uninitialized in this function.
Change-Id: I92a344b8ec86fc71b64903c2e6edc74f8ed7a330
Reviewed-on: https://code.wireshark.org/review/2066
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Call the without-Atheros-padding dissector for the payload.
Fixes bug 10139.
Change-Id: I883bf4e58899aa78b07fae63d8c0376a31bda444
Reviewed-on: https://code.wireshark.org/review/2027
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Per MAUSB Spec (1.0), the SetDevAddrReq packet now contains data
in addition to the packet header.
Change-Id: I4d2c6bb2530edf5de33ef69c0e6af0441e197fa4
Reviewed-on: https://code.wireshark.org/review/2014
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Removed a check to see if the Packet is in DWORDs.
I misread section 6.2 of the spec, which states that all _headers_
mausb be DWORD-aligned, not all _packets_.
Change-Id: I11e320e6e2592930024ffa8143e4d8f470de13ba
Reviewed-on: https://code.wireshark.org/review/2013
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Moved code in usb_dissect_common() for getting/creating transfer
info into it's own function.
This is part of an effort to make dissect_usb_common() more modular
so that code can be shared between the USB & the MAUSB dissector.
Change-Id: I70f4f98536a6355e57b33eb01a9b5d8688183635
Reviewed-on: https://code.wireshark.org/review/1993
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
I'm cheating a bit here, hf_media_loc_long & hf_media_loc_lat need a 5byte bitmask, but the bitmask field in hf is restricted to guint32
Change-Id: I7e044fc680bb947973e437fc66057488a8deee67
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/2012
Reviewed-by: Evan Huus <eapache@gmail.com>
Dissection of all setup field types (standard & nonstandard) are
handled in a seperate function. Before, nonstandard dissection was
handled in dissect_usb_common.
This is part of an effort to make dissect_usb_common() more modular
so that code can be shared between the USB & the MAUSB dissector.
Change-Id: I15d7e3691afc29cd569aa5d3770d2aa569630b12
Reviewed-on: https://code.wireshark.org/review/1992
Reviewed-by: Evan Huus <eapache@gmail.com>
Packet info for all MAUSB packets in a single TCP packet is now displayed
in the info column. Before, only info on the last packet was displayed.
See conversation for change Ib20e5e30474d93270dd24e203ab96f64f5cc77ad.
Patch 3 had fencing, I messed up and left it out of patches 4-6. This
patch adds it back in.
Change-Id: I37f0e028a8f9b5a8500700f03ac36f8bf1c4f63c
Reviewed-on: https://code.wireshark.org/review/1958
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added a helper function which handles all the USB-Specific tap data.
This is part of an effort to make dissect_usb_common() more modular
so that code can be shared between the USB & the MAUSB dissector.
Change-Id: If0f0b5542203ddaed28009d8a8a1bb8660fa5d70
Reviewed-on: https://code.wireshark.org/review/1990
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
packet-q931.c:2532:25: warning: Access to field 'message_type' results in a dereference of a null pointer (loaded from variable 'q931_pi')
Change-Id: I7533ff60c541e31efe4522e710f86175c1c0ccf4
Reviewed-on: https://code.wireshark.org/review/1997
Reviewed-by: Evan Huus <eapache@gmail.com>
usb_conv_info->usb_trans_info is set to the same thing regardless
of the branch taken, to pull it out of the condition.
Change-Id: Ieabf0a6e796b942d7bafedbeba18d9e0fa113e17
Reviewed-on: https://code.wireshark.org/review/1991
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Co-ordinate based LCI is untested, as the sample capture does not have this, could not find one anywhere.
Change-Id: Id0b52c234d6a36ee430ab9a7265bcd84f151c80c
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/1929
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Added KCS and TMode protocol dissectors.
Request/response logic has been revised.
Saved request data logic has been revised.
Added Get Message command response dissector.
Added missing PICMG command dissectors.
Added new PICMG command dissectors.
Added new PPS OEM command entries.
Added VITA 46.11 command dissectors.
From: Bill Meier:
- refs to value_strings/range_strings in hf[] entries, by convention, should use VALS/RVALS macros;
- refs to true_false_strings should use TFS(&...) macro.
also: true_false_string definitions should not be defined as arrays.
- remove some unneeded #includes (packet-ipmi.c).
- Do some re-indentation.
