Change
case DATA_FRAME:
if (condition) {
do stuff;
break;
}
do other stuff;
break;
to
case DATA_FRAME:
if (condition) {
do stuff;
} else {
do other stuff;
}
break;
to make it clearer that it's "do this if condition is true, else do
that".
(cherry picked from commit 258fb14821)
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
(cherry picked from commit 5e45f770fd)
Fix dissecting of packets received on LE Coded PHY. These packets
will include the extra field "coding indicator" after the access
address.
The assignment of phy in the common bluetooth context was missing,
leading to this field being left out and the offset being wrong.
(cherry picked from commit c586f71a5c)
The pointer isn't incremented in get_ts_23_038_7bits_string_unpacked
so it just decodes the first octet length times.
(cherry picked from commit 5df3f5d05d)
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
(cherry picked from commit 33e63d19e5)
According to TS 44.060, figure 10.3a.2.1, note 2, the TLLI is
encoded in little endian for EGPRS (while big endian is used in GPRS).
(cherry picked from commit dfa8a3fe5a)
STUN heuristic over TCP (added in 770872790d) doesn't handle multiple
STUN messages in the same TCP payload.
While at it, added a comment (forgotten in 354bbbe7cb) about different
TURN channel support among STUN versions
(cherry picked from commit 905f304d54)
The previous handling of LI=0 was a confusion with the LI=0 meaning from
EGPRS (see TS 44.060 B.8.2 Example 2) data block.
(cherry picked from commit 9d5de22a88)
Change PT_DECIMALLIT, PT_OCTALLIT and PT_HEXLIT tokens to uint64
type, and make PT_IDENT excluding '-' numbers which will be parsed
in protobuf_lang.y. That negative enum number and number type of
constant can be correctly parsed.
Note, intLit is uint32 for parsing fieldNumber and enumNumber,
but might be uint64 as constant.
close#16988
(cherry picked from commit 1fff3cb106)
You can't use packet scope if you're not dissecting a packet;
read_IOR_strings_from_file() is called from giop_init(), which is called
when a file is opened, not when dissecting a packet.
Use NULL as the scope, which just does a regular allocation, and free
the buffer when we're done.
Expand a comment to indicate that using dissection routines is *also* a
bad idea in code that's not used when dissecting packets.
Fixes#16984.
(cherry picked from commit 2c2ee172eb)
This patch makes the parsing of length fields consistent by moving them
below their parent element and adjusting the length of the parent
element. And it fixes some problems by doing this.
Problems fixed by this:
- Bytes skipped after dynamic length arrays. This resolves#16951
- A byte was ignored before unparsed payload.
- Unions not marking the correct byte range.
- String having the length field twice.
Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
(cherry picked from commit 9ac8dcb3a1)
Check if padding flag is set and alter length accordingly.
Display rtcp.xr.bl the same way as rtcp.length.
Fixes: wireshark/wireshark#16933
(cherry picked from commit e07bb433b2)
Refer to USB Device Class Definition for Video Devices
document revision 1.5.
* bmFramingInfo is 1 byte
* Cut & Paste error for bMaxVersion label
Change-Id: Ib1221886f864a6ab9dbab70a8e5fca6482bf4267
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
(cherry picked from commit b6222766cc)
Also, take a chance to correct the comment: section 6.11.0 does
not exit in 3GPP TS 44.018. In version 15.4.0 Release 15 of
the referenced document it is 10.5.2.31 (table 10.5.2.31.1).
(cherry picked from commit 732591237b)
Corretly decode MNC if it consists of 3 digits
Change to what is called big endinan MNC
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| Filler | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 2 | MNC digit 1 | octet x+2
+---------------+---------------+
MNC of length 3:
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| MNC digit 1 | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 3 | MNC digit 2 | octet x+2
+---------------+---------------+
From 3GPP TS 29.171
7.4.27 PLMN Identity
- digits 0 to 9, encoded 0000 to 1001,
- 1111 used as filler digit, two digits per octet,
- bits 4 to 1 of octet n encoding digit 2n-1
- bits 8 to 5 of octet n encoding digit 2n
The Selected PLMN identity consists of 3 digits from MCC followed by either
- a filler digit plus 2 digits from MNC (in case of 2 digit MNC) or
- 3 digits from MNC (in case of a 3 digit MNC).
(cherry picked from commit 156f9e81fc)
Don't try to dissect bytes as string and show its value item if the
bytes field has a subdissector. And add field subdissector under field
item instead of value item.
close#16956
(cherry picked from commit 1c5d577d63)
Creating protocols with unknown length must be created to the end of the TVB
first and reined back using proto_set_len() once the length becomes known.
Not doing so can make indentification of problems harder and prevents analysis
engines like MATE from properly processing the generated protocol trees.
With this change the remaining offending dissectors are corrected for this.
Closes#16961
(cherry picked from commit 918db88055)
Systemd journal entries aren't file-type-specific; they're found in both
systemd journal entry blocks in pcapng files and in systemd journal
export files. Give it a record type, for use with both file types.
This fixes#16955.
It also means that you can open a systemd journal export file and save
it as a pcapng file.
(cherry picked from commit 889e0d5cb6)
The AT response may not contain a leading \r\n, so avoid checking
for this to determine if it's a response. This characters will be
removed as a part of white space removal anyway.
(cherry picked from commit 5413331ed3)