This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This also fixes a couple of applications that weren't properly terminated
(as a result of some of my recent changes).
Change-Id: I9662017a81c63aceeb950d3b29cb17dde16d4f0c
Reviewed-on: https://code.wireshark.org/review/8335
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66e4e4735a16de5e50f86e29c34202e6668cd44e
Reviewed-on: https://code.wireshark.org/review/8329
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also did some refactoring of existing code to make it more readable for the various existing function code types.
** Commit amendment to not use depreciated tvb_length() function.
Change-Id: Ia4c9f3514968c2a7bebc404ca9185cf8d814dfca
Reviewed-on: https://code.wireshark.org/review/8301
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some other minor cleanup.
Change-Id: I267fe1512e57ce15f9e6be83ac1b55e6e897e7a1
Reviewed-on: https://code.wireshark.org/review/8322
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Specifically we put Experimental-Result-Codes specified by 3GPP in the XML file
and let other vendors' codes be handled through a dissector table.
Change-Id: I2c3977fb959ad84faa5cb90aeb3d191c8b465ede
Reviewed-on: https://code.wireshark.org/review/8319
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: Ia8eca42bae42fb139bfc63232c6d9bf05811ad39
Reviewed-on: https://code.wireshark.org/review/8280
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-thrift.c:99: warning: declaration of 'tvb_captured_length' shadows a global declaration
packet-thrift.c:114: warning: declaration of 'tvb_captured_length' shadows a global declaration
packet-thrift.c:138: warning: declaration of 'tvb_captured_length' shadows a global declaration
packet-thrift.c:166: warning: declaration of 'tvb_captured_length' shadows a global declaration
Change-Id: I0ce4fc0bf6470f1b3a89de599346c1efe8bb93cf
Reviewed-on: https://code.wireshark.org/review/8308
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Need to have packet-gias.c in the DIRTY_CORBA_IDL_DISSECTOR_SRC grouping to work around the warnings still generated.
Change-Id: I08ea1f7d90577cc112b85e7fc00171827f58d6d2
Reviewed-on: https://code.wireshark.org/review/8266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Unfortunately it prevents compilation with GCC. I'll just use "cmake -DDISABLE_WERROR=ON" on the affected machine for now.
This reverts commit cdaad86072.
Change-Id: I54c0e7882e42dd39b81c90c761e4aaec6d757bd1
Reviewed-on: https://code.wireshark.org/review/8297
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I40b1ff8ffca3c0e1cafb79af4ed5df26eda7182b
Reviewed-on: https://code.wireshark.org/review/8212
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The fix for GCC 5's -Wlogical-not-parentheses d7b2327 triggers
-Wparentheses-equality in clang. Try to work around the issue with
diagnostic suppression.
Change-Id: I5eea1d3e76f6d2aa14a2595cd4455dcd2818f6a1
Reviewed-on: https://code.wireshark.org/review/8295
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wrap long lines, remove a trailing space
Change-Id: Ie9cd268ffbc6d021a3f90f3644dc8665daa8e5ca
Reviewed-on: https://code.wireshark.org/review/8292
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Also, set decoded to TRUE after we return from a dissector; that makes
it a bit clearer when we're setting it.
Change-Id: Ief3e999c72954e08d4608b15b49921da294807c1
Reviewed-on: https://code.wireshark.org/review/8284
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds limited support for heuristic subdissectors with IPv6.
The initial motivation is STT but it should transparently work
for other protocols using IP heuristic dissectors in a manner
similar to the non-heuristic dissectors.
The limitation is in regards to IPv6 extension headers. IPv6 has
multiple checks against the next protocol table when determining
when the protocol is an unknown extension header or not. This
assumes that the check is cheap and has no side effects, neither
of which is true for heuristic dissectors. As a compromise, this
assumes that the next protocol is registered as protocol, even
if is not the one that is ultimately dissected. Although not
strictly correct, in practice this is true for existing protocols
and likely future ones because the heuristic dissectors are
overriding non-heuristic ones.
Change-Id: Iff8cfc148ced5ca16191cc2b1879ad87e38d23cd
Reviewed-on: https://code.wireshark.org/review/8197
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I727132effdb17138c35b0f3282f2f7b3dddb05b4
Reviewed-on: https://code.wireshark.org/review/8278
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check the captured length as well as the reported length, as is done in
other checksumming code paths.
Change-Id: I55371d99a28ffd1325e7266037cced580077d80b
Reviewed-on: https://code.wireshark.org/review/8272
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't bother doing the checksum, as we don't know how much to checksum;
don't assume setting pim_length to 0 will force it not to be
checksummed, as it doesn't; and don't test twice for a version != 2.
Change-Id: I1c2ed3ecf1572aef6c5af140c410f9cdd0e9c3a6
Reviewed-on: https://code.wireshark.org/review/8271
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just reuse the result we got from an earlier call.
Change-Id: Icb4617d731d9e3f152ce762f56a1c32567cbde4a
Reviewed-on: https://code.wireshark.org/review/8270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update a URL, and tell The Story About PIM, or, at least, about various
drafts floating around. I guess it took a while for the protocol to
settle down, and a number of things changed significantly between early
drafts and RFC 2117, including whether the protocol runs atop IGMP or
directly atop IP.