- Add editor-modelines as needed.
bug: 10004
Change-Id: Ib269b35784c0b70892d1e0111bcfb483ea64092c
Reviewed-on: https://code.wireshark.org/review/1185
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sip dissector when filtering spends ~5% of Ir in tvb_format_text(),
avoid calling.
Change-Id: I1de8e970b300354c0536aead65178401f140f509
Reviewed-on: https://code.wireshark.org/review/1974
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Standard USB setup responses are now handled by a seperate function.
Before, dissection was handled in the dissect_usb_common().
This is part of an effort to make dissect_usb_common() more modular
so that code can be shared between the USB & the MAUSB dissector.
Change-Id: Ibfbcd915d8cef881a6ae0f0312e5a8070984f465
Reviewed-on: https://code.wireshark.org/review/1968
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Standard USB setup requests are now handled by a seperate function.
Before, dissection was handled in the dissect_usb_common().
This is part of an effort to make dissect_usb_common() more modular
so that code can be shared between the USB & the MAUSB dissector.
Change-Id: I51944c688cc0715887abd4c8e5a7e3639c06821b
Reviewed-on: https://code.wireshark.org/review/1967
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The data that is sent when downloading or uploading from a server is
sent in segments to the client.To clearly display all the segments
belonging together the splitted payload needs to be reassembled.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.4.1.1 Download Protocol and chapter 6.3.2.4.2 Upload
Protocol. The payload of the download/upload is now reassembled.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I17c30f15e75da47bcaba8f1fda1e412849ec268c
Reviewed-on: https://code.wireshark.org/review/1120
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
in that we now properly indicate the checksum and provide the wrapped token to
the LDAP dissector to dissect.
There is still a problem in that the wrong parts of the SASL packet can be
indicated when users click on some parts.
I am committing it for review and because it is much better than the current
code.
Bug:9398
Change-Id: I552fc249db26835b79abfc8793438a95f221663a
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/1905
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Parts of this dissector have TLV design, but the identifier is "hidden" by the field. I left that behavior in and used more proto_tree_add_uint than proto_tree_add_item because of it. But at least the fields themselves are more filterable.
Change-Id: I94f38d0063e32f6f3f682b380e0ce7bd051121c6
Reviewed-on: https://code.wireshark.org/review/1934
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MAUSB dissector now prints the USB address for MAUSB data packets
in the Source & Destination columns. Before, the IP address was
printed.
All MAUSB data packets are now part of USB Conversations. Like the
USB dissector, all data to & from one endpoint are part of the same
conversation.
Issues that need to be resolved:
- In the case where multiple MAUSB packets exist in one TCP packet,
only one USB address can be printed.
- The USB conversations do not appear in the conversations window.
They should appear under the USB conversations tab.
Change-Id: I042daf7889cf70b3bbc450f9ccd974a0f93f4798
Reviewed-on: https://code.wireshark.org/review/1943
Reviewed-by: Evan Huus <eapache@gmail.com>
Added a helper function used to set the address fields for an urb.
The code functions the same as before, but is now more modular.
This change makes it easier for other dissectors to reuse the usb
addressing code (ex: MAUSB).
Change-Id: Idef3156a0fc9a9eda77ec7b2bbf3797b7a59e264
Reviewed-on: https://code.wireshark.org/review/1942
Reviewed-by: Evan Huus <eapache@gmail.com>
Fix warning: cast to pointer from integer of different size
Change-Id: Ieed19204cb3be469c1b12f6ff87168b217a2a33d
Reviewed-on: https://code.wireshark.org/review/1938
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also, cleanup dissector being called only with tree and a few tvb_new_subset calls.
Change-Id: I1dab1b42ef1a27fc85b05d126f51f1582d7e5c58
Reviewed-on: https://code.wireshark.org/review/1932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While it compiles fine, hits an assert in add_string :
failed assertion "hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ || hfinfo->type == FT_STRINGZPAD"
Fix takes care of this issue, but seems like we're losing the bitmask info here, is there a better way to do this ?
Change-Id: I7156d734f4b058113730d5dfbf6498e801c36770
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/1915
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- refs to value_strings in hf[] entries, by convention, should use VALS macro;
- add editor-modelines as needed; Fix some indentation.
Change-Id: Iaa0196bab6de066ed68a2755b69b07fadd33e498
Reviewed-on: https://code.wireshark.org/review/1927
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Add better reference to IANA list of all extensions.
