Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I95ad8cb5857794608f0f8db5c2dfd4b16e6578d5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1820
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This moves the keyfile and psk options from the ssl code into ssl-utils
and then uses them also for dtls.
This is the last missing part for bug 9499 from my side.
Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1369
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The dissector only ran through the server hello extensions for the tree
and not in the ssl decryption pass. This resulted in
ssl_dissect_hnd_hello_ext() being always called with ssl == NULL. For
SSL this was also called with ssl != NULL.
Change-Id: I22f7b1089731124b3ca1a2b8515f307c4a021b7f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1370
Reviewed-by: Evan Huus <eapache@gmail.com>
Added an expert info for invalid payload length (heartbleed).
Change-Id: I9e09d1ae2b997091bbce2483c098dba7e6631859
Reviewed-on: https://code.wireshark.org/review/1067
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
it only did the RSA MD5/SHA1 ones.
Change-Id: I7b16c7245dd1646f68479095540a8bef191d5fb2
Reviewed-on: https://code.wireshark.org/review/160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dtls: use generic ssl dissect code for TLS extensions
This makes the DTLS dissector use the now common TLS extensions
dissector from packet-ssl-utils.c instead of its own.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54419
DLTS: add cipher version for OpenSSL pre 0.9.8f
OpenSSL pre 0.9.8f uses the TLS version 0x0100 and is not completely
compatible with DTLS 1.0 or 1.2. One difference is that the encrypted
pre master from TLS 1.0 does not have an own length, which is needed by
TLS and DTLS 1.0, this makes decrypting impossible. This patch makes it
possible for the code to distinguish between this OpenSSL version and
real DTLS 1.0, because they are not using the same code any more. This
is needed to fix the snakeoil-dtls test.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54043
From Hauke Mehrtens
1. dtls: set ssl_set_server() in DTLS dissector so wireshark knows if this is client or server
2. SSL: add decrypt support for CCM and CCM_8 Ciphers per rfc 6655
3. dtls: add psk decrypt support
svn path=/trunk/; revision=53836
Break out Signature Hash Algorithm into hash and signature values
From me:
Cleanup all "saved" trees throughout the dissector as well as removing a few unnecessary NULL tree checks.
Removed most of the tvb_ensure_bytes_exist checks because the line that follows will through an exception anyway if there isn't enough bytes in the tvb.
svn path=/trunk/; revision=51574
DTLS 1.2 adds a supported_signature_algorithms attribute to the CertificateRequest which was not parsed in DTLS.
This code was copied from the ssl code.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8781
svn path=/trunk/; revision=49878
[PATCH 1/8]
Add a subtree for the random DTLS elements. This is what TLS already does, and
it makes more sense than prefixing their display names.
[PATCH 2/8]
Show the actual hex content of the cookie by just using proto_tree_add_item.
The cookie length has its own field, so there's no need to display it twice.
[From me]
Fix an @ in the AUTHORS file
svn path=/trunk/; revision=49172
trying to handle reassembly of packets with *differing* handshake length
values a bit better.
Make coding style a little more consistent.
svn path=/trunk/; revision=48916
was done using textual search+replace, not anything syntax-aware, so presumably
it got most comments as well (except where there were typos).
Use a consistent coding style, and make proper use of the WS_DLL_* defines.
Group the functions appropriately in the header.
I ended up getting rid of most of the explanatory comments since many of them
duplicated what was in the value_string.c file (and were out of sync with the
recent updates I made to those in r48633). Presumably most of the comments
should be in the .h file not the .c file, but there's enough churn ahead that
it's not worth fixing yet.
Part of https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8467
svn path=/trunk/; revision=48634
fields that were captured show up even if the packet was cut short by a
snapshot length. Advance the offset variable as we do so.
Be a little clearer in some comments.
svn path=/trunk/; revision=48537
be done on flows from one address to another; reassembly for protocols
running atop TCP should be done on flows from one TCP endpoint to
another.
We do this by:
adding "reassembly table" as a data structure;
associating hash tables for both in-progress reassemblies and
completed reassemblies with that data structure (currently, not
all reassemblies use the latter; they might keep completed
reassemblies in the first table);
having functions to create and destroy keys in that table;
offering standard routines for doing address-based and
address-and-port-based flow processing, so that dissectors not
needing their own specialized flow processing can just use them.
This fixes some mis-reassemblies of NIS YPSERV YPALL responses (where
the second YPALL response is processed as if it were a continuation of
a previous response between different endpoints, even though said
response is already reassembled), and also allows the DCE RPC-specific
stuff to be moved out of epan/reassembly.c into the DCE RPC dissector.
svn path=/trunk/; revision=48491