When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* remove _U_ unused attribute for used args
* no need for gcry_err_code() for success
Change-Id: I4c629657328506255da066671b69a98d0f088a3b
Reviewed-on: https://code.wireshark.org/review/31729
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change aligns this field with the image size and data size fields,
which are also shown as decimal.
Change-Id: I0e34a2742ae3d18c7b2501e895406f4b416a9ca6
Reviewed-on: https://code.wireshark.org/review/31717
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
HAVE_LIBXML2 can be set while PARSE_XDD is unset, resulting in missing
functions and linker errors.
Bug: 15419
Change-Id: I0aa20a80080d159bfb6eebccc503b66cc148f7f8
Reviewed-on: https://code.wireshark.org/review/31715
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Addresses a -Wmissing-variable-declarations warning from Clang.
Change-Id: I04de4b2017a61f9e605892338426b1a49042671f
Fixes: v2.3.0rc0-1774-g8efb7fece1 ("Adjust proto_tree_add_xxx_format_value calls to use unit string")
Reviewed-on: https://code.wireshark.org/review/31721
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added Common function to convert 256-bit Port Select Mask into a range
string (e.g. "1-3,5-8,10").
Used wmem_strbuf API to allocate range string.
Change-Id: I70d737d1a33e84c7961eaf0bf83a1bc0689380a1
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28506
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the PDU types needed for SA
were missing in earlier RRC versions.
Change-Id: Ida3b091fe91961cf3cd8e7476692d2467211b5fd
Reviewed-on: https://code.wireshark.org/review/31703
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The string value is stored in the conversation, so use file-scoped
memory instead of g_strdup. Convert to union to save space.
Bug: 15440
Change-Id: Ie2dabfc67ac1db1cc8f864601b8395dcdec7caf8
Fixes: v2.9.0rc0-2719-g8bd0616621 ("SDP: Show callid from all call legs with the same RTP cpnversation.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11845
Reviewed-on: https://code.wireshark.org/review/31704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN:
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x564bccf83549 in malloc (run/tshark+0x1b0549)
#1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13
#2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11
#3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16
#4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15
#5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16
#6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12
#7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27
Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893
Reviewed-on: https://code.wireshark.org/review/31702
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Add more Motion attributes
2. Pull out some copy-paste code into functions
3. Add some units to existing data
Change-Id: I82f112e2f8595eb904076ee758b2e7e034354243
Reviewed-on: https://code.wireshark.org/review/31680
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TS 32.298 reference TS 29.274 for decoding of CSGId,
which describes the CSGId as a unsigned int.
Change-Id: I79e7ae2ac2e997ba64e10a7351a04b421da1fc86
Reviewed-on: https://code.wireshark.org/review/31692
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the ZCL cluster id is in the range 0xFC00 .. 0xFFFF the cluster is a manufacturer specific cluster.
The information shown was 'Unknown' and should be 'Manufacturer Specific'.
Change-Id: Id3ae90aea65c6049c38df2029871fdcfc41ce565
Reviewed-on: https://code.wireshark.org/review/31668
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename ACK Block to ACK Range, merge the ACK(0x03) frame with the
ACK(0x02) frame by special casing the ECN Blocks addition. Update field
names and descriptions to match the current spec.
Bug: 13881
Change-Id: I9fb9d1f19d82bbd8323396627b773fd548a12a4c
Reviewed-on: https://code.wireshark.org/review/31688
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the flag descriptors for options inside a set_with_meta and
del_with_meta message, whilst also adding a new flag, IS_EXPIRATION,
for only del_with_meta.
Change-Id: I2f97c5aecb618e90783a39ce026ae0feba110dfd
Reviewed-on: https://code.wireshark.org/review/31675
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'Src port' (mint.header.srcport) has a conflicting entry in its value_string: 133 is at indices 63 (trouble/dgram) and 64 (trouble/stream)
Change-Id: Ic0033e2fad7cc8338aafec6f4a32df0fbe4c3d9d
Reviewed-on: https://code.wireshark.org/review/31630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* implement preauth hashing
keep hash state in conversation object
- preauth_hash_con for connection hash state
- preauth_hash_ses for session preauth hash state
- preauth_hash_current points to either one of the above depending
on where we are in the connection state
- store final session preauth hash in session object
store per-packet hash in the saved packet data
object (smb2_saved_info_t) and display it as generated field.
since request and responses share the same pointer, make a hash buffer
for each (preauth_hash_req, preauth_hash_res).
* implement 3.1.1 key derivation
use session preauth hash to generate the keys
* sample
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3.1.1_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:690000ac1c280000,b25a135fc3dc14269f20d7cbc8716b6b -r smb311-aes-128-ccm-filt.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option merged in Linux 4.13 kernel.
Change-Id: Iee41ef9e2dd93795a0c7953fdd1f5256fe477dd2
Reviewed-on: https://code.wireshark.org/review/31659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* factor out duplicated code to lookup and create sessions
* we now create (potentially dummy) session object all the time, no
need for null checks.
* stash session key in session object in preparation of SMB3.1.1
decryption
Change-Id: I5499c6363abc1356fd35f22b1b8bc363dd5ec347
Reviewed-on: https://code.wireshark.org/review/31658
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
in preparation for SMB3.1.1 decryption we need to know the dialect
when generating the keys.
Change-Id: I68a75bfe6f85b1941a201f8f261de16dbba3dc37
Reviewed-on: https://code.wireshark.org/review/31657
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
factor out duplicated code in decrypted and plain packet to display
generated session informations.
Change-Id: Id6d1d862da753cb5dc4111ec61d1c55c6f6fd760
Reviewed-on: https://code.wireshark.org/review/31656
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Change-Id: I37a0cd4bb6ee419873ab05a131279c36c68a8c13
Reviewed-on: https://code.wireshark.org/review/31653
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This results in shorter filters. Some filters (such as quic.stream)
already omitted "frame_type". Done with an automated search and replace.
Change-Id: Iad8710b3b66487e5f744e10cde3561d34f20fe99
Reviewed-on: https://code.wireshark.org/review/31648
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Anders Broman