Add newer "channel_id" extension (0x7550) as used by current Chrome versions.
Change-Id: Ia5b2515c557fbaf42d320ede918120f83b2e02dd
Reviewed-on: https://code.wireshark.org/review/1924
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I959729a8834054cf333ec2c47f9d93756eb94066
Reviewed-on: https://code.wireshark.org/review/1922
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I16e6fd4f2d9fb37539cfcb17c0ade1033aea2d6f
Reviewed-on: https://code.wireshark.org/review/1921
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
at first, read only the info required to fetch the conversation struct
Change-Id: I3becbb59bf6a55f07805ca9f3c24f015484fcd13
Reviewed-on: https://code.wireshark.org/review/1920
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
In the EIGRP packet dissector, the dissector routine for the Sequence TLV
dissected the TLV only up to the first address in the list. However, the
Sequence TLV contains a variably sized list of addresses. This patch
modifies the routine so that it processes the entire TLV, not just the
first address in the contained list.
Also, in the dissect_eigrp(), replaced calls to tvb_new_subset() with
the reported length set to -1 with the call to tvb_new_subset_length().
TLVs always carry information about their length. And this time,
correct truly ALL calls in the switch{} section.
Sample packet capture is available in BugZilla.
Bug: 10156
Change-Id: Idaaf182c05bcf799f770f23a2ce2b1e05a3d569a
Reviewed-on: https://code.wireshark.org/review/1911
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I8de7b63ca90803f8fc6333bbe43aeb94459e6363
Reviewed-on: https://code.wireshark.org/review/1918
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I796138bab6d4b75ade047f0706e68f301e4559df
Reviewed-on: https://code.wireshark.org/review/1919
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
While we're at it, get rid of duplicate #defines for some OUIs, sort the
OUI #defines, and fix some routine names.
Change-Id: I8f4e5408b44896c3629a0014299b060ebc15bab6
Reviewed-on: https://code.wireshark.org/review/1906
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Decode the HTTP/2 header block using nghttp2 HPACK decoder
In this patch, We use nghttp2 HPACK decoder to decompress HTTP/2 header
block. To make HPACK decompressor work, we need to track down HTTP/2
connection from the beginning. If we see the HTTP/2 magic (connection
preface), we initialize HPACK decompressor objects. We actually use 2
HPACK decompressor for both client and server. HPACK decompressor
objects are stored in hash tables using TCP stream index as a key.
Most code by: Tatsuhiro Tsujikawa
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Signed-off-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Idb4dd4b0a200924820cb0b34db664cc37518168d
Reviewed-on: https://code.wireshark.org/review/1527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
in the linkage descriptor
Change-Id: I7ebca539076b2b881e82fd6baec5bb223e778a52
Reviewed-on: https://code.wireshark.org/review/1896
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I3381e1c35795ac33331cdddb8cefa8b0a16907cc
Reviewed-on: https://code.wireshark.org/review/1894
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Add a dissector table for the 802.3 "slow protocols" subtype, split the
dissectors for those protocols into separate files, and have them
register in that dissector table.
Remove some unnecessary #includes while we're at it.
Change-Id: Ic36c9c255efdd348055fa4f21fd6cc094f74e378
Reviewed-on: https://code.wireshark.org/review/1891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I27656eacb698f8db7bfbe4f5502658c78b03fc13
Reviewed-on: https://code.wireshark.org/review/1890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ief46b7b53ddecd649e54d3c23a3504c4165c812f
Reviewed-on: https://code.wireshark.org/review/1855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I007ff5215f52f80f25622cab6980128eabd39c5f
Reviewed-on: https://code.wireshark.org/review/1888
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I18c2b7992b237eaaacbec04d504fc293b03558a3
Reviewed-on: https://code.wireshark.org/review/1887
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Icccc07706287df4b6a7481108f9921b939aae2d5
Reviewed-on: https://code.wireshark.org/review/1886
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I19b163913f8f6521a34d94d130e2ae74546a615a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1821
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I95ad8cb5857794608f0f8db5c2dfd4b16e6578d5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1820
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The MN interprets the CMD layer data only if the CN increments
the Send-Sequence-Counter => new data. The MN interprets the
data only once, if the same frame is sent again the MN ignores
the data.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.3.2.3 Error: Duplication of Frame
Frames which duplicate previous sent data are now marked as
duplicated frames.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ef24b52712bfd3c735856b0cd5747c47aeef72a
Reviewed-on: https://code.wireshark.org/review/992
Reviewed-by: Evan Huus <eapache@gmail.com>
Puts a tag in the info column when multiple MAUSB packets are in a
single TCP packet.
