Either allocate the buffer once or free after use. Defensive programming
is more important than speed in this case.
If the jump misses init it's probably because the variable is
not used. Don't force contortions to avoid this common and
harmless case of "missing init" for an unused variable after
jumping.
UDP port 49999 is not IANA registered, so add some heuristics
to the NXP 802.15.4 sniffer so that it doesn't claim packets
from other protocols that have chosen that ephemeral port.
Don't return 0 after already adding things to the tree; do that
check in the heuristics.
Fix#18695
tvb_uncompress initially allocates an output buffer of twice the
input size. It is typical to have a compression ratio of 2:1 or
5:1, but in the extreme case (lots of all identical bytes), 1030:1
is possible.
When extending the output buffer, instead of always malloc'ing
a new buffer and memcpy'ing the old buffer into it, call realloc,
which at least some (most?) of the time will extend the current
buffer in place instead. This should reduce the time to unzip
from always O(N^2) (where N is the compression ratio) to something
average case more like O(N) or O(N log N), depending on how often
it actually copies the data. It only really affects pathological
cases.
Related to #13779.
This parameter was introduced as a safeguard for bugs
that generate an unbounded string but its utility for
that purpose is doubtful and the way it is being used
creates problems with invalid truncation of UTF-8
strings.
Rename wmem_strbuf_sized_new() with a better name.
GSMTAP has had support for various other ISDN related protocols as
sub-types of the GSMTAP_TYPE_E1T1 type. We've recently started to work
on V5 (ITU-T G.964/G.965) and introduced a new sub-type for this.
Let's add the related dispatch from packet-gsmtap.c to packet-v5ef.c
The ofp_stats struct length field includes the fixed 4 bytes.
If the length is smaller than that, report the length error
and break out. In particular, a value of zero can cause
infinite loops if this isn't done.
There's no point in trying to decompress a message with
length zero, and some of the third party decompression
libraries (e.g. zstd) can give unexpected results that
lead to infinite loops if we do so. A message length zero
is almost surely a file with errors.
Currently the autocompletion engine always suggests a protocol
field completion, even in places where it isn't syntactically
valid.
Fix that by compiling the preamble to the token under the cursor
and checking the returned error. If it is DF_ERROR_UNEXPECTED_END
that indicates a field or literal value was expected. Otherwise
a field replacement is not valid in this position.
Fixes#12811.
Store pointer to first gap to reduce number of full list traversals
needed when linking new fragments. When all captured fragments are in
order, the first gap is effectively pointing to list tail. The best case
scenario, where the list traversals are completely eliminated, happens
every time for protocols that always have the fragments ordered (most
notably USBLL Full-Speed capture containing Bulk OUT transfers with
a lot of retransmissions).
The memory usage is increased by a single pointer and 32-bit contiguous
length counter per fragment head. The additional CPU usage is constant
per insertion, i.e. does not increase with the number of fragments in
the list.
Fixes#17311
display_extension_block is supposed to return the current offset,
not the number of bytes remaining, which can be less than the current
offset and cause an infinite loop. In the case of errors, set
lastheader and return the current offset to break out of loops.
Adds missing NULL-termination in headerfield list in
dissect_dect_mitel_eth_mac_con_ind and removes handover to general data
dissector as this is path is no longer reached due to handling the
different message types within this dissector.
Only dissectors are using this function and there is no use case,
as far as I know, that requires its use. Any limitation of length
is imposed transparently by the UI backend.
This function is problematic because it is not Unicode aware and
will truncate a string on an arbitrary byte boundary for multibyte
strings.
Replace its use with a normal strbuf without a length limite and
remove the function because it is not useful and the ITEM_LABEL_LENGTH
parameter does not belong in wmem anyway.
CitrixAGBasic Authentication has Base64 encoded values. The result of
Base64 decoding is not guaranteed to be valid UTF-8 (or ASCII), so
verify it.
Also add the username and password to the credentials tap.
Fix#18677.
The dynamic hf entries for HTTP2 read from the UAT should be
changed when the UAT is changed or reset, not on each file
load and file close. If a field is added as a column, coloring
rule, or filter, and the capture file is changed, deregistering
the field and reregistering it can cause a crash.
Use the same approach as with HTTP and SIP, slightly modified
because in HTTP2 the header fields hash contains the static
headers as well, to prevent adding duplicate entries via the UAT.
Fix#14768
David Perry
Harald Welte