There doesn't appear to be *any* draft that corresponds to what
dissect_pimv1() dissects; all have significant differences.
Change-Id: Ia9c80cc384546b0a822a59fef01c1476f95ad8a6
Reviewed-on: https://code.wireshark.org/review/8269
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 3ca9318d82.
Mac OS X buildbot are not happy
packet-gias.c:356: warning: 'hf_UCO_InvalidInputParameter_details' defined but not used
packet-gias.c:359: warning: 'hf_UCO_ProcessingFault_details' defined but not used
packet-gias.c:360: warning: 'hf_UCO_SystemFault_details' defined but not used
packet-gias.c:5275: warning: 'decode_UCO_Ratio_st' defined but not used
packet-gias.c:5303: warning: 'decode_UCO_DirectAccessLocation_st' defined but not used
packet-gias.c:5588: warning: 'decode_UCO_Coordinate3d_st' defined but not used
packet-gias.c:5612: warning: 'decode_UCO_Circle_st' defined but not used
packet-gias.c:5625: warning: 'decode_UCO_Ellipse_st' defined but not used
packet-gias.c:5656: warning: 'decode_UCO_SimpleGSImage_st' defined but not used
packet-gias.c:5671: warning: 'decode_UCO_SimpleCImage_st' defined but not used
packet-gias.c:5694: warning: 'decode_UCO_CompressedImage_st' defined but not used
packet-gias.c:5836: warning: 'decode_GIAS_ImageSpec_st' defined but not used
Change-Id: Iee076c00eb4e48571a99f6b854b7e3e52983c2f8
Reviewed-on: https://code.wireshark.org/review/8265
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I11beada78d2f2b4359d3638cdbcb6f43623fd10c
Reviewed-on: https://code.wireshark.org/review/8262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Should fix the following runtime error reported by Joerg:
../../asn1/c1222/packet-c1222-template.c:1427:3: runtime error: null pointer passed as argument 1, which is declared to never be null
../../asn1/c1222/packet-c1222-template.c:1427:3: runtime error: null pointer passed as argument 2, which is declared to never be null
Change-Id: I2f952815ed81e47b504e6479835a357b7656828e
Reviewed-on: https://code.wireshark.org/review/8251
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Make some other left-hand operands of <<, and some variables holding
results from shifts of that sort, unsigned, while we're at it.
Change-Id: Ie72a9d0d518f59b35948267d10c80735d162e8bb
Reviewed-on: https://code.wireshark.org/review/8264
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Iab2559c2bac5550987c108c6e917506fcec525e9
Reviewed-on: https://code.wireshark.org/review/8221
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
This fixes the *other* generator for the X11 header files; we manually
fix the file in question, because life's too short to spend very much of
it trying to debug Perl issues that cause a
Can't use string ("1") as a HASH ref while "strict refs" in use at
../../tools/process-x11-xcb.pl line 675.
at ../../tools/process-x11-xcb.pl line 1859
at ../../tools/process-x11-xcb.pl line 1859
failure.
Change-Id: I3dd46025b2ae461e63034b36ab11cdbc9380b696
Reviewed-on: https://code.wireshark.org/review/8263
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
This fixes the generator for the X11 header files; we manually fix the
header file in question, because life's too short to spend very much of
it trying to debug Perl issues that cause a
Can't use string ("1") as a HASH ref while "strict refs" in use at
../../tools/process-x11-xcb.pl line 675.
at ../../tools/process-x11-xcb.pl line 1859
at ../../tools/process-x11-xcb.pl line 1859
failure.
Change-Id: Ia903e9dacad49021bc0dfe129b9393ad426de9eb
Reviewed-on: https://code.wireshark.org/review/8261
Reviewed-by: Guy Harris <guy@alum.mit.edu>
NDEBUG is undefined. Protect rv and its use accordingly.
Change-Id: Iadbc55f74ccb797d7e812090140e636713658aa7
Reviewed-on: https://code.wireshark.org/review/8260
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
This reverts commit 39a31c3205.
rv is used in an assert, thus breaking debug builds.
Change-Id: Ide9c287a9b6bfe07554a9429d3d216266d63c017
Reviewed-on: https://code.wireshark.org/review/8259
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
/home/jmayer/work/wireshark/git/epan/nghttp2/nghttp2_hd.c: In function ‘hd_inflate_remove_bufs_with_name’:
/home/jmayer/work/wireshark/git/epan/nghttp2/nghttp2_hd.c:1736:10: error: variable ‘rv’ set but not used [-Werror=unused-but-set-variable]
size_t rv;
^
turning error.
Change-Id: Ibd46013ddbdbdf634e7df1eb7dd50c60a1f62e26
Reviewed-on: https://code.wireshark.org/review/8257
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I96114047d402d1bae537cdfeb28a8564b1c94712
Reviewed-on: https://code.wireshark.org/review/8256
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I0d27565c382a04ceda9eec65f45a430ceb74cf53
Reviewed-on: https://code.wireshark.org/review/8255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