Change-Id: Ib20e5e30474d93270dd24e203ab96f64f5cc77ad
Reviewed-on: https://code.wireshark.org/review/1658
Reviewed-by: Sean Onufer Stalley <sean.stalley@intel.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
packet-btavdtp.c: In function 'dissect_bta2dp':
packet-btavdtp.c:2796:36: error: 'sep_data.vendor_codec' may be used uninitialized in this function [-Werror=maybe-uninitialized]
packet-btavdtp.c:2799:12: error: 'sep_data.vendor_id' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Change-Id: I5b9e22e7ec787430ee25d2cd7dbe13f854f9eaa2
Reviewed-on: https://code.wireshark.org/review/1884
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Session should be finished too on HCI Disconnect and Adapter disappear.
Change-Id: I0823872e60ec932fc0831975e54dc33d49fb5dbc
Reviewed-on: https://code.wireshark.org/review/1882
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also add Service informations to Info column and service item.
Change-Id: I0a565df94d7980432c524bd675b291f0e80704e5
Reviewed-on: https://code.wireshark.org/review/1881
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fix warnings and try to inform user about unknown values in
"Decode As".
Also use define instead of magic number for Unknown L2CAP CIDs.
Change-Id: Ie6f26a9e3330b84cef14bbf8861ffbdbdb789225
Reviewed-on: https://code.wireshark.org/review/1880
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Example: if there is Connection Request than field with CID always
is called SCID. If we Sent this packet, it is okay, but if we Receive
it, then it is not SCID for us, but DCID. If we receive
Connection Request (DCID) and than we want to make disconnection,
so we send Disconnection Request with DCID that is SCID in
Connection Request... etc.
I try to clarify this, so rename stored SCID to Local CID
and DCID to Remote CID.
Change-Id: Idde0939a03955d8f4a10d8c9f7c43fd364254460
Reviewed-on: https://code.wireshark.org/review/1879
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
To correctly resolve connections single "ID" value
like L2CAP PSM, is not enough, because next connection may use
the same PSM value. Solution is save frame number of frame that
make disconnection.
Conclusion:
Any session key values should be updated to pair:
{ID_1, disconnect_in_frame}, {ID_2, disconnect_in_frame}...
then we should check if "disconnect_in_frame" is greater then
current frame number, otherwise it is not valid session.
Change-Id: I3d760112b6e53358a93c994f4aae455ac1bf5de6
Reviewed-on: https://code.wireshark.org/review/1878
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The Stream is defined here as media stream that beginning on
AVDTP Start (ResponseAccept).
Also fix recognizing Channel streams by AVDTP according to the
specification that says:
1. First channel is always Signaling.
2. Second may be Media.
3. Third may be Reporting.
4. Fourth may be Recovery.
First and second will be supported right now.
Change-Id: Id6d4dae6be1b9df68382288c2d520b7ed3661237
Reviewed-on: https://code.wireshark.org/review/1053
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Music duration info can be used to detect underflow, what can
decrease music quality.
Change-Id: I8ea06655395d3e66473a09ee72b6833b894aa6e1
Reviewed-on: https://code.wireshark.org/review/1052
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
description
Change-Id: Ice06e257a72f3b4ce1229ff90129628f0e3bbcfb
Reviewed-on: https://code.wireshark.org/review/1873
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
For a number of protocols that encapsulate 802.11 frames inside packets,
whether the frame includes an FCS or not is specified by the protocol,
not by whether the link-layer frame carrying the packets *itself*
includes an FCS. As we've done with Ethernet, add "_withfcs" and
"_withoutfcs" dissectors, which *don't* check the pseudo-header FCS
length indication, and call those, rather than dissectors that check the
pseudo-header length indication, from the dissectors for those protocols.
Change-Id: Ib8c8ecdd872e1782fdfc66e7573415d91911a62e
Reviewed-on: https://code.wireshark.org/review/1866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8e20917ac08e2349caf330ee967d24d7c738bb71
Reviewed-on: https://code.wireshark.org/review/1815
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaddd3c4847e803af855c847212ae822b2529ff06
Reviewed-on: https://code.wireshark.org/review/1860
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
filtering work, fix typos
Change-Id: I7ed989807826d1322dab00d13d998488caaf73ff
Reviewed-on: https://code.wireshark.org/review/1859
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If8d35122ce096f52837bdff1c6599b47456697d5
Reviewed-on: https://code.wireshark.org/review/1858
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8e442dff85ef856672f42e787feb88453eba6f0e
Reviewed-on: https://code.wireshark.org/review/1857
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch will solve the issue in LOOKUP procedure if filename itself will become <EMPTY>.
Change-Id: Ib983ac4f9325db040a6b4eb3fc63179b36103bf4
Reported-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Vikhyat Umrao <vumrao@redhat.com>
Reviewed-on: https://code.wireshark.org/review/1854
Reviewed-by: Michael Mann <mmann78@netscape.net>
as remove redundant stuff from the spnego.cnf file.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: I90a962a39dc4da0f13055c9b3893c26044f1fc97
Reviewed-on: https://code.wireshark.org/review/1809
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifbfca88469a6bc479072c921deba280e667c7087
Reviewed-on: https://code.wireshark.org/review/1804
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also remove the reference to the original ID.
Change-Id: I51357fc04699a40af2d34ec2bd36518d09d3b180
Reviewed-on: https://code.wireshark.org/review/1848
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
Change-Id: Ia69cbe9fea364c735bde956d84a82404b46ec236
Reviewed-on: https://code.wireshark.org/review/1810
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9e37c911865a0e3b13331ec03df05d79749904c5
Reviewed-on: https://code.wireshark.org/review/1811
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie111c4db4afd0702f5a016da1547486631f571d8
Reviewed-on: https://code.wireshark.org/review/1818
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I927a2f32aa0016b5b0c476fa4c16fc1dbe0aebb0
Reviewed-on: https://code.wireshark.org/review/1825
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I034b351d4bc12f6c00a0224a5c5b9f85496657b6
Reviewed-on: https://code.wireshark.org/review/1824
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8464fb8e98e485523127dd95948a717554b6aee4
Reviewed-on: https://code.wireshark.org/review/1823
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I301d0804e097c62cd8bf7b27003918eedab9616a
Reviewed-on: https://code.wireshark.org/review/1816
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: Id3c3082fe91a79e44abbfd4e2b2f1fc7d5c183d4
Reviewed-on: https://code.wireshark.org/review/1814
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ibd4edd30eca969699fea1971e1885299e4d3e552
Reviewed-on: https://code.wireshark.org/review/1813
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Strndup adds +1 for the null-terminator itself, no need to do it in the caller.
This was causing us to go past the end of the buffer when the HTTP header line
didn't have any spaces in it. Caught by Alexis using ASAN.
Bug:10135
Change-Id: Iee1b26da4740b774581ca6ec784ee40f7b920832
Reviewed-on: https://code.wireshark.org/review/1806
Reviewed-by: Evan Huus <eapache@gmail.com>
In Anders profile output[1] is looks like that get_ether_name() is called
four times, twice for src and dst. get_ether_name() takes ~2% of Ir, so
caching result should reduce Ir count by 1%.
Similar thing was already done for UDP and TCP - 5235dc6ca0
[1] http://www.wireshark.org/lists/wireshark-dev/201405/msg00063.html
Change-Id: I9ca582b0522387dbfaad866a48a0934693a2849f
Reviewed-on: https://code.wireshark.org/review/1808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
<rant>
This file is riddled with lots of magical flags causing the code to do
one thing or another, and then in several cases with non-telling variable
names (e.g. is_centrino). My absolute favourite is
dissect_ieee80211_common (tvb, pinfo, tree, FALSE,
pinfo->pseudo_header->ieee_802_11.fcs_len, FALSE, FALSE, FALSE, FALSE);
Is there anyone who is able to understand what the line above does without
looking up the function definition?
</rant>
Change-Id: Id49cc0a2992005c28f66a8558e4b2970b677a360
Reviewed-on: https://code.wireshark.org/review/1805
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Much simpler and should probably fix bug 10121.
Also add modelines.
Bug:10121
Change-Id: Ib92977e734ebe1b8529c7b6b41fbd81eac13b186
Reviewed-on: https://code.wireshark.org/review/1758
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
All caught by cppcheck. The two (semi)-interesting bugs are:
- in asn1/atn-cpdlc/packet-atn-cpdlc-template.c where the break statement should
have been inside the brace, causing potential control-flow weirdness with
exceptions
- in epan/dissectors/packet-ieee80211.c where the bounds check for tag_len did
not match the expert info given
Change-Id: Ie173fb8d917aabb9b4571435d671d6f16e1c7569
Reviewed-on: https://code.wireshark.org/review/1793
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
While we are at it, replace an undefined hf_timeslot_allocation_usf_tn by its hf_usf equivalent
Bug: 10120
Change-Id: I3fe113279c779a9d8143d07489747a67d7351664
Reviewed-on: https://code.wireshark.org/review/1794
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add a dissector for pcap-ng file-type-specific blocks; it creates a
dissector table using the block type as the key, attempts to call the
appropriate dissector using that table, and does a minimal dissection if
that fails.
Change-Id: I67e139f06ba88d40faa5b4ab169e8df08f5bfe7b
Reviewed-on: https://code.wireshark.org/review/1784
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixed valid bit check for MAUSB EPHandleResp packet. the valid bit
is active low (ie: valid = 0, invalid = 1).
I noticed Some other dissectors also defined an tfs_invalid_valid,
so got rid of their local definitions & added it to epan/tfs.c.
Change-Id: Ifd78325f9c7c046224073fc9b29e0cc60dc5c286
Reviewed-on: https://code.wireshark.org/review/1766
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is a "good-enough" fix for now until a more comprehensive fix
is committed to handle the case of the (variable size) PDU
length field being split across TCPO segments.
Change-Id: I57e8f5e9d7a9855fac320e8843b82a273ffb7cc5
Reviewed-on: https://code.wireshark.org/review/1748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
If an mp2t packet contains one full subpacket and the fragment of
another one, it happens that the first subpacket will set src or dst to
an ethernet or IP address. Adding the fragment of the second subpacket
will then use this information for calculating the hash in the fragment
table. However, later fragments in other mp2t packets will not have
these info and reassembly will fail.
Change-Id: Ic52763017cb854851b6686654c2d8a1624305d65
Reviewed-on: https://code.wireshark.org/review/1692
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If085a9fc69bbbf28a7c801930a664c412a4a5b7a
Reviewed-on: https://code.wireshark.org/review/1734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either
1) sizeof(guintN) = N/8, in which case it's redundant
or
2) sizeof(guintN) != N/8, in which case it's wrong.
This also keeps us from having to throw casts at complaints about
shortening 64-bit values.
Change-Id: I33911acfc54c0f3f21b73026a100a82b1ee2c35e
Reviewed-on: https://code.wireshark.org/review/1731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I411b16cdb3bc128cb49218080179c43e13f96e99
Reviewed-on: https://code.wireshark.org/review/1723
Reviewed-by: Michael Mann <mmann78@netscape.net>
According EN300468 in Satellite Delivery Descriptor 'Modulation System' field has 1 bit length. 'Modulation Type' has 2 bits length.
But in my Wireshark 'Modulation System' is 2 bit long and 'Modulation Type' is 1 bit long.
bug: 10119
Change-Id: I762145418bbfc9c0621ee7ca1a07d35afb6d7d92
Reviewed-on: https://code.wireshark.org/review/1718
Reviewed-by: Michael Mann <mmann78@netscape.net>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0e8595ab5cf5385a7fda636a1804b0788f9eb869
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/1707
Reviewed-by: Michael Mann <mmann78@netscape.net>
There was a change in the ELP LCAF packet format between
draft-ietf-lisp-lcaf revisions -03 and -04 reversing the flags and AFI
fields, to be more consistent with other LCAF types.
http://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-lisp-lcaf-04.txt
Change-Id: I2c572050f413696f2d388969e7db24238783bd56
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/1704
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Display reserved using FT_BYTES
* Set option code in option subtree
Change-Id: Ie6cf32ed260ddccceaa9f617f0a74982c95f08f5
Reviewed-on: https://code.wireshark.org/review/1698
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removes _U_ flag for data field in dissect_mausb(),
since tcp_dissect_pdus(), uses the data field.
Change-Id: Iccb5aae1aa203f98484666763410c4a555413ac0
Reviewed-on: https://code.wireshark.org/review/1696
Reviewed-by: Anders Broman <a.broman58@gmail.com>
set, don't do the same conversion for each apdu
Change-Id: I6b19a0b4e138cd9d333b7ab95d6a8ee3eb516293
Reviewed-on: https://code.wireshark.org/review/1694
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
and make it filterable
Change-Id: I0644e5c69ff58301c00ea3d37e80f25b856168e4
Reviewed-on: https://code.wireshark.org/review/1689
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
There are lot of text dissectors which want just to add escaped (not filtrable) text,
add new function proto_tree_add_format_text() which just do this in optimized way.
Change-Id: Ia0e189b620cc0a5b74cfdaef1ad4571d766bb2ab
Reviewed-on: https://code.wireshark.org/review/1678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch adds a new "ip.checksum_calculated" field that can be used
for display in a column.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Ide5eb6640d51ded88b1df309092a0a3aaf482b03
Reviewed-on: https://code.wireshark.org/review/1676
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch adds a new "udp.checksum_calculated" field that can be used
for display in a column or tshark.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Iefcfd8395adeff7a3ac58a1bfff1a3c97976aa56
Reviewed-on: https://code.wireshark.org/review/1675
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9bf53014d90857b7d71efbb09b5ceb708b3df6ca
Reviewed-on: https://code.wireshark.org/review/1683
Reviewed-by: Michael Mann <mmann78@netscape.net>
destination ports.
Change-Id: I490a716b7991d0d7dfcaecd722a267c77af2e776
Reviewed-on: https://code.wireshark.org/review/1682
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed the additional "parseFields" layer as it was unnecessary and IMO ends up creating more work for a developer if they want to add additional filterable fields. That layer also hid the (large) number of unfilterable fields that were in the dissector that would normally be caught by counting the number of proto_tree_add_text function calls.
Change-Id: I6f9607938c2386de40bdd3dae652614f07dda31e
Reviewed-on: https://code.wireshark.org/review/1653
Reviewed-by: Peter Ross <peter.ross@rmit.edu.au>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use wmem_array_append rather than wmem_array_append_one to make sure the pointer
types match up. _append_one automatically takes the address of its argument,
which causes problems if that argument is already a pointer.
Thanks to Alexis for catching this.
Change-Id: Ie702bb2c776f9fcf31bd64073c756edd75d888e8
Reviewed-on: https://code.wireshark.org/review/1657
Reviewed-by: Michael Mann <mmann78@netscape.net>
With this patch, wireshark dissects the Feature-List flags field in Gx message
and displays the name and value of each of Feature bit.
Change-Id: I18af8a133ae7db4da5a126a81521c474d1553719
Reference: 3GPP TS 29.212 V11.7.0, Section 5.4.1.
Reviewed-on: https://code.wireshark.org/review/1652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Introduce a new tvb_ipxnet_to_string() routine to help that.
Change-Id: Icb27f7cdd6e6e7de67e765715e450063d7de6072
Reviewed-on: https://code.wireshark.org/review/1647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While debugging a network issue, I found incorrect TCP checksums. These
are shown in the packet details, but are not available as column. This
patch adds the "tcp.checksum_calculated" field which is only available
if a checksum can be calculated (i.e., checksumming is enabled and the
full segment is available).
The fields are added separately for each checksum case to make it appear
before "Checksum Bad/Good" and to avoid calculating the expected field
value for the "good" cases.
Change-Id: I36af7894d526382ef636c5fa51e74871212b2909
Reviewed-on: https://code.wireshark.org/review/1627
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Additional belated followup to gfe195c0c9 per conversation on -dev about the use
of -1 and when we should throw exceptions. See also g867a1827e7.
Should (in theory) permit reverting gfe195c0c9.
Bug:9999
Bug:10030
Change-Id: I56e5f4e5dc12fe82268243d0b113cfc9ff5fdd17
Reviewed-on: https://code.wireshark.org/review/1603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Add bitmask and fix length for exclusive flag
* Add missing bitmask for stream dependency
* Add fielder with calcultated weight value (weight+1, see spec for more information)
Change-Id: I7a6e97be068a80caa7355f593d9497c431c681ed
Reviewed-on: https://code.wireshark.org/review/1625
Reviewed-by: Anders Broman <a.broman58@gmail.com>